RE: [fw-wiz] PIX question





-----Original Message-----
From: firewall-wizards-admin@xxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-admin@xxxxxxxxxxxxxxxxxx] On Behalf
Of Brian Loe

Question: Why would the inbound ACL on dmz2 prevent it from
sending traffic to the outside interface with a lower
security setting? Does an ACL applied to a dmz interface have
an implied deny all - even for lower security interfaces?

Yes. Only when no ACL is set, an implicit allow any any to lower
security interfaces is used. In the PDM, this shows up as an 'implicit
outbound rule'. When setting an ACL, it's ended with an implicit deny
any any.

Martijn
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: Pix 515 VLAN NAT0 issues
    ... that ACL will be exempt from NAT. ... the packet at the time the PIX receives the packet. ... ACL applied to an inside interface would have the internal IPs as ... accepted as having a translation and satisfying the security policies. ...
    (comp.dcom.sys.cisco)
  • Re: [fw-wiz] PIX question
    ... You have an internet-in ACL on the outside interface. ... NOT talk to anything on the internet - gets denied by dmz2-in ACL. ... traffic to the outside interface with a lower security setting? ...
    (Firewall-Wizards)
  • Re: Minimum NTFS Permissions on the SystemDrive
    ... File system and registry access control list modifications ... Microsoft Windows XP and Microsoft Windows Server 2003 have considerably ... You can no longer use the Anonymous security ... Additional ACL changes may invalidate all or most of the application ...
    (microsoft.public.windows.server.security)
  • Re: Interface function and TPersistent
    ... that all these different applications are running - they will still be ... controlling such things as login and security. ... actually open a form of the required class and what they can do within it ... create an interface for each and every one and pass this through and have ...
    (alt.comp.lang.borland-delphi)
  • Re: Migrationn from Exch 5.5 on NT to Exch 2003 on 2003
    ... Security translation can be performed automatically for objects migrated by ... you may use subinacl to replace the ACL. ... Using the Command Line to Edit Multiple Subdirectory Permissions ... Now what i am doing is migrating from an NT ...
    (microsoft.public.windows.server.migration)