Re: [fw-wiz] PIX question
- From: david_harris@xxxxxxxxxxx
- Date: Wed, 15 Mar 2006 09:30:01 +1100
Brian Loe wrote on 11/03/2006 08:42:18 AM:
You have an smtp box on dmz2. You have rules in dmz2-in allowing the
smtp box to talk to boxes on the internal network. The smtp box can
NOT talk to anything on the internet - gets denied by dmz2-in ACL. Add
an any any rule for that host in dmz2-in and it works.
Question: Why would the inbound ACL on dmz2 prevent it from sending
traffic to the outside interface with a lower security setting? Does
an ACL applied to a dmz interface have an implied deny all - even for
lower security interfaces?
No, as soon as you apply an access-list to any interface it takes
precedence over the security levels.
Take the access-list away and yes it will pass to a lower level.
**********************************************************************
This e-mail and any files transmitted with it may contain
confidential information and is intended solely for use by
the individual to whom it is addressed. If you received
this e-mail in error, please notify the sender, do not
disclose its contents to others and delete it from your
system.
**********************************************************************
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] PIX question
- From: Brian Loe
- [fw-wiz] PIX question
- Prev by Date: Re: [fw-wiz] PIX to PIX VPN from within a private network.
- Next by Date: Re: [fw-wiz] PIX to PIX VPN from within a private network.
- Previous by thread: Re: [fw-wiz] PIX question
- Next by thread: RE: [fw-wiz] PIX question
- Index(es):
Relevant Pages
|
