Firewall Wizards mailing list archives
Re: PIX question
From: david_harris () arnotts com
Date: Wed, 15 Mar 2006 09:30:01 +1100
Brian Loe wrote on 11/03/2006 08:42:18 AM:
You have an smtp box on dmz2. You have rules in dmz2-in allowing the smtp box to talk to boxes on the internal network. The smtp box can NOT talk to anything on the internet - gets denied by dmz2-in ACL. Add an any any rule for that host in dmz2-in and it works. Question: Why would the inbound ACL on dmz2 prevent it from sending traffic to the outside interface with a lower security setting? Does an ACL applied to a dmz interface have an implied deny all - even for lower security interfaces?
No, as soon as you apply an access-list to any interface it takes precedence over the security levels. Take the access-list away and yes it will pass to a lower level. ********************************************************************** This e-mail and any files transmitted with it may contain confidential information and is intended solely for use by the individual to whom it is addressed. If you received this e-mail in error, please notify the sender, do not disclose its contents to others and delete it from your system. ********************************************************************** _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX question Brian Loe (Mar 13)
- RE: PIX question Bruce Smith (Mar 14)
- Re: PIX question Avishai Wool (Mar 14)
- Re: PIX question david_harris (Mar 15)
- <Possible follow-ups>
- RE: PIX question Martijn Berlage (Mar 14)