How to control traffic between dmz and inside using pix 525 without NAT? Let's say if I want dmz to be able to access one IP/port one the inside network. Do I need to add an entry to the inbound acl on the dmz interface AND outbound acl on the inside interface since the packet comes in from the dmz and out to the inside network from the inside interface? Or does pix only check one acl (eg: inbound acl on dmz) and if it passes, the packet will be let go through the firewall even though other acl (eg: outbound acl on inside interface) doesn't explicitly allow it? I see all inbound and outbound ACL groups have a last line implicit deny rule.
- posted
14 years ago