We have a PIX 506E and have recently set up a DMZ. Currently machines in the DMZ and the LAN can both access the internet. I have entered a NAT 0 command and access-list to enable communication from a machine on the LAN to a machine on the DMZ, but I thought that because the DMZ have a lower security, any machines on an interface with higher security should, by default, have access to interfaces of lower security. Is this the case?
I don't want to go through entering individual access-list commends for each machine that would need to access the DMZ if there is an easier way of doing it.
Thanks for your help,