> -----Original Message-----
> From: firewall-wizards-admin@honor.icsalabs.com=20
> [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf=20
> Of Brian Loe

> Question: Why would the inbound ACL on dmz2 prevent it from=20
> sending traffic to the outside interface with a lower=20
> security setting? Does an ACL applied to a dmz interface have=20
> an implied deny all - even for lower security interfaces?

Yes. Only when no ACL is set, an implicit allow any any to lower
security interfaces is used. In the PDM, this shows up as an 'implicit
outbound rule'. When setting an ACL, it's ended with an implicit deny
any any.

firewall-wizards mailing list