Brian Loe wrote on 11/03/2006 08:42:18 AM:

>
> You have an smtp box on dmz2. You have rules in dmz2-in allowing the
> smtp box to talk to boxes on the internal network. The smtp box can
> NOT talk to anything on the internet - gets denied by dmz2-in ACL. Add
> an any any rule for that host in dmz2-in and it works.
>
> Question: Why would the inbound ACL on dmz2 prevent it from sending
> traffic to the outside interface with a lower security setting? Does
> an ACL applied to a dmz interface have an implied deny all - even for
> lower security interfaces?


No, as soon as you apply an access-list to any interface it takes
precedence over the security levels.

Take the access-list away and yes it will pass to a lower level.


************************************************** ********************
This e-mail and any files transmitted with it may contain
confidential information and is intended solely for use by
the individual to whom it is addressed. If you received
this e-mail in error, please notify the sender, do not
disclose its contents to others and delete it from your
system.

************************************************** ********************

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards