Brian Loe wrote on 11/03/2006 08:42:18 AM:

> You have an smtp box on dmz2. You have rules in dmz2-in allowing the
> smtp box to talk to boxes on the internal network. The smtp box can
> NOT talk to anything on the internet - gets denied by dmz2-in ACL. Add
> an any any rule for that host in dmz2-in and it works.
> Question: Why would the inbound ACL on dmz2 prevent it from sending
> traffic to the outside interface with a lower security setting? Does
> an ACL applied to a dmz interface have an implied deny all - even for
> lower security interfaces?

No, as soon as you apply an access-list to any interface it takes
precedence over the security levels.

Take the access-list away and yes it will pass to a lower level.

************************************************** ********************
This e-mail and any files transmitted with it may contain
confidential information and is intended solely for use by
the individual to whom it is addressed. If you received
this e-mail in error, please notify the sender, do not
disclose its contents to others and delete it from your

************************************************** ********************

firewall-wizards mailing list