PIX 6.3: ACLs and Security Levels
Posted on 2006-06-21
I'm reworking my PIX configuration to get rid of conduits in favor of ACLs.
My question is regarding how ACLs and the security levels of the various interfaces interact.
Since every access-list ends with an implicit deny all statement, does this override the fact that higher security interfaces can usually get to lower security interfaces?
For example, if I apply an ACL to my DMZ interface (seclevel 50) permitting access to a server behind my inside interface, will the implicit deny at the end of the ACL prevent things in the DMZ from accessing the Internet (i.e., networks on the outside, seclevel 0 interface?)