I have a PIX 515 with web servers on the DMZ interface. I thought I understood that if you if the inside int has security setting of 100 and the DMZ is at 50 and the Outside is at 0 then the PIX should allow traffic to flow between high level ints to low level automatically. My problem is that our web servers allow traffic in from the outside but if I try to get to the internet from one of the web servers I can't get there. Obviously if I add a rule to allow DMZ access to any on port 80 it works, and I've tested that.
I'm looking for a couple answers on this.
1. Does the high to low default traffic not really apply here?
2. Is it considered correct to allow 80 traffic if any out from the DMZ to Outside? Would a seasoned Network Admin laugh at me for doing it?