03-09-2007 01:05 AM - edited 03-05-2019 02:48 PM
Hi all, when configuring a firewall say pix 501, is all traffic allowed outbound by default, so if I use PAT to get to the internet for 192.168.1.0 range, will all hosts be allowed out by default?
03-09-2007 01:20 AM
Hi Carl
By default outbound traffic will be permitted and you can access the net using NAT/PAT feature..
if you want to have some kinda inbound access then you need to create proper access lists to allow the remote ip's to access your local resources...
Also do remember you need to have one to one NAT configured for inbound access...
regds
03-09-2007 02:19 AM
thankyou, i gather this is same for dmz, inside can connect to dmz but not other way around unless access list is in place to allow it ?
03-09-2007 02:25 AM
Hi Carl
To put it on a simple note anything from High Security Zone to Low Security Zone ( Inside to Outside/DMZ) is permitted with necessary NAT statements.
You need to have Access-lists to permit traffic Low Security Zone to High Security Zone (Outside to DMZ or DMZ to Inside or Outside to Inside)..
regds
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: