I've got two DMZs. DMZ1 has the web server with security level 50. DMZ2 is a guest wireless network with security level 10. DNS points to outside. DNS doctoring works fine from the inside for the web server (i.e. when an inside user browses to http://www.company.com, they get the real, untranslated IP). But for users in DMZ2, it doesn't work since DMZ2 has a lower security level than DMZ1. If I create an inbound access list on DMZ2 to allow access to the DMZ1 web server, the implict rule to allow guests to browse the Web obviously is lost.
I reaize one option is to use the following inbound rules on dmz2:
1. Allow any to dmz1 web server for specific services
2. Deny any to inside and dmz1 for all
3. Allow any to any for web browsing
I'm trying to see if there's any other way to do this and keep the implicit "permit all to less secure network". Thanks.