Where to configure ACL to deny any traffic from the external network that has a source address that should reside on internal network? Does that include assigned public IPs?
Where to filter any outbound traffic that does not have the source address of IPs for the network?
Network: ISP router <>perimeter router<>firewall plus DMZ<>LAN switch.
You can filter at your perimter router ingress interface.
Reference this link
by using acl at your perimeter router using link example above u should have additional protection before atacker even hits the firewall.
Firewall has unti-spoofing functionality , u should still reference this other link.
Rate any helpful posts