I came across some interface on our firewall with same security level & also ACE corresponding to each of these interfaces.
I also found that "same security level command" has been enabled on the firewall.
If 2 interfaces with same level say 50 need to pass traffic between each other, do they still require rules with above command enabled?
If i remove the rules and test the traffic , would it allow traffic between these interfaces based on above command?
Without the command enabled, traffic WILL NOT pass between two segments with identical security levels even if access-lists are configured.
With the command enabled, traffic WILL pass between the segments but must be permitted via an access-list.