I have a firewall with three interfaces (outside, inside "172.16.0.0/16" and dmz "10.1.1.0/24") and I need access from inside network to internet on port 80 as access-list below.
access-list inside_access_in extended permit tcp host 172.16.0.0 255.255.0.0 0.0.0.0 0.0.0.0 eq http
What would be the best practice for the machines in network inside dont access others networks on port 80, already destination is any?
Create a deny rule in the middle of the example below
access-list inside_access_in extended deny ip 172.16.0.0 255.255.0.0 10.1.1.0 255.255.255.0
access-list inside_access_in extended permit tcp 172.16.0.0 255.255.0.0 0.0.0.0 0.0.0.0 eq http
Create outbound access-list on interface dmz?
Thanks for all