I am new using FWSM and I have find out a problem that I did not have with the ASA. As I have read, ASAs permit traffic for outbound connections (from high to low security level interfaces), but in FWSM that it is not allowed and everything is denied.
My problem is how to permit in FWSM do the same that ASAs for the outside(Internet) interface.
I do not do any NAT in the FWSM and I have only aplied inbound ACLs to premit/ deny traffic in the FWSM. As I using ASDM to configure I thought that when I was applying permit ip any any in a interface it only applied to lower security interfaces (ASDM makes me thought so), but I was wrong and it is applied to higher and lower security interfaces. What should I have to do? Do I have to apply an outgoing ACL in the outside interface.
I will try to make it more clear with an example:
_ inside, sec level 100
_ DMZ1, sec level 90
_ DMZ2, sec level 70
_ DMZ3, sec level 70
_ outside, sec level 0
I have a default route to outside, no NAT and permit traffic between interfaces with the same sec level
I just want to permit all traffic from inside,DMZ1, DMZ2 and DMZ3 to outside, but not for example from to DMZ3 to DMZ1. Will this be solved applying an outbound ACL in outside interface? If that´s so how does the FWSM work with an ingoing and outgoing ACL?
Thank you very much