I would like to create 'logical Zones' by 'grouping' a number of vlans on a FWSM version 4.0(4).
Can this be done by setting the same security-level for each 'zone' i.e. all DMZ vlans with security-level 50
and all Safezone vlans with security-level 70 and using the same-security-traffic permit inter-interface command?
Each interface would still have ACL's to define traffic between Safezone and DMZ.
I guess the main question is on the FWSM. Does the traffic for interfaces set at the same security-level 'bypass' the ACL's
(which would effectively allow the above set up).
Or is it the case that once an ACL is applied to an interface, all traffic is permited only if defined in the ACL
and the security level is effectively ignored.
You are right. Even though the interfaces have same security level, once you applied an access-list, you would need to explicitly configure ACL to allow traffic between the same security level interface.