Hi All, What is the default behavior of Cisco PIX/ASA before putting into the Production? & DMZ behavior also? Regards, Srinadh.
What is the default behavior of Cisco PIX/ASA before putting into the Production? & DMZ behavior also?
Same rule applies to DMZ. If you configure security level 50 for DMZ, 100 for inside and 0 for outside:
- Traffic from DMZ towards inside will not be allowed by default
- Traffic from DMZ towards outside will be allowed by default
and again, that assumes NAT and routing is configured.
Default behaviour would be if it's in routed mode:
1) Traffic from high security level to low security level will be allowed by default if you don't have any ACL configured on the high security level interface.
2) Traffic from low security level to high security level would need the following configured:
- static NAT configuration
- ACL applied on the low security level interface to allow inbound traffic.
The above assumes that you have configured the necessary interface ip address, nameif, security level, routes and NAT.
Hope that helps.