Is there an easy way to allow our public VLAN to only access the internet, but not the other networks? I think there are two ways to do this:
- Outside is Security Level 0, Public is level 10 and all inside networks are above 10, for example 100.
- Make two ACL's: First a block from all public IP's to all my inside networks IP address and then an allow from the public IP's to any.
The problem of the first rule is that when I add a custom extra rule to block some stuff, the level based firewalling goes away. I don't think I can choose 'to all lower security level networks' anymore in the ASDM after creating a rule.
The problem with the second rule is that it requires extra maintenance: For every new internal network we add, we have to add a rule to the public rule to say this specific network cannot be reached.
Isn't there an easier way to make a rule that says 'this network can only access the internet, nothing else' ?
Ruud van Strijp