We have a Cisco PIX 535. By default, the traffic from a more secure interface to other with a lower security level is permitted, is it?
Ok, I have a doubt, I've had to define an access-list entry to permit a telnet connection from inside to outside. There's no rule denying that traffic but, without that rule the telnet connection can't be stablished.
And my question is: why? Is it not supposed to be permitted by default?
Thanks in advance.
By default higher -> lower is allowed... however, once you add permit statements, there is an implicit deny all at the end. So, if you allow web, ftp, and ssl... then by default, all other traffic is denied and you'll need to be specific with your permits.