1. Since the firewall is stateful, does this mean the if a connection is made from a higher security interface to a lower security interface (inside to DMZ), once the connection has been established, that the lower security interface (DMZ) can return the traffic?
2. Does an access-list applied inbound from the DMZ interface to the inside interface work like any access-list which means that implicit deny is at the end of the list? Anything not allowed on the list is denied?
I have a firewall with the list below inbound on the DMZ interface. The inside interface is allowing anything in the 10.0.0.0 subnet.
I have a server, 10.1.10.100 that can access the 192.168.100.5 server in the DMZ.
I do not see how this is so, with the access-list shown below. If the Stateful connection will allow anything from the 10.0.0.0 subnet (allowed on the inside interface), what good is the access-list doing?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...