07-25-2003 11:37 AM - edited 02-20-2020 10:52 PM
I don't know if this can be done or not. But is there a way, or an ACL statement that will prevent hosts on the dmz from talking to other hosts on the same dmz? For example if my dmz is 555.555.0.0, I don't want it to talk to another 555.555.0.0 device.
Is that possible?
07-25-2003 05:42 PM
PIX don't route nor filter traffic within the same subnet. Then you can't count on PIX to do that.
07-27-2003 10:37 PM
Hi,
If two devices on the same segment and within the same IP subnet are "talking" to eachother, this is done on layer two (MAC layer). There's nothing the PIX can do about it. Ethernet still is a broadcast medium.
But if there is a switch on this segment you can see if this switch supports MAC filtering.
Kind Regards,
Leo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide