I wan to to control my outbound traffic in my WEB-DMZ to restrict only a group
of servers to open outbount connections, but if I use a access-list to permit
a group of server to go out ANY im oppenig also a role to permit this traffic
to go to my others interfaces of PIX.
I dont want to use deny access-list because its not good to maintain.
Ive mapped a "internet group of networks" and Ive applied the group. this action workaround the problem, but its very CPU intensive and a very uggly solution
Who have a better idea?