In our example network, we wanted to keep the SALES, MARKETING and DEVELOPERS networks separate, so that none of these networks had access to each other (with certain exceptions for shared resources), but all three networks should have access to the DMZ, which does not have access to other local networks. All of these networks should have access to the internet through the WAN interface. We can achieve this by creating two rules on each network:
- Rules on each interface blocking access to non-DMZ networks.
- A default rule such as the Allow LAN to any rule, for each specific interface.
This ruleset will block all incoming traffic that does not originate on the local network while still allowing ...