So here is my situation:
The following policies where left in place
Factory-Default Security Policies
- Trust-to-trust zone policy: Denies all intrazone traffic within the trust zone This was changed to a PERMIT
- Trust-to-untrust zone policy: Permits all traffic from the trust zone to the untrust zone
- Untrust-to-trust zone policy: Denies all traffic from the untrust zone to the trust zone.
NO interfaces assigned to the untrust zone
Several other zones created and have interfaces and policies assigned to them.
for example
Zone test-1
Zone test-2
Lets say I have several policies that represent the following, that are immediately below the Factory-Default policies, I list above that were left in place:
Zone test-1 (Source) 192.168.77.0/24 to Zone test-2 192.168.55.0/24 (destination) tcp-123 Permit
Zone test-1 (Source) 192.168.77.0/24 to Zone test-2 192.168.55.0/24 (destination) tcp-456 Permit
Zone test-1 (Source) 192.168.77.0/24 to Zone test-2 192.168.55.0/24 (destination) tcp-789 Permit
Zone test-1 (Source) 192.168.77.0/24 to Zone test-2 192.168.55.0/24 (destination) tcp-101 Permit
Zone test-2 (Source) 192.168.55.0/24 to Zone test-1 192.168.77.0/24 (destination) tcp-123 Permit
Zone test-2 (Source) 192.168.55.0/24 to Zone test-1 192.168.77.0/24 (destination) tcp-456 Permit
Zone test-2 (Source) 192.168.55.0/24 to Zone test-1 192.168.77.0/24 (destination) tcp-789 Permit
Zone test-2 (Source) 192.168.55.0/24 to Zone test-1 192.168.77.0/24 (destination) tcp-101 Permit
As you can see there are NO deny's referencing any of the newly created zones (test-1, test-2 ...etc)
Would this not indicate that Any and ALL traffic to and from the interfaces assigned in the zones are PERMITTED ?
Thanks Steve