I apologize if this is a boneheaded rookie mistake but I'm about at my wits end here trying to figure this out.
I've got a simple setup.
Eth0/0 - Untrust (Route)
Eth0/2 - Trust (NAT)
I have policies in trust for:
10.16.x.1
10.16.x.2
10.16.x.3
etc.
Those IP's have custom services assigned and added to the host IP addresses.
My server:
10.16.x.100 has no policies assigned and it is able to fully connect to the internet.
My policies listing are as follows:
Machine IP policies
2
3
4
5
etc.
Then
any any any deny (log) enabled at the end with policy ID of 1
What I'm hoping to accomplish is any machine that does not have a policy explicity mapped in trust to untrust would have all traffic blocked.
I'm just trying to figure out what is going on.
Thanks.
-Aaron