Firewall/NAT

I am curious if anyone has some information about the following topic.  I am used to the cisco ideas of networking where each network has a set security level and all traffic flows according to those levels.

It seems like to me that the OPT interfaces are NOT true dmz's but simply second networks with routing.

Is this true?

The LAN and additional networks are separate, and unsolicited traffic is not allowed into a network by default unless rules are put in place to allow it.

However, it is possible to configure (or misconfigure) things to compromise or eliminate security for an attached network.

Ok got ya.  That answers my question 100%.  The optional interface is in no way a DMZ with a security level... it is a seperate network that you can configure to allow traffic into and out of from specific sources and destinations.

In cisco land, it seems that you can assign security levels to different networks and then have traffic flow unrestricted from networks with higher security levels down to lower security levels by default.... therefor  you would not have to add any rules to a DMZ to allow lan traffic to access it.... only to allow dmz traffic to access the lan.  (by default).


thanks for the help.