Note: Even though the intranet and DMZ may already be separated from one another at the Ethernet level by dedicated interfaces, separating them at IP level requires the use of a firewall rule.
The server service should be accessible from the Internet and the intranet, but IP traffic should be prohibited from the DMZ to the intranet. For the example above, the following would result:
- For an "allow-all" strategy (default): Block access from "123.45.67.2" to "All stations on the local network"
- For a "deny-all" strategy: Allow access from "All stations on the local network" to "123.45.67.2"
