Hi all. I am playing with security policy, and seeing a result that I am not expected. Basically I would like to allow connection from the Local (trusted) zone to a specific server in the DMZ zone to allow port 443 (ssl) traffic only In the Source section, to simplify things a bit, I set to "Any, Any" (all user in the Local zone is allowed to access the DMZ zone). Then in the Destination section, I set the Application field to "ssl", and the "Service" field to "any" (default is application-default). However, I notice users in the Local (trusted) zone is able to access the specific server in the DMZ zone over other ports, eg: 80, etc. Now, once I've set the "Application" field to "ssl", and "Service" field to "application-default", it is giving me the desire result. Can anyone please give me an explanation on this? Eg: the evaulation (relationship) between "Application" and "Service". Do I need to configure both "Application" and "Service" field, or just configure one of them is fine? Thank you.
... View more