1. When the user accesses the external Web site, check the session table. Only HTTP access entries can be queried.
2. Query the ACL rule for interzone packet filtering. This ACL allows the access of WWW only.
acl number 3005
rule 10 permit tcp source 192.168.0.0 0.0.0.255 destination-port eq www
rule 500 deny ip source 192.168.0.0 0.0.0.255
3. Modify the ACL rule, and allow the DNS access. External Web pages can be accessed and the customer's requirement is met.
rule 15 permit tcp source 192.168.0.0 0.0.0.255 destination-port eq dns
|In the ACL rule for the interzone packet filtering, only WWW is allowed through, but there is no DNS. As a result, Web pages cannot be resolved.|