We have an interface on our controller connected into a dmz, and the Guest role simply uses a Route to ESI policy to reditect ANY traffic to our internet gateway in the dmz. Ass this pushes ANY traffic towards the dmz, do we need any DENY rules, as I would assume that ANY and all traffic would simply be getting pushed towards to the dmz, so in way, would be completely isolated from our internal lan.
This role simply consists of allow dhcp and dns (served by a server in the dmz), the route any traffic towards an interface in the dmz, so I would assume this would then also act to protect anything not in the dmz... is this correct??