I have a controller to controller GRE tunnel for guest access - anchor to DMZ. The role on the local controller is called "guest-tunneled" and the role on the dmz controller is "guest".
Today, we have matching ACLs on both roles, but when I need to make an udpate, I need to do it multiple times. Wouldn't I only need ACLs on the DMZ role of "guest" since all traffic is forced there anyway?