Internal Outbound  

---

 
Okay, this is where we let everyone on the internal network unrestricted access to the Internet.  This setup is not secure. You want to limit only what is absolutely required for outbound access (such as limiting outbound traffic to http and DNS queries only). If possible, also proxy all outbound traffic. I used this unrestriced rule on purpose to demonstrate a point. Some sites use this unrestricted "Internal Outbound" rule, without realizing the problems they are causing. With a rule like this, rule base ordering becomes absolutely critical. As you follow along and see how the addtional rules are added, you will better understand the importance of rulebase ordering. If management allows you to limit what is allowed outbound, do it, it is far more secure. If you can't, see how a rule like this causes problems, requiring critical rulebase ordering.