Sneaky Rule  

---

 
I like this rule.  The problem with logging is there is so much of it.  What is important, what isn't?  This rule helps simplify that.  This rule looks specifically for any traffic initiated from the DMZ going to the Internal network.  This should never happen, as the DMZ is an untrusted network. By creating this rule and giving it an alert, we can quickly be notified when this occurs.  Something like this is one of the first indications that your DMZ may have been compromised.