Indirectly, you can accomplish this. Create a group with the relevant
wireless nets, then define a single rule as follows:
Source: {wireless nets}
Destination: NOT {Internal nets}
Service: HTTP, HTTPS
Action: Allow
Bear in mind that you're talking about fundamental differences in
architecture
thanks! what if I only want public internal to access internet on http
and https but not the web servers on dmz or staff internal.
I can't really define a group for internet right?
So does that mean I need to have a bunch of drop rules setting at the
very beginning?
Thanks!
On 30/01/13
You can define the internet for your rule, but it's similar to how the firewall
figures out what IP's are allowed through anti-spoofing for your internet
interface when you check external in your topology configuration - it's
anything that's NOT your other internal or DMZ segments. If you want