I just connected a clients router (on my premises) to a dmz port on my ASA. There is a security rule “any any” that is on that DMZ port (outbound). It is enabled but it is not applied to any traffic and a route routing any traffic going to x.x.x.x(client specified IP address) to go to that interface.
Those are the only two entries for that DMZ port. We can easily get to their system and everything works, but I am wondering if and what they can get to from their end into us. They shouldn’t be able to get to anything.