Networking questions
Summary
Security Lists & Public vs PrivateContent
First a simple question about security lists which your documentation makes no mention of as far as I know and support was useless.
With security lists, is there an implicit deny at the end of the rule chain that denies all traffic not matching any explicit rules? Is this behavior the same for ingress and egress? Or do I have to create an explicit deny all at the end myself? Basically, is it a whitelist model (i.e. like basically 99% of access control list solutions out there) or a blacklist model?
Second, my understanding is that security lists are applied on each vnic. Does this mean if I want to contain hosts to only talk to each other within a subnet I have to explicitly permit them to do so and then explicitly deny everything else?