I needed some help with segmentation and WAN access.
The way our current policy is setup is,
Internal Users(VLAN) --> DMZ (VLAN) open for port 80 and 443.
What i am trying to achieve is restrict these internal users from using the internal IP for these web servers we host.
I want them to hit the external IP of the web servers we hit and get rid of this internal policy.
Any advice on what would be the best way to do that?