I have an organization's network, containing 4 zones: inside, outside, DMZ1 and DMZ2. DMZ1 contains external-facing servers - DNS, WEB and Mail servers. DMZ2 hosts internal servers- Radius, DHCP, Database, File and Application servers. All the zones are connected to the enterprise edge router. The problem is I don't understand what kind of traffic should be permitted between zones. How I see it:
Inside - DMZ1: The traffic should be inspected and inside should be allowed to get web, DNS and mail traffic on ports 25,43,80,53. All the other traffic will be blocked.
Inside - DMZ2: Inside should get packets from radius, dhcp, database, file and aplication servers.
Outside - inside: traffic blocked, only VPN allowed. (Company has two separate locations and vPN will be used for communication)
DMZ1 - Outside: All the servers should be seen from the internet. (Not sure)
DMZ2 - Outside: All the traffic is blocked.
I'm very new to networking and security and I might have a lot of mistakes. I would really appreciate the help to figure out what traffic should be passed between these zones to make the organization runnable.