Chapter 6 Configuring Interface Parameters; Security Level Overview - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Configuring Interface Parameters
This chapter describes how to configure each interface for a name, security level, and IP address. For
transparent firewall, you also need to configure a bridge group for each interface pair.
This chapter includes the following sections:
•
•
•
•
•
Security Level Overview
Each interface must have a security level from 0 (lowest) to 100 (highest). For example, you should
assign your most secure network, such as the inside host network, to level 100. While the outside
network connected to the Internet can be level 0. Other networks, such as DMZs can be in between. You
can assign interfaces to the same security level. See the
on the Same Security Level" section on page 6-10
The level controls the following behavior:
•
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Security Level Overview, page 6-1
Configuring Interfaces for Routed Firewall Mode, page 6-2
Configuring Interfaces for Transparent Firewall Mode, page 6-4
Allowing Communication Between Interfaces on the Same Security Level, page 6-10
Turning Off and Turning On Interfaces, page 6-12
Inspection engines—Some inspection engines are dependent on the security level. For same security
interfaces, inspection engines apply to traffic in either direction.
NetBIOS inspection engine—Applied only for outbound connections.
–
OraServ inspection engine—If a control connection for the OraServ port exists between a pair
–
of hosts, then only an inbound data connection is permitted through the FWSM.
Filtering—HTTP(S) and FTP filtering applies only for outbound connections. For same security
interfaces, you can filter traffic in either direction.
NAT control—When you enable NAT control, you must configure NAT for hosts on a higher security
interface (inside) when they access hosts on a lower security interface (outside).
Without NAT control, or for same security interfaces, you can choose to use NAT between any
interface, or you can choose not to use NAT. Keep in mind that configuring NAT for an outside
interface might require a special keyword.
C H A P T E R
"Allowing Communication Between Interfaces
for more information.
6
6-1
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
