EasyManuals Logo
Home>Cisco>Firewall>FirePOWER ASA 5500 series

Cisco FirePOWER ASA 5500 series User Manual

Cisco FirePOWER ASA 5500 series
989 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #113 background imageLoading...
Page #113 background image
CHAPTER
7-1
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
7
Configuring Interface Parameters
This chapter describes how to configure each interface and subinterface for a name, security level, and
IP address. For single context mode, the procedures in this chapter continue the interface configuration
started in Chapter 5, “Configuring Ethernet Settings and Subinterfaces. For multiple context mode, the
procedures in Chapter 5, “Configuring Ethernet Settings and Subinterfaces,” are performed in the
system execution space, while the procedures in this chapter are performed within each security context.
Note To configure interfaces for the ASA 5505 adaptive security appliance, see Chapter 4, “Configuring
Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance.”
This chapter includes the following sections:
Security Level Overview, page 7-1
Configuring the Interface, page 7-2
Allowing Communication Between Interfaces on the Same Security Level, page 7-6
Security Level Overview
Each interface must have a security level from 0 (lowest) to 100 (highest). For example, you should
assign your most secure network, such as the inside host network, to level 100. While the outside
network connected to the Internet can be level 0. Other networks, such as DMZs can be in between. You
can assign interfaces to the same security level. See the Allowing Communication Between Interfaces
on the Same Security Level” section on page 7-6 for more information.
The level controls the following behavior:
Network access—By default, there is an implicit permit from a higher security interface to a lower
security interface (outbound). Hosts on the higher security interface can access any host on a lower
security interface. You can limit access by applying an access list to the interface.
For same security interfaces, there is an implicit permit for interfaces to access other interfaces on
the same security level or lower.
Inspection engines—Some application inspection engines are dependent on the security level. For
same security interfaces, inspection engines apply to traffic in either direction.
NetBIOS inspection engine—Applied only for outbound connections.
SQL*Net inspection engine—If a control connection for the SQL*Net (formerly OraServ) port
exists between a pair of hosts, then only an inbound data connection is permitted through the
security appliance.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco FirePOWER ASA 5500 series and is the answer not in the manual?

Cisco FirePOWER ASA 5500 series Specifications

General IconGeneral
BrandCisco
ModelFirePOWER ASA 5500 series
CategoryFirewall
LanguageEnglish

Related product manuals