Live security level change on PIX

Unanswered Question
Nov 30th, 2007
User Badges:


I need to change an interface security level from 100 to 85 while it is live. What are the implications for doing so?

Will each new packet be treated with the new level? And most importantly will there be any downtime or other side affects which will be noticable to users?

I have read on a previous post that a reboot is preferable - is this definitely the case and why so?

I'm running 7.0(1)on a PIX 535.

Any thoughts much appreciated.

Many thanks,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Fri, 11/30/2007 - 10:12
User Badges:
  • Blue, 1500 points or more

I've never heard about this requiring a reboot. The only thing to be concerned about are the normal things when you change security levels, mainly how that affects communication with other interfaces. Also, if you're using the 'same-security-traffic..' command, how that affects it.


This Discussion