Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
727
Views
0
Helpful
4
Replies

Security Level

mitang.prajapati
Level 1
Level 1

‎02-02-2010 04:47 AM - edited ‎03-10-2019 04:55 PM

hello,

I want to security Level of login User created on Router or Firewall or any network Devices means that 0 to 15 level,

How I can Know how much authority is available On network Login User.

And also I want to kanow security zone, means what traffic is allowed and what are not allowed on security zone.

e.g

In security Zone 100 what traffic is allowed ?

In security Zone 0 what traffic is allowed ?

and If i give between 0 to 100 any no on interface then what happened on that interface ?

Labels:
0 Helpful
4 Replies 4

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎02-02-2010 05:17 AM 

hello,I want to security Level of login User created on Router or Firewall or any network Devices means that 0 to 15 level,
How I can Know how much authority is available On network Login User.
And also I want to kanow security zone, means what traffic is allowed and what are not allowed on security zone.
e.g
In security Zone 100 what traffic is allowed ?
In security Zone 0 what traffic is allowed ?
and If i give between 0 to 100 any no on interface then what happened on that interface ?

Hi,

For your query on security level basic defination and a thumb rule in firewall about security level says a lower level number means that an interface belongs to a relatively less secure part of the network as compared to an interface that has a higher level number.Typically the interface connected to the public network has zero level assigned to it.

This describes a very low level security,the interface sitting on the private network has a security level of 100,meaning that it is the most secure.

By default traffic can flow freely from high security level to low security level,provided that a network address translation is built for the traffic's source ip address.However from low level to high level rules need to be explicitly defined on the firewall allowing this traffic to go through.

and if you want to check the previallage level in router what has assigned to users you can issue show privelliage in routers.

Hope that clear out your query !!

If helpful do rate the post

Ganesh.H

0 Helpful

mitang.prajapati
Level 1
Level 1
In response to Ganesh Hariharan

‎02-02-2010 05:28 AM

hello,

You had given me current user,

But if i create any new user and i want to give then some security access then what i do fit that ?

means some user give some access and some user i give different access.

accordingly security level there is any specafiction to we know that if i give 4 then this mych access to that user and if i give 8 then this much aceess to that user.

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to mitang.prajapati

‎02-02-2010 06:46 AM

If you want to allow specific users to go to specific destinations only you can use access lists that say permit x1 to destinations y and x2 to destinations z.

If you want them to first authenticate you can use AAA and downloadable ACL per use.

I hope it helps.

PK

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni
In response to mitang.prajapati

‎02-02-2010 08:28 AM 

hello,
You had given me current user,
But if i create any new user and i want to give then some security access then what i do fit that ?
means some user give some access and some user i give different access.
accordingly
security level there is any specafiction to we know that if i give 4
then this mych access to that user and if i give 8 then this much
aceess to that user.

Hi,

If you are using AAA and authetication with ACS then for cisco devices you can use ACS to controll previllages level and permiison of commands to access on cisco devices via authorization and authorization sets in ACS and downloadble acl to give some restricted access to devices also.

Hope that help

If helpful do rate

Ganesh.H

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents