Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

modification in interface security level of outside interface on running asa device


Please provide the information that  can i change the security level on my asa firewall for outside interface. This ASA firewall presently running and handling the live traffice.

Will it impact on the traffice if change the security level.




Why would you want to modify

Why would you want to modify the outside security level? The value needs to be set as 0. This is because the default behaviour of ASA that won't allow traffic flowing from lower to higher security level unless permitted by ACLs. This way it will automatically protect your inside/dmz network from outside/internet.

By default when you configure nameif on all interfaces, they will have security level of 0 unless if you name it as "inside" then it will have security level of 100. You can modify the security level under interface level with security-level command. 

Regarding the impact, I don't know. I never tried it/measured it before. I assume it won't have any impact as long as the outside's security level is still lower than all other interfaces in your ASA after you modify it.

Yes it is possible to change

Yes it is possible to change it while in production. You must keep it lower than all your other interfaces though.

CreatePlease to create content