06-21-2009 07:54 AM - edited 03-11-2019 08:46 AM
Hi,
I came across some interface on our firewall with same security level & also ACE corresponding to each of these interfaces.
I also found that "same security level command" has been enabled on the firewall.
Question:
If 2 interfaces with same level say 50 need to pass traffic between each other, do they still require rules with above command enabled?
If i remove the rules and test the traffic , would it allow traffic between these interfaces based on above command?
Please suggest.Thanks.
Solved! Go to Solution.
06-22-2009 11:19 AM
Without the command enabled, traffic WILL NOT pass between two segments with identical security levels even if access-lists are configured.
With the command enabled, traffic WILL pass between the segments but must be permitted via an access-list.
06-21-2009 05:09 PM
If the interfaces are configured with identical security levels, you have the "same-security-traffic permit inter-interface" command enabled, and you are running 7.2 or later code, you'll need to have specific rules to pass traffic in each direction between the segments.
06-21-2009 11:29 PM
that means even with this command, rules still have to be there.
Then what purpose does this command serve?
Thanks.
06-22-2009 11:19 AM
Without the command enabled, traffic WILL NOT pass between two segments with identical security levels even if access-lists are configured.
With the command enabled, traffic WILL pass between the segments but must be permitted via an access-list.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: