Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
285
Views
0
Helpful
2
Replies

PIX: How many different security levels can there be?

dlac455
Level 1
Level 1

‎11-14-2003 01:04 PM - edited ‎02-20-2020 11:06 PM

I started using 802.1q and VLAN, and need 12 different levels, but,

The command reference for 6.3 says only 6 are available:

Enter 0 for the outside network or 100 for the inside network. Perimeter interfaces can use any number between 1 and 99. By default, PIX Firewall sets the security level for the inside interface to security100 and the outside interface to security0. The first perimeter interface is initially set to security10, the second to security15, the third to security20, and the fourth perimeter interface to security25 (a total of 6 interfaces are permitted, with a total of 4 perimeter interfaces permitted). The word security in this command can also be abbreviated as sec, for example sec10.

For access from a higher security to a lower security level, nat and global commands or static commands must be present. For access from a lower security level to a higher security level, static and access-list commands must be present.

Interfaces with the same security level cannot communicate with each other. We recommend that every interface have a unique security level.

0 Helpful
2 Replies 2

nkhawaja
Cisco Employee
Cisco Employee

‎11-14-2003 11:49 PM

Hi,

I think what they talked about is for 6 physical interfaces/security levels. for 12 different levels/VLAN you should be good to use 12 different security levels.

Thanks

Nadeem

0 Helpful

dmooreabc
Level 1
Level 1

‎11-26-2003 08:28 AM

Security levels are useless the second you apply an access-list to any interface on the pix. This is not "pointed out" anywhere in the docs.

The security level protection is there so if a pix is just tossed out on the net with no acl's, it will protect the network. But after ACL's are applied to it, the Sec Level "security" doesn't take place. The ACL's over-ride the Sec Level

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card