whatz the need for security levels to different interfaces needed?? No other firewalls has this feature ? ITs however understood that every interface shud have to be secured from the inruders..so whatz the point in assigning security levels to the interfaces
The Pix makes decisions for packet forwarding and address translation based on whether a packet is going from a higher security to a lower or vice versa. The security numbers don't have any real meaning outside of their relative value to other interfaces. Therefore, a DMZ interface with a security level of 50 has no more "security" than a DMZ interface with a security level of 95. Either way, it's still higher than the outside and lower than the inside for ACL decisions. When going from an high interface to low, all traffic is allowed by default and is only prevented by an explicit deny. When going from low to high, all traffic is denied by default unless explicitly allowed. by an ACL Also, traffic must be NATted from high to low even if it's just being NATted back to its own address. Traffic from low to high does not need to be NATted, although it can be.
by default all traffic is allowed from a higher security level to a lower security level ( eg from the inside to the outside). To let traffic pass from a higher security level to a lower security level, you only needs some address translation (nat/pat or static )
by default all traffic is blocked from a lower security level to a higher security level ( eg from the internet to the inside).
If you want to allow traffic from a lower to a higher security level , then you need to create an access-list that specifies the allowed traffic and apply it to the lower securtiy level interface.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...