Configuring Interface Parameters; Interface Parameters Overview - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Configuring Interface Parameters
•
•
•
•
Configuring Interface Parameters
Before you can complete your configuration and allow traffic through the security appliance, you need
to configure an interface name, and for routed mode, an IP address.
Note
If you are using failover, do not use this procedure to name interfaces that you are reserving for failover
and Stateful Failover communications. See
and state links.
This section includes the following topics:
•
•
Interface Parameters Overview
This section describes interface parameters and includes the following topics:
•
•
•
Cisco Security Appliance Command Line Configuration Guide
7-2
Inspection engines—Some application inspection engines are dependent on the security level. For
same security interfaces, inspection engines apply to traffic in either direction.
NetBIOS inspection engine—Applied only for outbound connections.
–
SQL*Net inspection engine—If a control connection for the SQL*Net (formerly OraServ) port
–
exists between a pair of hosts, then only an inbound data connection is permitted through the
security appliance.
Filtering—HTTP(S) and FTP filtering applies only for outbound connections (from a higher level
to a lower level).
For same security interfaces, you can filter traffic in either direction.
NAT control—When you enable NAT control, you must configure NAT for hosts on a higher security
interface (inside) when they access hosts on a lower security interface (outside).
Without NAT control, or for same security interfaces, you can choose to use NAT between any
interface, or you can choose not to use NAT. Keep in mind that configuring NAT for an outside
interface might require a special keyword.
established command—This command allows return connections from a lower security host to a
higher security host if there is already an established connection from the higher level host to the
lower level host.
For same security interfaces, you can configure established commands for both directions.
Interface Parameters Overview, page 7-2
Configuring the Interface, page 7-3
Default State of Interfaces, page 7-3
Default Security Level, page 7-3
Multiple Context Mode Guidelines, page 7-3
Chapter 7
Chapter 14, "Configuring Failover."
Configuring Interface Parameters
to configure the failover
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
