• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 459
  • Last Modified:

Can I set the same security level on two interface in PIX, ASA and FWSM?

Can I set the same security level on two interfaces in PIX, ASA and FWSM?

If two DMZs had same security level, what default rule should be? allow or deny any any in two directions ?

Thanks very much!
0
howruaz9
Asked:
howruaz9
  • 3
3 Solutions
 
mrjoltcolaCommented:
Low to high is allowed by default, and high to low is disallowed by default.
Same to same is also disallowed by default, unless you have issued:

same-security-traffice permit inter-interface


This is from the ASA docs, I don't know about the older PIX, but Cisco docs do recommend not relying on this and using explicit ACLs. Hope that helps.
0
 
mrjoltcolaCommented:
Sorry, I reversed the correct logic in the first sentence.

Correction: High to low is allowed by default, and low to high is disallowed by default.

0
 
mrjoltcolaCommented:
>>Can I set the same security level on two interfaces in PIX, ASA and FWSM?

To clearly answer the first question, the Yes, you can.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now