Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 462
  • Last Modified:

Can I set the same security level on two interface in PIX, ASA and FWSM?

Can I set the same security level on two interfaces in PIX, ASA and FWSM?

If two DMZs had same security level, what default rule should be? allow or deny any any in two directions ?

Thanks very much!
  • 3
3 Solutions
Low to high is allowed by default, and high to low is disallowed by default.
Same to same is also disallowed by default, unless you have issued:

same-security-traffice permit inter-interface

This is from the ASA docs, I don't know about the older PIX, but Cisco docs do recommend not relying on this and using explicit ACLs. Hope that helps.
Sorry, I reversed the correct logic in the first sentence.

Correction: High to low is allowed by default, and low to high is disallowed by default.

>>Can I set the same security level on two interfaces in PIX, ASA and FWSM?

To clearly answer the first question, the Yes, you can.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now