https://community.cisco.com/t5/network-security/pix-security-level/m-p/751643#M1008891 <P>Hello Guys,</P> <P>Thanks for your information, it was really helpful for me in such a case.</P> <P>Regards</P> <P>Milad</P> Mon, 19 Dec 2016 06:57:27 GMT afsharmilad89 2016-12-19T06:57:27Z https://community.cisco.com/t5/network-security/pix-security-level/m-p/751639#M1008852 <P>Hi</P><P></P><P>We use security level 0 outside and 100 in inside. but when we use security level other interface (dmz) then 50 or 30 or 20. so my question is what is security difference 50 ,30, 20 ?.</P><P>when i use 50 or 30 or 20 ??</P><P></P><P>thanks</P><P>Biplob</P> Mon, 11 Mar 2019 09:53:19 GMT https://community.cisco.com/t5/network-security/pix-security-level/m-p/751639#M1008852 iqbalkhan 2019-03-11T09:53:19Z https://community.cisco.com/t5/network-security/pix-security-level/m-p/751640#M1008868 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>By default the pix allows traffic to flow from a higher to a lower interface. If you want traffic to flow from a lower to higher you need to allow that traffic with an access-list. </P><P></P><P>So the difference in security numbers are eg. </P><P></P><P>You create a dmz (DMZ1) with a security number of 50</P><P>You create a dmz (DMZ2) with a security number of 40. </P><P></P><P>Traffic from DMZ1 is allowed to go through the outside interface and through DMZ2 without an access-list. </P><P>To go from DMZ1 to the inside would require an access-list. </P><P></P><P>Traffic from DMZ2 is allowed to go through the outside interface without an access-list. </P><P>To go from DMZ2 to DMZ1 or to the inside requires an access-list. </P><P></P><P>So you choose the numbers for your DMZ's based on how secure that DMZ is in relation to the other DMZ's. </P><P></P><P>HTH </P><P></P><P>Jon </P></BODY></HTML> Thu, 29 Mar 2007 07:24:25 GMT https://community.cisco.com/t5/network-security/pix-security-level/m-p/751640#M1008868 Jon Marshall 2007-03-29T07:24:25Z https://community.cisco.com/t5/network-security/pix-security-level/m-p/751641#M1008873 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>your explation clear but not full clear.</P><P>you give example DMZ1 and DMZ2.</P><P></P><P>example : I have 1 Pix.</P><P></P><P>first time I configure:</P><P></P><P>if I have out o inside 100 and DMZ50</P><P></P><P>2nd Time I configure:</P><P></P><P>and again I aasign out 0 inside 100 and Dmz 40</P><P></P><P>so difference 50 and 40 what i get advantage or disadvantage.</P><P></P><P>thanks</P><P>Biplob</P></BODY></HTML> Thu, 29 Mar 2007 07:57:50 GMT https://community.cisco.com/t5/network-security/pix-security-level/m-p/751641#M1008873 iqbalkhan 2007-03-29T07:57:50Z https://community.cisco.com/t5/network-security/pix-security-level/m-p/751642#M1008884 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>If you only have one DMZ it really makes no difference. 40 or 50 are both greater than 0 and less than 100 (your outside and inside interfaces) so whichever number you use it will have the same effect. </P><P></P><P>HTH </P><P></P><P>Jon </P></BODY></HTML> Thu, 29 Mar 2007 08:08:32 GMT https://community.cisco.com/t5/network-security/pix-security-level/m-p/751642#M1008884 Jon Marshall 2007-03-29T08:08:32Z https://community.cisco.com/t5/network-security/pix-security-level/m-p/751643#M1008891 <P>Hello Guys,</P> <P>Thanks for your information, it was really helpful for me in such a case.</P> <P>Regards</P> <P>Milad</P> Mon, 19 Dec 2016 06:57:27 GMT https://community.cisco.com/t5/network-security/pix-security-level/m-p/751643#M1008891 afsharmilad89 2016-12-19T06:57:27Z