https://community.cisco.com/t5/network-security/same-security-level-rules/m-p/1312856#M859202 <P>Hi,</P><P></P><P>I came across some interface on our firewall with same security level &amp; also ACE corresponding to each of these interfaces.</P><P>I also found that "same security level command" has been enabled on the firewall. </P><P>Question:</P><P>If 2 interfaces with same level say 50 need to pass traffic between each other, do they still require rules with above command enabled?</P><P>If i remove the rules and test the traffic , would it allow traffic between these interfaces based on above command?</P><P>Please suggest.Thanks.</P><P></P> Mon, 11 Mar 2019 15:46:14 GMT suthomas1 2019-03-11T15:46:14Z https://community.cisco.com/t5/network-security/same-security-level-rules/m-p/1312856#M859202 <P>Hi,</P><P></P><P>I came across some interface on our firewall with same security level &amp; also ACE corresponding to each of these interfaces.</P><P>I also found that "same security level command" has been enabled on the firewall. </P><P>Question:</P><P>If 2 interfaces with same level say 50 need to pass traffic between each other, do they still require rules with above command enabled?</P><P>If i remove the rules and test the traffic , would it allow traffic between these interfaces based on above command?</P><P>Please suggest.Thanks.</P><P></P> Mon, 11 Mar 2019 15:46:14 GMT https://community.cisco.com/t5/network-security/same-security-level-rules/m-p/1312856#M859202 suthomas1 2019-03-11T15:46:14Z https://community.cisco.com/t5/network-security/same-security-level-rules/m-p/1312857#M859204 <HTML><HEAD></HEAD><BODY><P>If the interfaces are configured with identical security levels, you have the "same-security-traffic permit inter-interface" command enabled, and you are running 7.2 or later code, you'll need to have specific rules to pass traffic in each direction between the segments.</P><P></P><P></P></BODY></HTML> Mon, 22 Jun 2009 00:09:53 GMT https://community.cisco.com/t5/network-security/same-security-level-rules/m-p/1312857#M859204 Patrick0711 2009-06-22T00:09:53Z https://community.cisco.com/t5/network-security/same-security-level-rules/m-p/1312858#M859206 <HTML><HEAD></HEAD><BODY><P>that means even with this command, rules still have to be there.</P><P>Then what purpose does this command serve?</P><P></P><P>Thanks.</P></BODY></HTML> Mon, 22 Jun 2009 06:29:57 GMT https://community.cisco.com/t5/network-security/same-security-level-rules/m-p/1312858#M859206 suthomas1 2009-06-22T06:29:57Z https://community.cisco.com/t5/network-security/same-security-level-rules/m-p/1312859#M859208 <HTML><HEAD></HEAD><BODY><P>Without the command enabled, traffic WILL NOT pass between two segments with identical security levels even if access-lists are configured.</P><P></P><P>With the command enabled, traffic WILL pass between the segments but must be permitted via an access-list. </P><P></P><P></P></BODY></HTML> Mon, 22 Jun 2009 18:19:47 GMT https://community.cisco.com/t5/network-security/same-security-level-rules/m-p/1312859#M859208 Patrick0711 2009-06-22T18:19:47Z