https://community.cisco.com/t5/network-security/security-level-and-fwsm/m-p/862035#M960291 <P>Hi,</P><P>I read that all traffic on FWSM is explicitly denied. How is a sense of security level for FWSM?</P><P>Thanks</P><P>Peter</P> Mon, 11 Mar 2019 11:33:36 GMT pslavkovsky 2019-03-11T11:33:36Z https://community.cisco.com/t5/network-security/security-level-and-fwsm/m-p/862035#M960291 <P>Hi,</P><P>I read that all traffic on FWSM is explicitly denied. How is a sense of security level for FWSM?</P><P>Thanks</P><P>Peter</P> Mon, 11 Mar 2019 11:33:36 GMT https://community.cisco.com/t5/network-security/security-level-and-fwsm/m-p/862035#M960291 pslavkovsky 2019-03-11T11:33:36Z https://community.cisco.com/t5/network-security/security-level-and-fwsm/m-p/862036#M960292 <HTML><HEAD></HEAD><BODY><P>Hi Peter</P><P></P><P>Yes you do need to explicitly allow traffic with an access-list even if traffic is going from the inside interface (highest security level) to the outside (lowest security level).</P><P></P><P>But all the other rules still apply in that you can give interfaces the same security level and have traffic flow between them without access-list, you still need to setup static NAT translations for lower to higher level security interfaces (unless you turn off NAT) so it's still pretty much the same as you are presumably used to.</P><P></P><P>HTH</P><P></P><P>Jon</P></BODY></HTML> Wed, 21 Nov 2007 11:40:46 GMT https://community.cisco.com/t5/network-security/security-level-and-fwsm/m-p/862036#M960292 Jon Marshall 2007-11-21T11:40:46Z