Re: communication betn same sec levels

aksher · ‎02-07-2007

Is there any change required for intervlan comm. on FWSM with same sec levels other than usual conf like sec level,ip add,nameif on the specific int/vlan.

Collin Clark · ‎02-08-2007

I am unfamiliar with the FWSM but in PIX/ASA you can use the following command.

same-security-traffic permit inter-interface

daviddtran · ‎02-08-2007

what you said is true only for version 7.2(1) or

higher. If your version on the Pix/ASA is not

7.2(1) or higher, this will only work for

IPSec traffic.

in FWSM, version 3.1(3) does not have this

feature because FWSM code is always behind

pix/ASA code.

Jon Marshall · ‎02-08-2007

Hi

Actually the FWSM v2.3 supports this commmand as does 3.1. From one of our FWSM's

SZ-JFH-F00-DTE-FW1/dev-ct# conf t

SZ-JFH-F00-DTE-FW1/dev-ct(config)# same ?

Usage: [no] same-security-traffic permit inter-interface

[no] same-security-traffic permit intra-interface

show same-security-traffic

SZ-JFH-F00-DTE-FW1/dev-ct(config)# sh ver

FWSM Firewall Version 2.3(2)

FWSM Device Manager Version 4.1(1)

Compiled on Wed 06-Apr-05 13:08 by dalecki

SZ-JFH-F00-DTE-FW1 up 37 days 16 hours

Configuration last modified by enable_15 at 06:34:12 Feb 09 2007

SZ-JFH-F00-DTE-FW1/dev-ct(config)#

Whilst it's generally true that FWSM v2.x equates to Pix v6.x and FWSM v3.x equates to v7.x the FWSM code is not just a replica of the pix equivalent.

HTH

Jon