Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1274
Views
10
Helpful
3
Replies

Firewall ASA5516-X firepower SecLvl 0 all interfaces

Go to solution
amralrazzaz
Level 5
Level 5

‎06-29-2021 03:21 AM

i have an issue but im not sure if its an issue or not ? which is all interfaces security level are 0 and according to my below configuration i have inside and outside and both zero sec level as below :

interface GigabitEthernet1/1
nameif outside
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 1x.xx.1x.xx 255.2xx.0.x
!
interface GigabitEthernet1/2
nameif inside
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 1x.xx.14.xx 255.2xx.0.0
!

interface Management1/1
management-only
nameif diagnostic
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
no ip address

my question is that must to make inside int to be 100 and hwo to do this?

if i leave it as it is so it will effecting my internet connectivity ,NAT, VPN TUNNELING and so on ? because what i know that inside sec lvl should be bigger that outside sec lvl ?

 

amr alrazzaz
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎06-29-2021 03:28 AM - edited ‎06-29-2021 04:53 AM

Hi @amralrazzaz 

I assume you are running FTD software image on the hardware? If so then all interfaces have a security level of 0, unlike ASA which relied on security levels. On FTD you define Zones and interface names. You can use Flexconfig to configure security-level, though you don't need to any longer.

View solution in original post

3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎06-29-2021 03:28 AM - edited ‎06-29-2021 04:53 AM

Hi @amralrazzaz 

I assume you are running FTD software image on the hardware? If so then all interfaces have a security level of 0, unlike ASA which relied on security levels. On FTD you define Zones and interface names. You can use Flexconfig to configure security-level, though you don't need to any longer.

Go to solution
amralrazzaz
Level 5
Level 5
In response to Rob Ingram

‎07-01-2021 03:33 AM

thanks rob for your answer , so just to confirm from you that no need to do any changes and i keep it like this and it will not effecting my connection,setup,configurtions and so on ??

am i correct ?

amr alrazzaz
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to amralrazzaz

‎07-01-2021 03:36 AM - edited ‎07-01-2021 04:05 AM

Hi @amralrazzaz 

No you don't need to do anything, it will work fine without security levels.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card