Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1189
Views
10
Helpful
3
Replies

Firewall ASA5516-X firepower SecLvl 0 all interfaces

Go to solution
amralrazzaz
Level 5
Level 5

‎06-29-2021 03:21 AM

i have an issue but im not sure if its an issue or not ? which is all interfaces security level are 0 and according to my below configuration i have inside and outside and both zero sec level as below :

interface GigabitEthernet1/1
nameif outside
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 1x.xx.1x.xx 255.2xx.0.x
!
interface GigabitEthernet1/2
nameif inside
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 1x.xx.14.xx 255.2xx.0.0
!

interface Management1/1
management-only
nameif diagnostic
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
no ip address

my question is that must to make inside int to be 100 and hwo to do this?

if i leave it as it is so it will effecting my internet connectivity ,NAT, VPN TUNNELING and so on ? because what i know that inside sec lvl should be bigger that outside sec lvl ?

 

amr alrazzaz
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎06-29-2021 03:28 AM - edited ‎06-29-2021 04:53 AM

Hi @amralrazzaz 

I assume you are running FTD software image on the hardware? If so then all interfaces have a security level of 0, unlike ASA which relied on security levels. On FTD you define Zones and interface names. You can use Flexconfig to configure security-level, though you don't need to any longer.

View solution in original post

3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎06-29-2021 03:28 AM - edited ‎06-29-2021 04:53 AM

Hi @amralrazzaz 

I assume you are running FTD software image on the hardware? If so then all interfaces have a security level of 0, unlike ASA which relied on security levels. On FTD you define Zones and interface names. You can use Flexconfig to configure security-level, though you don't need to any longer.

Go to solution
amralrazzaz
Level 5
Level 5
In response to Rob Ingram

‎07-01-2021 03:33 AM

thanks rob for your answer , so just to confirm from you that no need to do any changes and i keep it like this and it will not effecting my connection,setup,configurtions and so on ??

am i correct ?

amr alrazzaz
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to amralrazzaz

‎07-01-2021 03:36 AM - edited ‎07-01-2021 04:05 AM

Hi @amralrazzaz 

No you don't need to do anything, it will work fine without security levels.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card