Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
743
Views
0
Helpful
1
Replies

FWSM - L3 Interface Security Levels

packetzen
Level 1
Level 1

‎03-17-2011 08:03 AM - edited ‎03-11-2019 01:08 PM

We have about 15 L3 interfaces on the FWSM, all with security level 50

(except for the Outside interface which is 0)  We have a new vlan that we want to

segragate from the other vlan's on the fwsm.  We currently have the 'enable traffic

between interfaces with the same security level' checked.

When I select my new vlan to change it to a higher security level, I get the

following message.

"Changing the security level of an interface may cause your FWSM configuration to become

invalid, casuing the fwsm to drop legal traffic or allow illegal traffic.  do you wish to

proced. "

I am concerned about making this change becuase the message states that my configuration

may become invalid.  Is this true?  Is this a standard config?

Thanks!

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎03-17-2011 11:42 PM

Yes, basically it means that you will have to reconfigure the access between this interface and all other interfaces.

Traffic from low to high security level will require either static NAT or NAT 0 with ACL. Traffic from high to low can be configured with any translation.

You just have to redesign your access and make sure that you don't break the initiate access depending on what you are trying to achieve.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card