03-20-2014 11:36 PM - last edited on 03-25-2019 05:53 PM by ciscomoderator
Hi,
Please provide the information that can i change the security level on my asa firewall for outside interface. This ASA firewall presently running and handling the live traffice.
Will it impact on the traffice if change the security level.
03-21-2014 03:07 AM
Why would you want to modify the outside security level? The value needs to be set as 0. This is because the default behaviour of ASA that won't allow traffic flowing from lower to higher security level unless permitted by ACLs. This way it will automatically protect your inside/dmz network from outside/internet.
By default when you configure nameif on all interfaces, they will have security level of 0 unless if you name it as "inside" then it will have security level of 100. You can modify the security level under interface level with security-level command.
Regarding the impact, I don't know. I never tried it/measured it before. I assume it won't have any impact as long as the outside's security level is still lower than all other interfaces in your ASA after you modify it.
03-21-2014 07:38 AM
Yes it is possible to change it while in production. You must keep it lower than all your other interfaces though.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: