modification in interface security level of outside interface on running asa device

navratan.nawariya · ‎03-20-2014

Hi,

Please provide the information that can i change the security level on my asa firewall for outside interface. This ASA firewall presently running and handling the live traffice.

Will it impact on the traffice if change the security level.

Rudy Sanjoko · ‎03-21-2014

Why would you want to modify the outside security level? The value needs to be set as 0. This is because the default behaviour of ASA that won't allow traffic flowing from lower to higher security level unless permitted by ACLs. This way it will automatically protect your inside/dmz network from outside/internet.

By default when you configure nameif on all interfaces, they will have security level of 0 unless if you name it as "inside" then it will have security level of 100. You can modify the security level under interface level with security-level command.

Regarding the impact, I don't know. I never tried it/measured it before. I assume it won't have any impact as long as the outside's security level is still lower than all other interfaces in your ASA after you modify it.

Collin Clark · ‎03-21-2014

Yes it is possible to change it while in production. You must keep it lower than all your other interfaces though.