09-18-2019 01:16 AM - edited 02-21-2020 09:30 AM
Hi!
Is Security level conception still actual for Cisco 5516-x w/ Firepower Services latest versions?
Right now I set it up via Firepower Management Center, I connected my device to it and see it in devices tab.
Also, I read about basic ASA technologies, and I have found that the security level is one of the main ASA conceptions.
I try to find out where it can be set in FMC and fund nothing except FlexConfig which "the point of FlexConfig is to allow you to configure features that are not yet directly supported through Firepower Management Center policies and settings"
So, if this conception so important why I can't configure it in FMC directly? Looks like, now it slightly outdated, isn't it?
What a proper way to set up security level if I need so, and what is the best practice now to deal with this parameter nowaday?
Also, I export config from my device and see that all interfaces, including Inside, Outside, etc. have security level 0, is this can cause problems in the future?
Solved! Go to Solution.
09-20-2019 07:04 AM
If you are running FTD code on your ASA, then all interfaces will have security level 0 by default and this can't be edited, controlling traffic is based on the ACP (access control policy) rules that you setup from your FMC and assign/deploy to your FTD.
If you are running ASA/SFR module then the security-level concept will only apply to the ASA/LINA part of the FW and you can edit it from the CLI or ASDM.
09-20-2019 07:04 AM
If you are running FTD code on your ASA, then all interfaces will have security level 0 by default and this can't be edited, controlling traffic is based on the ACP (access control policy) rules that you setup from your FMC and assign/deploy to your FTD.
If you are running ASA/SFR module then the security-level concept will only apply to the ASA/LINA part of the FW and you can edit it from the CLI or ASDM.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide