cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

900
Views
0
Helpful
1
Replies
Highlighted
Beginner

Security Level conception on Firepower Management Center

Hi!

 

Is Security level conception still actual for Cisco 5516-x w/ Firepower Services latest versions? 

 

Right now I set it up via Firepower Management Center, I connected my device to it and see it in devices tab.

Also, I read about basic ASA technologies, and I have found that the security level is one of the main ASA conceptions.

 

I try to find out where it can be set in FMC and fund nothing except FlexConfig which "the point of FlexConfig is to allow you to configure features that are not yet directly supported through Firepower Management Center policies and settings"

 

So, if this conception so important why I can't configure it in FMC directly? Looks like, now it slightly outdated, isn't it?

What a proper way to set up security level if I need so, and what is the best practice now to deal with this parameter nowaday?

 

Also, I export config from my device and see that all interfaces, including Inside, Outside, etc. have security level 0, is this can cause problems in the future?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

If you are running FTD code on your ASA, then all interfaces will have security level 0 by default and this can't be edited, controlling traffic is based on the ACP (access control policy) rules that you setup from your FMC and assign/deploy to your FTD.

 

If you are running ASA/SFR module then the security-level concept will only apply to the ASA/LINA part of the FW and you can edit it from the CLI or ASDM.

View solution in original post

1 REPLY 1
Highlighted
Cisco Employee

If you are running FTD code on your ASA, then all interfaces will have security level 0 by default and this can't be edited, controlling traffic is based on the ACP (access control policy) rules that you setup from your FMC and assign/deploy to your FTD.

 

If you are running ASA/SFR module then the security-level concept will only apply to the ASA/LINA part of the FW and you can edit it from the CLI or ASDM.

View solution in original post

Content for Community-Ad