Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2888
Views
0
Helpful
1
Replies

Security Level conception on Firepower Management Center

Go to solution
IlyaTaskaev
Level 1
Level 1

‎09-18-2019 01:16 AM - edited ‎02-21-2020 09:30 AM

Hi!

 

Is Security level conception still actual for Cisco 5516-x w/ Firepower Services latest versions? 

 

Right now I set it up via Firepower Management Center, I connected my device to it and see it in devices tab.

Also, I read about basic ASA technologies, and I have found that the security level is one of the main ASA conceptions.

 

I try to find out where it can be set in FMC and fund nothing except FlexConfig which "the point of FlexConfig is to allow you to configure features that are not yet directly supported through Firepower Management Center policies and settings"

 

So, if this conception so important why I can't configure it in FMC directly? Looks like, now it slightly outdated, isn't it?

What a proper way to set up security level if I need so, and what is the best practice now to deal with this parameter nowaday?

 

Also, I export config from my device and see that all interfaces, including Inside, Outside, etc. have security level 0, is this can cause problems in the future?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Raed Boshmaf
Cisco Employee
Cisco Employee

‎09-20-2019 07:04 AM

If you are running FTD code on your ASA, then all interfaces will have security level 0 by default and this can't be edited, controlling traffic is based on the ACP (access control policy) rules that you setup from your FMC and assign/deploy to your FTD.

 

If you are running ASA/SFR module then the security-level concept will only apply to the ASA/LINA part of the FW and you can edit it from the CLI or ASDM.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Raed Boshmaf
Cisco Employee
Cisco Employee

‎09-20-2019 07:04 AM

If you are running FTD code on your ASA, then all interfaces will have security level 0 by default and this can't be edited, controlling traffic is based on the ACP (access control policy) rules that you setup from your FMC and assign/deploy to your FTD.

 

If you are running ASA/SFR module then the security-level concept will only apply to the ASA/LINA part of the FW and you can edit it from the CLI or ASDM.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card