Reassign outside i/f security value to value higher than 0?

pdpmail · ‎08-11-2004

On a Pix 501 (OS 6.3) is it possible to reassign the outside i/f security value to a value other than 0 - or is it fixed to zero and unchangeable ? I assume the inside i/f is fixed at 100 and unchangeable. (Dont have access to an OS version 6.3 Pix right now to test this). Thanks in advance. Peter

mostiguy · ‎08-11-2004

What are you looking to do? You can use the nameif command to reassign physical nics to different names and values, including reassigning the outside and inside interfaces, but I don't know if you could have the outside security value be 3, and the inside be 97, just for the heck of it.

eleibowitz · ‎08-11-2004

The command reference says, "The inside interface cannot be renamed or given a different security level. The outside interface can be renamed, but not given a different security level." However, I have succesfully renamed both interfaces and changed security levels on a PIX 501E.

eleibowitz · ‎08-11-2004

Correction to my previous post: PIX 501, not 501E.

jpool · ‎09-19-2004

The Configuration Guide and the Command Reference seem internally and mutually contradictory about this. But I find that the 501 prohibits 3 things:

(1) giving anything but security0 to "outside"

(2) giving anything but security100 to "inside"

(3) giving security100 to anything but "inside"

You may make any changes that comply with these prohibitions. Thus, you may rename ethernet0 and leave it at security0 or change its security level, and you may rename ethernet1 as long as you also change its security level. This seems like an inadvertent inconsistency.