Security level and Interface Nameif

    Logical ASA firewall interfaces must have ip address, security-level and nameif configured to work. Security levels are numbered from 0 to 100.

    1. Traffic is allowed to pass from higher to lower security level interface by default.
    2. Traffic is denied from lower to higher security level by default.

    To change above behaviour ACLs must be used. Term “traffic” means initiated session. ASA “understands” sessions and treats packet flows as whole sessions. So term “Traffic allowed from higher to lower interface” means: session that is initiated from higher to lower interface direction.

    The nameif is your custom name for particular logical interface. You can think of it as a security zone thus give it the meaningful name as a best practice.

    To set the nameif and security level issue following commands:

    ASA#configure terminal
    ASA(config)#interface GigabitEthernet0/3
    ASA(config-if)#nameif DMZ
    ASA(config-if)#security-level 50
    ASA(config-if)#ip address 2.2.2.2 255.255.255.0
    ASA(config-if)#no shutdown

    We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.

    Ok Decline
    More information