Security Levels
The Adaptive Aegis Algorithm permits admission from one firewall arrangement interface to addition by application a
security akin mechanism. Anniversary interface charge be assigned with a aegis akin alignment amid 0 (lowest) to
100 (highest). By default, the Aegis Appliance assigns the centralized arrangement (the central network) aegis level
100, admitting the alien arrangement (outside network) affiliated to the Internet is assigned with akin 0. Other
networks, such as DMZ, can be assigned any cardinal in between.
By default, the Aegis Appliance allows cartage to breeze advisedly from an centralized arrangement (higher aegis level
100) to an alien arrangement (lower aegis akin 0).
For cartage to breeze amid the interfaces through the Aegis Appliance, basal ambit charge to be
configured. These accommodate the interface name, aegis level, an IP address, and the activating or changeless routing
and enabling of the interface as concrete interfaces are shut bottomward by default.
Example 6-3 shows how to configure concrete interface ambit in distinct mode.
Example 6-3. Configuring Interface Ambit in Distinct Mode
hostname(config)# interface Ethernet1
hostname(config-if)# nameif inside
hostname(config-if)# security-level 100
hostname(config-if)# ip abode 10.1.1.1 255.255.255.0
hostname(config-if)# no shutdown
Example 6-4 shows how to configure interface ambit in assorted contexts approach for the system
configuration. The archetype creates a subinterface Ethernet1.100, by putting it in VLAN 100 allocating the
Ethernet1.100 subinterface to contextA.
Example 6-4. Configuring Interface Ambit in Assorted Mode
hostname(config)# interface Ethernet1
hostname(config-if)# acceleration 100
hostname(config-if)# bifold full
hostname(config-if)# no shutdown
hostname(config-if)# interface Ethernet1.100
hostname(config-subif)# vlan 100
hostname(config-subif)# no shutdown
hostname(config-subif)# ambience contextA
hostname(config-ctx)# ...
hostname(config-ctx)# allocate-interface Ethernet1.100
By default, the Adaptive Aegis Algorithm does not admittance interfaces on the aforementioned aegis akin to
communicate with anniversary other. To absolutely admittance this, use the afterward command from the global
configuration approach to accredit cartage breeze amid aforementioned aegis akin interfaces after admission lists.
hostname(config)# same-security-traffic admittance inter-interface