Embed Size (px)
Citation preview
I N D E X
Symbols & Numerics# (pound sign), 29(*,G) multicast flows, 131? (question mark), context-based help, 314GE (4-port Gigabit Ethernet) SSM, 725
AAAA, configuring
command accounting, 286–287command authorization, 283–285
AAA servers, user management, 272–280administrative users, 280–287end-user cut-through proxy, 287–301
abbreviatingcommands, 30contiguous 0s on IPv6 addresses, 61
ABRs (Area Border Routers), 101absolute uauth timer, 9access control, 323accessing
ASA Flash memory partitions, 194–195firewall user interface
with console connection, 232–233with PDM/ASDM, 238–242with SSH session, 235, 237with Telnet, 234
FWSM on Catalyst 6500 switch, 28specific privilege levels, 263
accountinglocal user activity, 272of generic users on Cisco firewalls, 263–264
ACEs (access control entries)adding to ACLs, 353–355logging activity, 379–380removing from ACLs, 358–359time range, applying, 360–362time-based, 356
ACLs (access control lists)ACEs
adding, 353logging activity, 379–380removing, 358–359
time range, applying, 360–362time-based, 356
applying to lower-security interfaces, 351to outbound direction, 8
compiling, 352configuring, 348–349, 353descriptions, adding, 359–360downloadable, verifying, 299examples of, 362–363extended, 356–357hit counters, resetting, 382hit counts, displaying, 707–708logging activity, 617–619manipulating, 357–358monitoring, 380–382object groups, 352
applying, 373–379defining, 363–373enhanced service object groups, defining,
370–373ICMP type, defining, 367–369network object groups, defining, 364–365protocol object groups, defining, 365–367service object groups, defining, 369–370
recompiling, 353renaming, 359verifying firewall connectivity, 705–707wildcards, specifying, 355
activating debug packet sessions, 690–691activation keys
unlocking firewall features, 39upgrading, 40–41
active firewall process, checking, 629–632active shuns, verifying connectivity, 718–720active-active failover pair, 474–477
configuration example, 501–508requirements, 482–484
active-standby failover pair, 474–475configuration example, 498–501manually upgrading, 520–524
AD (Anomaly Detection) policies, configuring on AIP SSM, 778–780
addingACEs to ACLs, 354–355descriptions to ACLs, 359–360
848
address spoofing on outside interface, 5–6address translation, 323
conn entries, 326connection limits, configuring, 328–330dynamic NAT, configuring, 341–346dynamic PAT, configuring, 342–346embryonic connections, limiting, 330–331identity NAT, configuring, 338–340inbound access, defining, 324NAT exemption, 327
configuring, 340–341outbound access, defining, 323–324outside NAT, 328PAT, 326policy NAT, configuring, 335–338same-security access, 324–325static NAT, 326, 331–334types of supported on Cisco firewalls, 326–327verifying, 709–714xlate entries, 325xlate table entries
clearing, 717table timeout values, adjusting, 717–718
addressing, multicast, 127adjacency logging (OSPF), disabling, 106adjusting
fragment cache size, 72interface MTU, 70–71resource limits to security contexts, 186terminal screen width, 34xlate table timeout values, 717–718
admin context, 169, 173–175administration of ASA Flash memory, 196–200administrative context, 158administrative distance, 83–84administrative sessions, monitoring, 244–245administrative users, 261
managing with AAA servers, 280–287administratively scoped addresses, 127, 142advertising default routes, 96AIP (Advanced Inspection and Prevention) SSM,
725configuring, 769–772IPS policies, configuring, 777–780IPS sensors, configuring, 780–781IPS virtual sensors, configuring, 781–785license, updating, 773–774
managing, 773signature database file, updating, 774–776
alerts (syslog), 799-802alias keyword, 319allocating
firewall resources to contexts, 185–191resources in multiple-context mode, 185–186
analyzing firewall logs, 619–623application inspection, 423, 426
configuring, 426–432DCERPC inspection, configuring, 437–438DNS inspection, configuring, 438–440ESMTP inspection, configuring, 441–443FTP inspection, configuring, 443–446GTP inspection, configuring, 446–448H.323 inspection, configuring, 449–451HTTP inspection, configuring, 452–460ICMP inspection, configuring, 460–462IM inspection, configuring, 462, 464IPSec Passthru inspection, configuring, 465matching text with regular expressions,
433–437MGCP inspection, configuring, 465, 467MGCP map, configuring, 467NetBIOS inspection, configuring, 468RADIUS accounting inspection, configuring,
468–469SNMP accounting inspection, configuring,
470–471application partition passwords, resetting, 308applications
for optimizing Syslog servers, 590–591logging analysis, 620
applyingACLs to lower-security interfaces, 351object groups to access lists, 373–379policy maps to interface, 406–420
default policies, 421–423time ranges to ACEs, 360–362
area 0, 107areas (OSPF), subnet notation, 107ARP (Address Resolution Protocol)
configuring, 68–69static entries, clearing, 319
ARP cache, clearing, 69arp command, alias keyword, 319ARP inspection, 314
configuring, 320
address spoofing on outside interface
849
arp timeout command, 699arrow keys, recalling commands, 32ASA (Adaptive Security Algorithm), 4ASA (Adaptive Security Appliance)
4GE SSM, 725AIP SSM, 725, 769–780classifiers, 166configuring as Auto Update Server, 228–232CSC SSM, 725
automatic updates, configuring, 741–743configuring, 729–738connecting to management interface,
740–741inspection policy configuration, 744–769repairing initial configuration, 738–740
failover pair capabilities, 39Flash memory
administration, 194–200partitions, accessing, 194–195
MAC address allocation, 165Packet Tracer feature, verifying firewall
connectivity, 692–694Passwords, recovering, 302–305SSM modules, initial configuration, 726–729traceroute, performing, 703–705
ASA 7.2, WCCPv2, 396–397ASA 7.3, configuring redundant interfaces, 48–49ASA 8.0, configuring EIGRP, 97–101ASBRs (Autonomous System Boundary Routers),
101ASDM (Adaptive Security Device Manager)
accessing firewall user interface, 238–242ACL hit counts, displaying, 707–708firewall throughput, checking, 638–639image file, copying into Flash memory, 238–
239packet capture sessions, configuring with
Packet Capture Wizard, 683–685assigning
IP address to interfaces, 54–58privilege levels
to commands, 268–271to users, 265
security level to interfaces, 54unique MAC addresses to ASA physical
addresses, 167–168VLAN number to logical interface, 52–53
attributes of trunk links, 46audit trails, generating, 245AUS (Automatic Upgrade Server), automatically
upgrading failover pair, 524authentication
of generic users on Cisco firewalls, 262–263of local users, 265–267uauth, absolute uauth timer, 9
authorization, local user configuration, 268–272authorizing
firewall command access, 267–272user activity with TACACS+ servers, 291–293
Auto Update clientconfiguring firewall as, 221–227verifying operation, 227
Auto Update Server, configuring firewall as, 228–232
automatic CSC SSM updates, configuring, 741– 743
automatically upgrading image files, 211Auto-RP, 136–137
Bbanners, configuring on user interface, 243–244Base license, failover support, 39BEQ (best-effort queuing), 73–74, 663
configuring, 75–77displaying information, 77
best practicesfor firewall configuration, 21–23for security policy maintenance, 21–23
bidirectional mode (PIM), 135configuring, 138neighbor filtering, 143–144
Bidirectional NAT, 328boot image setting, displaying, 201bootstrap router method, 136bridge mode (CSM), 550broadcast traffic, 126BSRs (bootstrap routers), 136buffered logging, enabling, 626buffered messages, viewing, 597bump-in-the-wire, 312bypass links, 81–83
bypass links
850
Ccalculating runtime differences on processes,
630–632candidate RPs, 136capture sessions
controlling, 680–681copying buffer contents
to TFTP server, 676to web browser, 677–680
displaying trunk contents, 675–676example, 682monitoring, 673–674verifying packets passing through interfaces,
666–673capturing traffic
with Packet Capture Wizard, 683–685on VLANs inside switch chassis, 686–689
Catalyst 6500 switch, FWSM, 20accessing, 28
changeto command, 185changeto system command, 584changing message severity levels, 616characteristics of context configuration files,
168–169checking system resources, 627
failover performance, 646–655firewall CPU load, 627–632firewall interface throughput, 655–665firewall memory usage, 633–636firewall throughput, 638–645inspection engine activity, 645–646stateful inspection resources, 636–638
circular logging buffer, 597Cisco firewalls
clock management, 581setting clock manually, 582–583setting clock with NTP, 584–586
message logging, configuring, 591–613specifications, 20–21supported translation types, 326–327user management
accounting local user activity, 272generic users, 262–264with AAA servers, 272–301with local database, 264–272
CiscoACS servers, configuring command authorization, 283–285
class maps, configuring, 398–406classifiers, 160, 166classifying traffic, 398–406clear ip verify statistics command, 86clear traffic command, 514clearing
ARP cache, 69internal logging buffer, 615static ARP entries, 319xlate table entries, 717
CLI, initial firewall configuration, 41–42clock management, 581
setting clock manually, 582–583setting clock with NTP, 584–586
clock summer-time command, recurring keyword, 583
collecting Syslog firewall logs, 21–23combining load balancing techniques, 530command accounting, configuring, 286–287command authorization, configuring, 283–285command history, 32commands
abbreviating, 30active, viewing, 29arp, alias keyword, 319arp timeout, 699changeto, 185changeto system, 584clear ip verify statistics, 86clear traffic, 514configure terminal, 41–42debug icmp trace, 10–11debug ntp authentication, 586debug track, 94editing, 30entering, 29executing on failover peer, 517–519failover active, 516failover exec, 519failover mac address, 490failover poll, 492failover preempt, 486failover reload-standby, 517filtering output, 32–33fragment chain, 72
calculating runtime differences on processes
851
inspect, 432mac-address auto, 167mode multiple, 172operators, 356ping
example, 696permitting on ASA and PIX platforms, 696
preempt, 489privilege levels, 262
assigning, 268–271regular expressions
operators, 33searching, 32–33
same-security-traffic, 323show activation-key, 170, 518show admin-context, 191show arp, 68–69show arp-inspection, 320show blocks, 516, 634show conn, 326, 713show dhcprelay statistics, 125show failover, 497, 508–513, 521show firewall, 312show flash, 200show interface, 176, 515show ipv6 interface, 67show local-host, 715show logging, 614, 622show memory detail, 634show mode, 171show pim topology, 153show processes, 629show resource allocation, 189show rip, 96–97show running-config all, 30show service-policy, 427, 645show shun statistics, 383show tech-support, 692show traffic, 514show version, 34–36show xlate, 709–714static, 327syntax errors, 31terminal width, 34write mem, 42
community string (SNMP), defining, 257–258compiling access lists, 352
conditional NATconfiguring, 335–338static NAT, 335
configuration commands, entering manually, 218configuration examples
of active-active failover, 501–508with FWSM, 500– 501with PIX firewalls, 498–501
of active-standby failover, 474–475configuration files
of contexts, characteristics, 168–169running configuration
copying across failover pair, 217–218displaying, 214saving to Flash memory, 214–215saving to TFTP server, 216–217
startup configurationdisplaying, 213–214erasing configuration commands, 218managing, 211–213selecting, 212–213
configuration mode, 29configure terminal command, 41–42configuring
ACLs, 348–349, 353address translation
connection limits, 328–330dynamic NAT, 341–346dynamic PAT, 342–346identity NAT, 338–340NAT exemption, 340–341policy NAT, 335–338static NAT, 331–334
AIP SSM, 769–772IPS policies, 777–780IPS sensors, 780–781IPS virtual sensors, 781–785
application inspection, 426–432DCERPC inspection, 437–438DNS inspection, 438–440ESMTP inspection, 441–443FTP inspection, 443–446GTP inspection, 446–449H.323 inspection, 449–451HTTP inspection, 452–460ICMP inspection, 460–462IM inspection, 462, 464
configuring
852
IPSec Passthru inspection, 465matching text with regular expressions,
433–437MGCP inspection, 465, 467MGCP map, 467NetBIOS inspection, 468RADIUS accounting inspection, 468–469SNMP accounting inspection, 470–471
ARP, 68–69banners on user interface, 243–244bidirectional PIM neighbor filtering, 144class maps, 398–406command accounting, 286–287command authorization, 283–285content filters, 390–395contexts, 174–180CSC SSM, 729
automatic updates, 741–743FTP inspection policies, 753–755initial settings, 733–738inspection policies, 744–753POP3 inspection policies, 765–769SMTP inspection policies, 755–764traffic inspection, 730–733
CSM FWLB, 552–561CSS FWLB, 571–574DDNS, 121–123
verifying configuration, 123–124DHCP relay, 124–125DHCP server functions, 116–120EIGRP, 97–101failover, 484, 495
contexts, 495health monitoring policy, 490–492interface failure policy, 492primary unit, 485–488stateful, 492–497
firewallsas Auto Update client, 221–227as Auto Update Server, 228–232best practices, 21–23
FragGuard, 71–73identity NAT for exclusive outbound use, 340IGMP, 147–149interfaces, 50, 52–60
examples, 58–60IP address assignment, 54–58MTU, 70–71
IOS FWLB, 531–540IPv6, 61–63
neighbor advertisements, 65–66neighbor discovery, 64–65prefix advertisements, 66–67
IPv6 addresses, 60–61local user authorization, 268–272medium-security interfaces, inbound access,
350–352message logging, 591–613multicast boundaries, 142–143multiple-context mode, 170–173
navigating multiple security contexts, 173–174
OSPF, 105–112example configuration, 115–116on firewall, 101–104on both sides of firewall, 104–105prefix lists, 108redistribution, 112–115
PIM, 137–141neighbor filtering, 143–144
priority queuing, 75–77RADIUS user authorization, 294–295redundant interfaces, 48–49RIP on firewall, 95–97
verifying configuration, 96–97shuns, 382–384
example, 384–386SLA monitor process, 89–92SMR, 145–147
example, 150SNMP, 256–259SSM modules
AIP SSM, 769–772CSC SSM, 729-733initial configuration, 726–729
static routes, 86–87, 89switch ports, 485transparent firewall, 314–317
access lists, 321ARP inspection, 319–321interface speed, 315MAC address learning process, 318–319management address, 317–319non-IP protocol forwarding policy,
321– 322
configuring
853
conn table, 7entries, 7–8size, checking, 637–638
connecting to CSC SSM management interface, 740–741
connection limitsconfiguring for address translation, 328–329outbound, configuring on UDP/TCP, 329–330
connectionless protocols, 9ICMP, stateful inspection, 10–13UDP, 13–15
connection-oriented protocols, 9TCP, 15–19
connectionsembryonic, 16–17
limiting, 330–331maximum limit of, defining, 18TCP intercept, 18
half-closed, 18inbound access, 324
xlate lookup, 7maximum number supported on Cisco firewalls,
37–39outbound access, 323–324shunning, 382–384
example, 384–386stateful inspection, 7verifying, 711–716
connectivityactive shuns, verifying, 718–720IPv6, testing, 67–68of failover pairs, 481–482verifying, 691–722
with ACLs, 705–707console connection, accessing firewall user
interface, 232–233console logging, 595–596content filtering, 19
configuring, 390–395examples, 396WCCPv2, 396–397
context mode, displaying, 171context-based help, 31contexts, 158
admin contexts, 173–175allocating firewall resources, 185–191assigning to failover groups, 495
classifiers, 166configuration files, characteristics, 168–169configuring, 174–180CPU usage, displaying, 192example definition, 180–185inside context interfaces, sharing, 161–164labeling, 175multiple-context mode
configuring, 170–173navigating multiple security contexts,
173–174resource allocation, 185–186
physical interfaces, mapping to logical interfaces, 178
system execution space, features, 169–170system name, viewing, 176
controllingcapture sessions, 680–681traffic
ACLs, configuring, 348–349to/from medium-security interfaces, 349–
352copying
ASDM image into Flash memory, 238–239capture buffer contents
to TFTP server, 676to web browser, 677–680
files to/from Flash memory, 196–197PDM image into Flash memory, 238–239running configuration across failover pair,
217–218CPU utilization
checking, 627–632of contexts, displaying, 192
crashesforcing, 250information, saving, 248–249
crashinfo filesdeleting, 251generating, 249viewing, 250–251
creatingdirectories
in Flash memory, 198in PIX 7.x Flash memory, 198–199
test crashinfo files, 249
creating
854
critical messages (syslog), 802-803CSC (Content Security and Control) SSM, 725
automatic updates, configuring, 741–743configuring, 729initial configuration, repairing, 738–740initial settings, configuring, 733–738inspection policies
configuring, 744–753FTP, configuring, 753–755POP3, configuring, 765–769SMTP, configuring, 755–764
management interface, connecting to, 740–741traffic inspection, configuring, 730–733
CSM (Content Switching Module) FWLB, 549–552
configuring, 552–561displaying information, 569–571example configuration, 561–569
CSS (Cisco Content Services Switch), 529CSS FWLB
configuring, 571–574displaying information, 579example configuration, 574–579
Ctrl-I command, displaying typed commands, 30
DDCERPC (Distributed Computing Environment
Remote Procedure Call), 437DCERPC inspection, configuring, 437–438DDNS (Dynamic DNS), 120
configuring, 121–123database, updating, 121verifying configuration, 123–124
debug icmp trace command, 10–11debug ntp authentication command, 586debug packet sessions, enabling, 689–691debug track command, 94debugging
failover activity, 513–516ICMP debugging, enabling, 697–698
debugging messages (syslog), 837-845default behavior of firewalls, 4default policies, defining, 421–423default routes, 84
advertising, 96
defininglogging policies, 594–595object groups, 363–364
enhanced service object groups, 370–373ICMP type object groups, 367–369network object groups, 364–365protocol object groups, 365–367service object groups, 369–370
policy maps, 406–420default policies, 421–423
security policies in MPF, 397–398server reactivation policies, 274SNMP community string, 257–258
deletingcrashinfo files, 251files from Flash memory, 197
depletion mode, 274descriptions, adding to ACLs, 359–360detecting
firewall failures, 480spam
in POP3 e-mail, 767–768in SMTP e-mail, 759–762
DHCP (Dynamic Host Configuration Protocol), 19
DDNS, configuring, 121–124DHCP relay, configuring, 124–125DHCP server, configuring, 116–120directories
creating in Flash memory, 198–199removing from Flash memory, 199
disablingactive commands, 29OSPF adjacency logging, 106screen paging, 34
disconnecting from active PDM sessions, 245displaying
ACL hit counts, 707–708active PDM/ASDM management application
sessions, 245ARP inspection status, 320available firewall interfaces, 46–47boot image setting, 201buffered messages, 597configured contexts, 174context information, 191context mode, 171
critical messages (syslog)
855
contexts, 174, 191system name, 176
CPU usage for contexts, 192CSM FWLB information, 569–571CSS FWLB information, 579failover statistics, 508–513firewall crash information, 250–251firewall features, 34IOS FWLB information, 546–549monitoring status of interfaces, 497PIX 6.3 flash files, 200priority queuing information, 77redundant interface status, 49–50running configuration, 214startup configuration, 213–214startup configuration environment variable, 212trunk contents, 675–676typed commands, Ctrl-I, 30
disruptingping process, 697traceroute process, 705
DMZ (demilitarized zone) networks, 349–352protecting, 22
DNS Guard, 15DNS inspection, configuring, 438–440DNS resolution, configuring on firewall interface,
197DoS attacks, preventing IP address spoofing,
84–86downloadable ACLs
enabling on firewall, 298verifying, 299
downloading operating system image from monitor prompt, 202–206
DUAL (Diffusing Update Algorithm), 97dynamic NAT
configuring, 341–346examples, 346–348
dynamic PATconfiguring, 342–346examples, 346–348
Eediting commands, 30EIGRP (Enhanced Interior Gateway Routing
Protocol)configuring, 97–101DUAL, 97
EMBLEM format (system messages), 588embryonic connections, 16–17
limiting, 330–331maximum limit of, defining, 18TCP intercept, 18
enablingbuffered logging, 626debug packet sessions, 689–691ICMP debugging, 697–698ICMP inspection, 703RPF, 85
end users, 261end-user cut-through proxy
configuration examples, 300–301configuring on AAA servers, 287–300
enhanced service object groups, defining, 370–373
entering commands, 29environment variable for startup configuration,
displaying, 212erasing
configuration commands from startup configuration, 218
Flash memory, 199–200error messages (syslog), 804-815ESMTP inspection, configuring, 441–443examining firewall crash information, 248–249example configurations
CSM FWLB, 561–569CSS FWLB, 574–579interfaces, 58–60OSPF, 115–116
examplesof ACLs, 362–363of capture session, 681–682of content filters, 396of context definition, 180–185of dynamic NAT, 346–348of dynamic PAT, 346–348
examples
856
of firewall failover configurationactive-active, 501–508active-standby with FWSM, 500–501active-standby with PIX firewalls,
498– 500of IOS FWLB, 540–546of ping command, 696of SMR configuration, 150
exec banners, configuring on user interface, 243–244
executing commandson failover peer, 517–519remotely, 519
exploits, VLAN hopping, 79–80preventing, 80–81
extended access lists, 356–357extended pings
disrupting, 697sending, 696–697
Ffailover, 19
active-active failover pair, 474–477configuration example, 501–508requirements, 482–484
active-standby failover pair, 474–475configuration example, 498–501manually upgrading, 520–524
cause of, determining, 652–655configuring, 484, 495contexts, configuring, 495debugging, 513–516displaying statistics, 508–513health monitoring policy, configuring, 490–492interfaces
failure policy, configuring, 492“testing” mode, 480–481
LAN-based, 479manually forcing role change, 516primary unit, configuring, 485–488required licenses, 475resetting failed firewall unit, 517stateful
configuring, 492–497monitoring, 514–516
toggling roles, 655verifying
communication, 647–650unit roles, 646–647
failover active command, 516failover cable, 479failover exec command, 519failover groups, 482–484failover hello messages, 492failover mac address command, 490failover pairs
connectivity, 481–482copying running configuration across, 217–218
failover poll command, 492failover preempt command, 486failover reload-standby command, 517failures, detecting, 480feasible successors, 97features of firewalls
displaying, 34unlocking, 39
fields of system messages, 588file blocking (HTTP), configuring on CSC SSM,
751files
copying to/from Flash memory, 196–197deleting from Flash, 197renaming in Flash, 198
filtering. See also content filteringcommand output, 32–33POP3 content, 768–769SMTP content, 758–759
fine-tuning logging message generation, 615–616firewall farms, 527firewall masks, 355firewalls
configuringas Auto Update client, 221–227as Auto Update Server, 228–232
crashes, forcing, 250interface throughput, checking, 655–665
first-hop routers, 128fixed-group addresses, 127fixup. See application inspectionflash files, displaying in PIX 6.3, 200
examples
857
Flash memoryASA
administration, 196–200managing, 194
copying files to/from, 196–197creating new directories, 198deleting files from, 197erasing, 200formatting, 199FWSM, managing, 194–196hierarchical structure, 195–196managing, 192–193operating system image
downloading from monitor prompt, 202– 206
identifying, 200–201upgrading, 205–210
PIX 7.x, creating directories, 198–199removing directories, 199renaming files, 198running configuration, saving, 214–215system integrity, verifying, 199
FO (Failover) license, 39FO-AA (Failover-Active/Active) license, 39forcing
failover role change, 516firewall crashes, 250
foreign addresses, 6formatting Flash memory, 199FragGuard, configuring, 71–73fragment cache, adjusting size of, 72fragment chain command, 72FTP, uploading logging buffer contents, 598FTP inspection
configuring, 443–446policies, configuring on CSC SSM, 753–755
FWLB (Firewall Load Balancing), 527–528CSM FWLB, 549–552
configuring, 552–561displaying information, 569–571example configuration, 561–569
CSS FWLBconfiguring, 571–574displaying information, 579example configuration, 574–579
IOS FWLB, 530–531configuring, 531–540displaying information, 546–549example, 540–546
methods of, 529FWSM (Firewall Services Module), 20
accessing on Catalyst 6500 switch, 28failover pairs, 477
capabilities, 39Flash memory management, 194–196logical interfaces, 47NTP support, 584passwords, recovering, 307–308security levels, 316VLAN groups, defining, 47
GGeneral Queries (IGMPv2), 130generating
audit trails, 245test crashinfo files, 249
generic usersaccounting, 263–264authentication, 262–263managing on Cisco firewalls, 262
global addresses, 6, 61global configuration mode, 29globally scoped addresses, 127GMT (Greenwich Mean Time), 581Group-Specific Queries (IGMPv2), 130GTP inspection, configuring, 446–449
HH.323 inspection, configuring, 449–451half-closed connections, 18half-open connections, 17hardware load balancing, CSM FWLB, 549–552
configuring, 552–561displaying information, 569–571example configuration, 561–569
help system, context-based help, 31hierarchical structure of flash file system,
195–196
hierarchical structure of flash file system
858
history of failover state changes, displaying, 513hit counter (ACL), resetting, 382hitless upgrade, 479, 519holdtime timer, setting, 491HTTP inspection
configuring, 452–460policies, configuring on CSC SSM, 751
file blocking, 751HTTP scanning, 751–753URL blocking, 745–746URL filtering, 746–750
HTTP scanning, configuring on CSC SSM, 751–753
IICMP (Internet Control Message Protocol)
ACLs operation, 8debugging, enabling, 697–698message types, 788–790object groups, defining, 367–369ping, 481restricting traffic, 23stateful inspection, 10–11
case study, 12–13time-exceeded messages, permitting, 704
ICMP inspectionconfiguring, 460–462enabling, 703
identifying operating system image in Flash memory, 200–201
identity NAT, configuring, 338–340idle uauth timer, 9IEEE 802.1Q trunks, attributes, 46IGMP (Internet Group Message Protocol)
configuring, 147–149SMR, configuring, 145–147verifying operation, 151–152
IGMP proxy agent, 126IM inspection, configuring, 462–464image files, automatically upgrading, 211inbound access, 324
configuring on medium-security interfaces, 350–352
inbound connections, 4xlate lookup, 7
informational messages (syslog), 827-837initial firewall configuration, 41–42initial settings, configuring on CSC SSM,
733–738initiating
firewall reload, 246–247after specific time interval, 247–248
multiple context mode, 172–173inline interface configuration, 781inside context interfaces, sharing, 161–164inside interfaces, 2–3inspect command, 432inspection engines, 9. See also application
inspectionactivity, checking, 645–646ICMP stateful inspection, 10–13TCP stateful inspection, 15–19UDP stateful inspection, 13–15
inspection policies (CSC SSM), 744– 753FTP, configuring, 753–755HTTP, configuring, 745–753interface polltime, 492POP3, configuring, 765–769SMTP, configuring, 755–764
interface priority queues, 73–74interfaces
ASA, assigning unique MAC addresses, 167– 168
configuring, 50, 52–60connectivity
checking ARP cache, 698–700checking routing table, 700testing with ping packets, 695–696verifying, 691–692, 720–722verifying with ACLs, 705–707verifying with traceroute, 700–703
DNS resolution, configuring, 197example configurations, 58–60inbound access, 324inside context interfaces, sharing, 161–164IP addresses
assigning, 54–58IPv6 addresses, configuring, 60–61
logical, assigning VLAN number, 52–53lower-security, applying ACLs, 351
history of failover state changes
859
medium-securityinbound access, 350, 352traffic, controlling, 349–352
monitoring status, displaying, 497MTU, configuring, 70–71outbound access, 323–324physical, mapping to contexts, 158, 160–161policy maps, applying, 406–423redundant interface groups, 474same-security access, 324–325security level, assigning, 54testing mode, 480–481verifying packets passing through via capture
sessions, 666–676internal clock
setting manually, 582–583setting with NTP, 584–586
internal logging buffer, clearing, 615invoking
context-based help, 31Packet Tracer tool, 694
IOS FWLB, 530–531configuring, 531–540displaying information, 546–549example, 540–546
IP address spoofing, preventing, 84–86IP addresses, assigning to interfaces, 54–58IP multicast, 127
addressing, 127administratively scoped addresses, 142bidirectional PIM neighbor filtering,
configuring, 144IGMP
configuring, 147–149verifying operation, 151–152
multicast boundaries, configuring, 142–143multicast trees, 128PIM, 130–131
configuring, 137–141Sparse Mode, 131–134verifying operation, 152–155Version 1, 136
PIM neighbor filtering, configuring, 143–144PIM-SM, RP designation, 136–137RPF, 128–129
SMRconfiguring, 145–147example configuration, 150
IP port numbers, 790–791corresponding Cisco firewall keywords,
791– 794ip verify reverse-path interface, 85IPS (Intrusion Prevention Systems), configuring
on AIP SSM, 778–780policies, 777–779sensors, 780–781virtual sensors, 781–785
IPSec Passthru inspection, configuring, 465IPv6
configuring, 60–63connectivity, testing, 67–68neighbor advertisements, configuring, 65–66neighbor discovery, configuring, 64–65prefix advertisements, configuring, 66–67
ISNs (initial sequence numbers), 8, 331
J-K-Lknowledge base, 779
labeling contexts, 175LAN-based failover, 479–481last-hop routers, 128Layer 2 firewalls, 312Layer 3 traffic
classifying, 398–406policy maps, defining, 406–420
Layer 4 trafficclassifying, 398–406policy maps, defining, 406–420
Leave Group messages (IGMPv2), 130length of terminal screen, adjusting, 34level 0 passwords, resetting, 263license, registering, 39licenses
activation keys, 39upgrading, 40–41
Base license, failover support, 39FO-AA, 39required for failover, 475upgrading, 39
licenses
860
limitations on outbound UDP/TCP connections, 329–330
limitingembryonic connections, 330–331resource allocation on security contexts,
186–188resources allocated to contexts, 185–189TCP MSS size, 71
link-local addresses, 61, 127links, bypass links, 81–83link-state protocols, OSPF configuration, 105–
112listing available firewall interfaces, 46–47LLQ (low-latency queue), 74, 663
configuring, 75–77displaying information, 77
load balancingCSM FWLB, 549–552
configuring, 552–561displaying information, 569–571example configuration, 561–569
FWLB, 528–529IOS FWLB, 530–531
configuring, 531–540displaying information, 546–549example, 540–546
local addresses, 6local database, user management, 264–265
accounting local user activity, 272firewall command access, authorizing, 267–272local user authentication, 265–267local user authorization, configuring, 268–272
loggingACE activity, 379–380ACL activity, 617–619
logging messages, 587analyzing firewall logs, 619–623clearing internal logging buffer, 615configuring, 591–613destinations, verifying, 614logging to secure Syslog server with SSL, 604–
611manually testing message generation, 615pruning messages, 615–616sending messages
to ASDM management application, 613to email address, 611–613
severity levelschanging, 616setting, 587
time stamp synchronization, 588logging timestamp message, 604logical interfaces, 35, 47
mapping to physical interfaces, 178subinterface number, 51–52VLAN number, assigning, 52–53
logical VLAN interfaces, 51–52login banner, configuring on user interface,
243–244lookups (xlate table), 7lower-security interfaces, applying ACLs, 351LSAs (link-state advertisements), 101
MMAC addresses
of ASA physical interfaces, displaying, 165learning process, configuring on transparent
firewalls, 318–319mac-address auto command, 167management traffic, restricting access to, 23managing
AIP SSM, 773Flash memory, 192–193
ASA, 194FWSM, 194–196
startup configuration, 211–213manipulating ACLs, 357–358manually forcing failover role change, 516manually resetting failed firewall units, 517manually setting internal clock, 582–583manually testing logging message generation, 615manually upgrading active-standby pair,
520– 524mapping
to contexts, 158, 160–161to logical interfaces (contexts), 178
mapping agents, 136medium-security interfaces
inbound access, configuring, 350, 352traffic, controlling, 349–352
Membership Report messages, 129
limitations on outbound UDP/TCP connections
861
memoryFlash
copying files to/from, 196–197creating directories in, 198deleting files from, 197downloading operating system image,
202–206formatting, 199identifying operating system image, 200–
201managing, 192–196removing directories from, 199renaming files in, 198upgrading operating system image, 205–
210usage, checking, 633–636
merging startup and running configuration commands, 219–221
messagesICMP, 788–790IGMP Membership Report, 129logging, 587
analyzing firewall logs, 619–623buffered messages, displaying, 597destinations, verifying, 614logging ACL activity, 617–619logging to secure Syslog server with SSL,
604–611manually testing, 615pruning messages, 615–616sending messages to ASDM management
application, 613sending messages to email address, 611–
613setting severity levels, 587time stamp synchronization, 588
logging timestamp, 604severity levels, changing, 616syslog
severity level 1 alerts, 799-802severity level 2 critical messages, 802-803severity level 3 error messages, 804-815severity level 4 warning messages,
815-821severity level 5 notifications, 821-822
severity level 6 informational messages, 827-832
severity level 7 debugging messages, 831-845
system messages, format, 588MGCP inspection, configuring, 465, 467MGCP map, configuring, 467MIBs, 252, 255
monitoring firewall activity, 251–252objects, 253
mode multiple command, 172modifying message severity levels, 616monitor screen length/width, changing, 34monitoring
ACLs, 380–382active shun activity, 383address translations, 709–714administrative sessions, 244–245capture sessions, 673–674connections, 711–716firewall activity with SNMP, 251–252
traps, 255firewall configuration changes, 722–723stateful failover, 514–516xlate entries based on local address, 710
MOTD banners, configuring on user interface, 243–244
MPF (Modular Policy Framework), defining security policies, 397–398
mroutes, 142MSS (maximum segment size), configuring, 71MTU (maximum transmission unit), interface
configuration, 70–71multicast, 126–127
boundaries, configuring, 142–143IGMP
configuring, 147–149verifying operation, 151–152
OUI values, 127PIM, 130–131, 136
configuring, 137–141verifying operation, 152–155
PIM-SM, 131–134RP designation, 136–137
routingmulticast trees, 128RPF, 128–129
multicast
862
SMRconfiguring, 145–147example configuration, 150
multicast groups, 126multicast trees, 128multiple-context mode, 158, 313
classifiers, 160configuring, 170–173initiating, 172–173navigating multiple security contexts, 173–174resource allocation, 185–186
Nnaming format for downloadable ACLs, 299NAT
Bidirectional, 328identity NAT, configuring, 338–340policy NAT, configuring, 335–338
NAT exemption, 327configuring, 340–341
navigating multiple security contexts, 173–174NBNS (NetBIOS Name Service), configuring
NetBIOS inspection, 468neighbor advertisements, IPv6 configuration,
65–66neighbor discovery, IPv6 configuration, 64–65NetBIOS inspection, configuring, 468network object groups, defining, 364–365non-IP protocol forwarding policy, configuring
on transparent firewall, 321–322notifications (syslog), 821-827NTP (Network Time Protocol), setting internal
clock, 584–586
Oobject groups, 352
applying to ACLs, 373–379defining, 363–364enhanced service object groups, defining,
370–373ICMP type, defining, 367–369network object groups, defining, 364–365protocol object groups, defining, 365–367
service object groups, defining, 369–370operating system
of active-standby failover pair, upgrading, 520–524
downloading image from monitor prompt, 202–206
identifying image in Flash memory, 200–201upgrading image, 205–210
operators, 356optimizing Syslog servers, 589options (commands), entering, 29OSPF (Open Shortest Path First)
Areas, subnet notation, 107configuring, 105–112example configuration, 115–116prefix lists, configuring, 108redistribution, configuring, 112–115static route redistribution, configuring, 114virtual links, 109
OUI (Organizationally Unique Identifier) values, 127, 168
outbound access, 323–324outbound connections, 4
UDP/TCP limitations, 329–330xlate lookup, 7
output interface queues, 73–74outside interfaces, 2–3
address spoofing, 5–6Outside NAT, 328
Ppacket capture, 19Packet Capture Wizard, enabling packet capture
sessions in ASDM, 683–685packet classifiers, 160Packet Tracer feature, verifying firewall
connectivity, 692–694Packet Tracer tool, invoking, 694packets
fragments, handling, 71–73ICMP, stateful inspection of, 10–13IPv4, Protocol field, 787–788TCP, stateful inspection of, 15–19UDP, stateful inspection of, 13–15
multicast
863
parametersof conn table entries, 7–8for xlate table entries, 6
partitions, accessing ASA Flash memory, 194–195passwords, recovering
ASA, 302–305FWSM, 307–308PIX, 303–307
PAT (Port Address Translation), 326dynamic PAT, configuring, 342–346
PDM (PIX Device Manager)accessing firewall user interface, 238–242image file, copying into Flash memory,
238–239perfmon counters, checking firewall throughput,
643–645permitting ICMP time-exceeded messages, 704physical interfaces, mapping
to contexts, 158–161to logical interfaces, 178
PIM (Protocol Independent Multicast), 130–131bidirectional mode, 135configuring, 137–141neighbor filtering, configuring, 143–144
bidirectional configuring, 144shared trees, 132Sparse Mode, 131–134verifying operation, 152–155Version 1, 136
PIM-SM, RP designation, 136–137ping command, 481
example, 696permitting on ASA and PIX platforms, 696
PIXfailover pair capabilities, 39passwords, recovering, 306–307
PIX 6.3, displaying flash files, 200policy maps
default policies, defining, 421–423defining, 406–420
policy NAT, configuring, 335–338POP3 inspection policies, configuring on CSC
SSM, 765–766content filtering, 768–769spam detection, 767–768
port numbers, 790–791corresponding Cisco firewall keywords,
791–794predefined logging messages, 591–592preempt command, 489prefix advertisements (IPv6), configuring, 66–67preventing
IP address spoofing, 84–86VLAN hopping, 80–81
primary failover unit, configuring, 485–488priority queuing
configuring, 75–77displaying information, 77
privilege levels, 262accessing, 263assigning
to commands, 268–271to users, 265
privileged EXEC mode, 28processes, calculating runtime differences,
630–632promiscuous monitoring, 780protecting DMZ, 22Protocol field, 787
corresponding Cisco firewall keywords, 788protocol object groups, defining, 365–367pruning messages, 615–616
Q-Rqueuing
priority queuingconfiguring, 75–77displaying information, 77
transmit ring, 7
R (Restricted) license, 39RADIUS
accounting inspection, configuring, 468–469user authorization, configuring, 294–295
rate-limiting logging messages, 593reachability, testing, 91–95recalling commands, 32recompiling access lists, 353
recompiling access lists
864
recovering passwordsASA, 302–305FWSM, 307–308PIX, 303–307
recurring keyword (clock summer-time command), 583
redistribution, configuring OSPF, 112–115redundant interface groups, 474redundant interfaces, configuring, 48–49registering firewall licenses, 39regular expressionsregular expressions
application inspection, text matching, 433–437operators, 33performing searches on, 32–33
reloading firewalls, 246–247after specific time interval, 247–248
remark ACEs, adding to ACLs, 359–360remote command execution, 519removing
ACEs from ACLs, 358–359directories in Flash memory, 199static routes, 88
renamingACLs, 359files in Flash memory, 198
repairing CSC SSM initial configuration, 738–740
requirements for active-active failover, 482–484resetting
ACL hit counters, 382application partition passwords, 308failed firewall unit, 517level 0 passwords, 263
resources, allocating to contexts, 185–191restricting
access to management traffic, 23ICMP traffic, 23
RFC 2827, 5RFC Sourcebook, 787RIP (Routing Information Protocol)
configuring on firewall, 95–97verifying configuration, 96–97
route lookups, 531route maps (OSPF), configuring, 112–115routed firewall mode, 311router mode (CSM), 550
routing information sources, 83routing IP multicast, 128–129routing tables, checking connectivity, 700RP (Rendezvous Point), 131RPF (Reverse Path Forwarding), 84, 128–129
enabling, 85preventing IP address spoofing, 85–86
running configuration, 478configuration commands, entering manually,
218copying across failover pair, 217–218displaying, 214merging configuration commands with startup
configuration, 219–221saving to Flash memory, 214–215saving to TFTP server, 216–217
runtime differences, calculating on processes, 630–632
Ssame-security access, 324–325same-security-traffic command, 323saving
firewall crash information, 248–249running configuration to Flash memory,
214– 215running configuration to TFTP server, 216–217
scheduling firewall reloads, 247screen paging, disabling, 34searching for regular expressions, 32–33security contexts, 158security levels
assigning to interfaces, 54on FWSM, 316
security policiesbest practices, 21–23defining in MPF, 397–398
"security wheel", 23selecting startup configuration, 212–213sending Syslog messages with TCP, 602server reactivation policies, defining, 274service contact port, 791service object groups, defining, 369–370
recovering passwords
865
setting system clockmanually, 582–583with NTP, 584–586
severity levels, 587changing, 616setting for message logging, 587severity level 1 alerts, 799-802severity level 2 critical messages, 802-803severity level 3 error messages, 804-815severity level 4 warning messages, 815-821severity level 5 notifications, 821-827severity level 6 informational messages,
827-837severity level 7 debugging messages, 832-845
shared trees, 131-132sharing inside context interfaces, 161–164show activation-key command, 170, 518show admin-context command, 191show arp command, 68–69show arp-inspection command, 320show blocks command, 516, 634show conn command, 326, 713show dhcprelay statistics command, 125show failover command, 497, 508–513, 521show firewall command, 312show flash command, 200show interface command, 176, 515show ipv6 interface command, 67show local-host command, 715show logging command, 614, 622show memory detail command, 634show mode command, 171show pim topology command, 153show processes command, 629show resource allocation command, 189show rip command, 96–97show running-config all command, 30show service-policy command, 427, 645show shun statistics command, 383show tech-support command, 692show traffic command, 514show version command, 34–36show xlate command, 709–714shunning traffic, 382–384
example, 384–386
shunsconfiguring, 382–384verifying connectivity, 718–720
signature database file (AIP SSM), updating, 774–776
single-context mode, 158site-local addresses, 61SLA (service level agreement) monitor process,
configuring, 89–92SMR (stub multicast router), 128
configuring, 145–147example configuration, 150
SMTP inspection policies, configuring on CSC SSM, 755–758
mail handling, 763–765SMTP filtering, 758–759spam detection, 759–762
SNMP (Simple Network Management Protocol)accounting inspection, configuring, 470–471configuring, 256–259MIBs, 253, 255monitoring firewall activity, 251–252traps, 255–256
software load balancing, IOS FWLB, 530–531configuring, 531–540displaying information, 546–549example, 540–546
source address, spoofing, 5spam
detecting in POP3 e-mail, 767–768SMTP inspection, configuring, 759–762
SPAN (switch port analyzer), configuring traffic capture sessions, 687
Sparse Mode (PIM), 131sparse mode (PIM)
shared trees, 132specifications of Cisco firewalls, 20–21spoofed IP addresses, preventing, 84–86SPT (shortest path tree), 135SSH (Secure Shell), accessing firewall user
interface, 235–237SSL (Secure Sockets Layer), secure Syslog server
logging, 604–611
SSL (Secure Sockets Layer)
866
SSM modules4GE SSM, 725AIP SSM, 725
configuring, 769–772IPS policies, configuring, 777–780license, updating, 773–774managing, 773signature database file, updating, 774–
776CSC SSM, 725
automatic updates, configuring, 741–743configuring, 729–738FTP inspection policies, configuring,
753–755initial configuration, repairing, 738–740inspection policies, configuring, 744–753management interface, connecting to,
740–741POP3 inspection policies, configuring,
765–769SMTP inspection policies, configuring,
755–764initial configuration, 726–729
startup configuration, 478configuration commands, merging with running
configuration commands, 219–221displaying, 213–214environment variable, displaying, 212erasing configuration commands from, 218managing, 211–213selecting, 212–213
stateful backup, 531stateful failover, 481
configuring, 492–497monitoring, 514–516
stateful inspection, 7, 9of ICMP, 10–11
case study, 12–13packet classifiers, 160resources, checking, 636–638of TCP, 15–18
TCP normalization, 18–19of UDP, 13–15
stateless backup, 531stateless failover, 481static ARP entries, clearing, 319static command, 327
static NAT, 326, 331–334static routes
configuring, 86–89reachability, testing, 93–95redistributing into OSPF, 114removing, 88SLA monitor process, configuring, 89–92
stealth firewalls, 312sticky connections, 532stratum, 581structure of flash file system hierarchy, 195–196stub routers, 126subinterface number, 51–52supported translation types on Cisco firewalls,
326–327switch ports, configuring, 485synchronizing time stamps on logging messages,
588syntax errors, 31Syslog, 19
firewall logs, collecting, 21–23firewall throughput, checking, 639messages
sending with TCP, 602severity level 1 alerts, 799-802severity level 2 critical messages, 802-803severity level 3 error messages, 804-815severity level 4 warning messages,
815-821severity level 5 notifications, 821-827severity level 6 informational messages,
827-837severity level 7 debugging messages,
831-845secure logging with SSL, 604–611servers, optimizing, 589viewing recent messages, 626–627
system execution space, 158, 169features, 169–170
system messages, EMBLEM format, 588system name (contexts), displaying, 176system resources, checking, 627
failover performance, 646–655firewall CPU load, 627–632firewall interface throughput, 655–665firewall memory usage, 633–636
SSM modules
867
firewall throughput, 638–645inspection engine activity, 645–646stateful inspection resources, 636–638
TTACACS+ servers
authorizing user activity, 291–293enable authentication support, 281
TCPconnections
monitoring, 711–716embryonic connections, 18, 330–331half-closed connections, 18half-open connections, 17
ISNs, 331MSS, configuring, 71sending Syslog messages, 602stateful inspection, 15–18
TCP normalization, 18–19TCP intercept, 18TCP normalization, 18Telnet, accessing firewall user interface, 234terminal screen width, adjusting, 34terminal width command, 34termination of TCP connections, 17test crashinfo files, generating, 249testing
address reachability, 91connectivity
with ARP cache, 698–700with ping packets, 695–696
IPv6 connectivity, 67–68logging message generation, 615reachability, 93–95
"testing mode", 480–481TFTP server, saving running configuration to,
216–217three-way handshakes, 15throughput, checking, 638–645time stamps, synchronizing on logging messages,
588timed reactivation, 274time-based ACEs, 356time-exceeded messages (ICMP), permitting, 704timers
CPU utilization, 629Holdtime, setting, 491idle uauth timer, 9
toggling failover roles, 655topologies, 77–79
bypass links, 81–83traceroute
disrupting, 705performing on ASA, 703–705verifying firewall connectivity, 700–703
trafficcapture sessions, enabling on VLAN inside
switch chassis, 686– 689classifying, 398–406controlling
to/from medium-security interfaces, 349– 352
with ACLs, 348–349shunning, 382–384
example, 384–386traffic counters, checking firewall throughput,
640–643traffic inspection, configuring on CSC SSM,
730–733translation table size, checking, 636–637translations
conditional, 335dynamic NAT, configuring, 341–346dynamic PAT, configuring, 342–346identity NAT, configuring, 338–340NAT exemption, configuring, 340–341policy NAT, configuring, 335–338static NAT, 331–334xlate table entries
clearing, 717timeout values, adjusting, 717–718
transmit ring, 76transparent firewall mode, 312–314
ARP inspection, 314interface support, 312
transparent firewallsaccess lists, configuring, 321ARP inspection, configuring, 319–321configuring, 314–317interface speed, configuring, 315MAC address learning process, configuring,
318–319
transparent firewalls
868
management address, configuring, 317–319non-IP protocol forwarding policy, configuring,
321–322traps (SNMP), 255–256triggering a firewall reload, 246–247
after specific time interval, 247–248troubleshooting logging buffer content uploads to
FTP server, 598trunk link attributes, 46trunks, displaying contents, 675–676tuning OSPF, 110Turbo ACLs
compiling, 352recompiling, 353
Uuauth
absolute uauth timer, 9verifying firewall connectivity, 720–722
UDPConnections, monitoring, 711–716stateful inspection, 13–15
unicast traffic, 126unique MAC addresses, assigning to physical
interfaces, 167–168unlocking firewall features, 39updating
AIP SSM license, 773–774AIP SSM signature database file, 774–776DDNS database, 121
upgradingactive-standby failover pair, 520–524failover pair with AUS, 524image files, 211licenses, 39
activation keys, 40–41operating system image, 205–210
uploading logging buffer contents to FTP, 598UR (Unrestricted) license, 39URL blocking, configuring on CSC SSM, 745–
746URL filtering, configuring on CSC SSM, 746–750URLs, RFC Sourcebook, 787user activity, generating audit trails, 245user activity accounting, configuring, 300
user authentication. See uauthuser contexts, 158user EXEC mode, 28user interface
accessingwith console connection, 232–233with SSH, 235, 237with Telnet, 234
administrative sessions, monitoring, 244–245command history, 32commands
abbreviating, 30editing, 30entering, 29
context-based help, 31regular expressions
operators, 33searching for, 32–33
user interface modes, 28configuration mode, 29privileged EXEC mode, 28user EXEC mode, 28
user management (Cisco firewalls)with AAA servers, 272–280
administrative users, 280–287end-user cut-through proxy, 287–301
generic users, 262accounting, 263–264authentication, 262–263
with local database, 264–265accounting local user activity, 272firewall command access, authorizing,
267–272local user authentication, 265–267
VVACL (VLAN ACLs), enabling traffic capture
sessions, 688–689verifying
address translation, 709–714based on local addresses, 710
Auto Update client operation, 227connections, 711–716DDNS configuring, 123–124downloadable ACLs, 299
transparent firewalls
869
failover communication, 647–650failover roles, 646–647firewall connectivity, 691–692
ACLs, 705–707checking ARP cache, 698–700checking routing table, 700checking Uauth, 720–722with Packet Tracer feature, 692–694testing with ping packets, 695–696with traceroute, 700–703
Flash memory system integrity, 199IGMP multicast operation, 151–152message logging activity, 614packets passing through interfaces via capture
sessions, 666–676PIM multicast routing, 152–155rip configuration, 96–97
viewingactive commands, 29boot image setting, 201buffered messages, 597configured contexts, 174context information, 191context mode, 171failover statistics, 508–513firewall crash information, 250–251list of firewall features, 34priority queuing information, 77running configuration, 214startup configuration, 213–214Syslog information, 626–627
virtual links, 109virtual sensors, configuring on AIP SSM, 781–785VLAN groups, defining on FWSM, 47VLAN hopping, 79–80
preventing, 80–81VLAN inline pair configuration, 781VLAN number, assigning to logical interface,
52–53VLANs
logical interfaces, 51–52traffic, capturing inside switch chassis, 686–689
VPN users, 261
Wwarning messages (syslog), 815-821WCCPv2, 396–397weighted least connections algorithm, 557weighted round robin algorithm, 557well-known port numbers, service contact port,
791wildcards, specifying for ACLs, 355write mem command, 42
X-Y-Zxlate table, 6
entries, 325clearing, 717locating based on local addresses, 710parameters, 6verifying, 709–714
lookups, 7size, checking, 636–637timeout values, adjusting, 717–718
zero downtime upgrade, 479, 519
zero downtime upgrade
