45-14
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 45 Managing Firewall Devices
Configuring Firewall Device Interfaces
src-port – Source TCP/UDP port only.
vlan-dst-ip – Destination IP address and VLAN ID pairing.
vlan-dst-ip-port – Combination of destination IP address, TCP/UDP port, and VLAN ID.
vlan-only – VLAN ID only.
vlan-src-dst-ip – Source and destination IP address, and VLAN ID.
vlan-src-dst-ip-port – Source and destination IP address, TCP/UDP port, and VLAN ID.
vlan-src-ip – Source IP address and VLAN ID.
vlan-src-ip-port – Source IP address, TCP/UDP port, and VLAN ID.
Managing Device Interfaces, Hardware Ports, and Bridge Groups
The Interfaces page displays the interfaces, subinterfaces, redundant interfaces, virtual interfaces
(VLANs), and EtherChannel interfaces, as well as the hardware ports and bridge groups, configured on
the selected device, and lets you add, edit and delete them.
The types of interface available depend on device type, operating system version, and mode (routed or
transparent). For example, EtherChannel interfaces are available only on ASA 8.4.1 and later devices, in
both routed and transparent mode. See Understanding Device Interfaces, page 45-3 for more
information.
Note The Interfaces page displayed for ASA 5505 devices presents two tabbed panels: Interfaces and
Hardware Ports. Similarly, the Interfaces page displayed for both Firewall Services Modules (FWSMs),
version 3.1 and later, and ASAs version 8.4.1 and later, operating in transparent mode also present two
tabbed panels: Interfaces and Bridge Groups. Links to configuration information for these features are
included in the following procedure.
Each security device must be configured, and each active interface must be enabled. Inactive interfaces
can be disabled. When disabled, the interface does not transmit or receive data, but its configuration
information is retained.
If you bootstrapped a new security device, the set-up feature configures only the addresses and names
associated with the inside interface. You must define the remaining interfaces on that device before you
can specify access and translation rules for traffic traversing that security device.
Transparent firewall mode allows only two interfaces to pass traffic; however, if your platform includes
a dedicated management interface, you can use it (either the physical interface or a subinterface) as a
third interface for management traffic.
Follow these general steps to manage security-device interfaces and related options. You can add, edit
and delete configured interfaces, subinterfaces, redundant interfaces, virtual interfaces (VLANs),
EtherChannel interfaces, hardware ports, and bridge groups, according to the type of device selected.
Step 1 Ensure Device View is your present application view; if necessary, click the Device View button on the
toolbar.
Note For more information on using the Device View to configure device policies, see Managing
Policies in Device View and the Site-to-Site VPN Manager, page 5-28).