45-18
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 45 Managing Firewall Devices
Configuring Firewall Device Interfaces
Device Interface: IP Type (PIX 6.3)
A PIX 6.3 security device requires IP addressing for its interfaces; however, firewall interfaces do not
have IP addresses until you assign them.
The Add/Edit Interface dialog box presented for a PIX 6.3 security device includes the section IP Type,
where you specify the type of IP addressing for the interface and provide related parameters, as described
here. See Add/Edit Interface Dialog Box (PIX 6.3), page 45-15 for information about the other sections
of the dialog box.
Note The IP Type options presented for other security appliances are described in Device Interface: IP Type
(PIX/ASA 7.0+), page 45-36.
Step 1 In the Add/Edit Interface dialog box, choose a method for address assignment from the IP Type list, and
then provide related parameters, as follows:
Static IP – Provide a static IP Address and Subnet Mask that represents the security device on this
interface’s connected network. The IP address must be unique for each interface.
The Subnet mask can be expressed in dotted decimal format (for example, 255.255.255.0), or by
entering the number of bits in the network mask (for example, 24). Do not use 255.255.255.254 or
255.255.255.255 for an interface connected to the network because this will stop traffic on that
interface. If you omit the Subnet Mask value, a “classful” network is assumed, as follows:
The Class A netmask (255.0.0.0) is assumed if the first octet of the IP Address is 1 through 126
(i.e., addresses 1.0.0.0 through 126.255.255.255).
The Class B netmask (255.255.0.0) is assumed if the first octet of the IP Address is 128 through
191 (i.e., addresses 128.0.0.0 through 191.255.255.255).
The Class C netmask (255.255.255.0) is assumed if the first octet of the IP Address is 192
through 223 (i.e., addresses 192.0.0.0 through 223.255.255.255).
Note Do not use addresses previously used for routers, hosts, or any other firewall device
commands, such as an IP address in the global pool or a static NAT entry.
Roles For more information on roles and how to define and use them, see
Understanding Interface Role Objects, page 6-67.
All interface roles assigned to this interface are listed in this field. Role
assignments are based on pattern matching between the Name given to
this interface and all currently defined Interface Role objects in Cisco
Security Manager.
Interface role objects are replaced with the actual interface IP addresses
when the configuration is generated for each device. They allow you to
define generic rules—ones that can apply to multiple interfaces.
For more information on roles and how to define and use them, see
Understanding Interface Role Objects, page 6-67.
Table45-2 Add/Edit Interface Dialog Box (PIX 6.3) (Continued)
Element Description