45-42
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 45 Managing Firewall Devices
Configuring Firewall Device Interfaces
Field Reference
Advanced Interface Settings (PIX/ASA/FWSM)
Advanced configuration options are available for interfaces on FWSMs and ASA/PIX 7.0+ devices
operating in single-context mode and for ASA 9.0+ devices operating in single-context mode or
multi-context mode.
These are general device-related settings; that is, they are not applied to individual interfaces.
Note The information in this section does not apply to PIX 6.3 devices, nor to security devices in
multiple-context mode.
The Advanced Interface Settings dialog box includes the following elements:
MAC Address Auto - Enable this option to automatically assign private MAC addresses to each
shared context interface. You can also, optionally, set a user-defined prefix as part of the MAC
address. The prefix is a decimal value between 0 and 65535. If you do not enter a prefix, then the
Table45-9 Add/Edit Bridge Group Dialog Box
Element Description
Name Enter a name for this bridge group.
ID Enter an identifier for this bridge group; can be an integer between 1
and 100.
Interface A Choose the first interface or VLAN to assign to this bridge group; all
interfaces defined on the Interfaces panel are listed.
Interface B Choose the second interface or VLAN to assign to this bridge group; all
interfaces defined on the Interfaces panel are listed.
Interface C
Interface D
Choose the third and fourth interfaces or VLANs to assign to this
bridge group; all interfaces defined on the Interfaces panel are listed.
Note These two options are available only on ASA 8.4.1 and later
devices operating in transparent mode.
IP Address Enter or Select a management IP address for the bridge group. A
transparent firewall does not participate in IP routing. Thus, the only IP
configuration required for a bridge group is this management IP
address. This address is the source address for traffic originating on the
security appliance, such as system messages or communications with
AAA servers. You can also use this address for remote management
access.
Note IPv6 addresses are not supported for bridge groups.
Netmask Network mask for the specified IP address. You can express the value
in dotted decimal format (for example, 255.255.255.0) or by entering
the number of bits in the network mask (for example, 24).
Note Do not use 255.255.255.254 or 255.255.255.255 for an
interface connected to the network because this will stop traffic
on that interface.
Description You can enter an optional description for this bridge group.