Professional Documents
Culture Documents
Getting Started-Lecture2
Getting Started-Lecture2
• Privileged firewall#
• Configuration firewall<config>#
• Monitor monitor>
Internet
firewall>
enable [priv_level]
• Used to control access to the privileged mode
• Enables you to enter other access modes
pixfirewall> enable
password:
pixfirewall#
firewall#
configure terminal
• Used to start configuration mode to enter
configuration commands from a terminal
firewall#
exit
• Used to exit from an access mode
pixfirewall> enable
password:
pixfirewall# configure terminal
pixfirewall(config)# exit
pixfirewall# exit
pixfirewall>
USAGE:
enable [<priv_level>]
DESCRIPTION:
startup- running-
config config
(default)
firewall(config)#
startup- running-
config config
(default)
firewall#
write erase
• Clears the startup configuration
firewall(config)#
reload [noconfirm] [cancel] [quick] [save-config]
[max-hold-time [hh:]mm [{in [hh:]mm |
{at hh:mm [{month day} | {day month}]}] [reason
text]
• Reboots the security appliance and reloads the configuration
• Reboots can be scheduled
fw1# reload
Proceed with reload?[confirm] y
Rebooting...
10.0.0.11
firewall# dir
Directory of flash:/
firewall# dir
Directory of flash:/
firewall(config)#
10.0.0.11
Boot Image
flash:/pix-701.bin
firewall(config)#
show bootvar
• Display the system boot image.
DMZ Network
Ethernet2
• Security level 50
• Interface name = DMZ
e2
Internet
e0 e1
Boston
Server
Dallas
Server
pixfirewall(config)#
hostname newname
• Changes the hostname in the PIX Firewall CLI
prompt
pixfirewall(config)# hostname Boston
Boston(config)#
Ethernet2
e2
Internet
e0 e1
Ethernet0 Ethernet1
firewall(config)#
interface hardware_id
• Specifies a perimeter interface and its slot location on the
firewall
e2
Internet
e0 e1
Ethernet0 Ethernet1
• Interface name = outside • Interface name = inside
firewall(config-if)#
e2
Internet
e0 e1
Ethernet0
• Interface name = outside
• IP address = 192.168.1.2
firewall(config-if)#
Internet
e0
Ethernet0
• Interface name = outside
• IP address = DHCP
firewall(config-if)#
e2
Internet
e0 e1
Ethernet0
• Interface name = outside
• IP address = 192.168.1.2
• Security level = 0
firewall(config-if)#
security-level number
• Assigns a security level to the interface
e2
Internet
e0 e1
Ethernet0
• Speed =100
• Duplex = full
firewall(config-if)#
speed [hardware_speed]
duplex [duplex_operation]
e2
Internet
e0 e1
Ethernet0
• Management = only
firewall(config-if)#
management-only
no management-only
• To set an interface to accept management traffic only
NAT
192.168.0.20 10.0.0.11
Internet
10.0.0.11
192.168.10 .11
Outside Inside
Mapped Pool Local 10.0.0.4
Translation Table
192.168.0.20 10.0.0.11
NAT
192.168.0.20 10.0.0.11
Internet
10.0.0.11
200.200.200.11
Outside Inside
Mapped Pool Local 10.0.0.4
Translation Table
192.168.0.20 10.0.0.11
Internet
10.0.1.11
192.168.0.1 10.0.0.102
10.0.1.4
firewall(config)#
“bastionhost”
172.16.0.2
.2
172.16.0.0
.1 “insidehost”
10.0.0.0
10.0.0.11
.1 .11
firewall(config)#
fw1(config)# names
fw1(config)# name 172.16.0.2 bastionhost
fw1(config)# name 10.0.0.11 insidehost
show interface
fw1# show interface
Interface GigabitEthernet0/0 "outside", is up, line protocol is up
Detected: Speed 100 Mbps, Full-duplex
Requested: Auto
MAC address 000b.fcf8.c538, MTU 1500
IP address 192.168.1.2, subnet mask 255.255.255.0
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
input queue (curr/max blocks): hardware (0/0) software (0/0)
output queue (curr/max blocks): hardware (0/0) software (0/0)
Received 0 VLAN untagged packets, 0 bytes
Transmitted 0 VLAN untagged packets, 0 bytes
Dropped 0 VLAN untagged packets
firewall#
show memory
• Displays system memory usage information
Internet
10.0.0.11
10.0.0.4
firewall#
firewall#
show version
• Displays the security appliance’s software version, operating time
since its last reboot, processor type, Flash memory type, interface
boards, serial number (BIOS identification), and activation key value.
172.16.6.0
.1
192.168.6.0 10.0.6.0 10.1.6.0
Internet .2 .1 .1
Ethernet2
• Interface name = dmz
• Security level = 50
e2
Internet
e0 e1
Ethernet0 Ethernet1
• Interface name = outside • Interface name = inside
• Security level = 0 • Security level = 100
Internet
10.0.0.11
192.168.0.20 10.0.0.11
Outside Inside
mapped pool local 10.0.0.4
Xlate Table
192.168.0.20 10.0.0.11
firewall#
show xlate
• Displays the contents of the translation slots
Internet
10.0.0.11
10.0.0.4
firewall#
ping host
• Determines whether other IP addresses are visible from
the security appliance
e2
Internet
e0 e1
Internet
10.0.0.11
Wed 23-Jul-03
21:00
10.0.0.4
firewall#