Command Reference |
CLI Commands |
Supported |
Unsupported |
Error |
Ignored |
Discarded |
Not Used |
aaa accounting |
aaa accounting include | exclude acctg_service inbound | outbound | if_name local_ip local_mask foreign_ip foreign_mask group_tag
Note Include and exclude are not supported, but can be manually converted to an ACL.
|
PIX Firewall
|
|
|
X
|
|
|
|
FWSM
|
|
|
X
|
|
|
|
aaa accounting match acl_name inbound | outbound | if_name group_tag
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
aaa authentication |
aaa authentication include | exclude authen_service inbound | outbound | if _name local_ip local_mask foreign_ip foreign_mask group_tag
Note Include and exclude are not supported, but can be manually converted to an ACL.
|
PIX Firewall
|
|
|
X
|
|
|
|
FWSM
|
|
|
X
|
|
|
|
aaa authentication match acl_name inbound | outbound | if_name group_tag
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
aaa authentication [enable | telnet | ssh | http] console group_tag
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
|
aaa authentication [serial | enable | telnet | ssh | http] console group_tag
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
aaa authentication secure-http-client
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
aaa authorization |
aaa authorization command {LOCAL | tacacs_server_tag}
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
aaa authorization include | exclude author_service inbound | outbound | if_name local_ip local_mask foreign_ip foreign_mask
Note Include and exclude are not supported, but can be manually converted to an ACL.
|
PIX Firewall
|
|
|
X
|
|
|
|
FWSM
|
|
|
X
|
|
|
|
aaa authorization match acl_name inbound | outbound | if_name group_tag
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
aaa mac-exempt |
aaa mac-exempt match id
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
aaa proxy-limit |
aaa proxy-limit proxy limit | disable
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
aaa-server |
aaa-server group_tag (if_name) host server_ip key timeout seconds
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
aaa-server group_tag protocol auth_protocol
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
aaa-server radius-acctport port
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
aaa-server radius-authport port
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
debug radius session
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
access-group |
access-group acl_ID in interface interface_name
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
access-list |
access-list [acl_ID] compiled
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
access-list deny-flow-max n
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
|
access-list alert-interval secs
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
access-list id [deny | permit] icmp {source_addr | local_addr} {source_mask | local_mask} {destination_addr | remote_addr} {destination_mask | remote_mask} icmp_type
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
access-list id {deny | permit} icmp {source_addr | local_addr} {source_mask | local_mask} | interface if_name | object-group network_obj_grp_id {destination_addr | remote_addr} {destination_mask | remote_mask} | interface if_name | object-group network_obj_grp_id [icmp_type | object-group icmp_type_obj_grp_id] [log [[disable | default] | [level]]] [interval secs]]
|
PIX
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
access-list id {deny | permit} icmp {source_addr | local_addr} {source_mask | local_mask} | object-group network_obj_grp_id {destination_addr | remote_addr} {destination_mask | remote_mask} | object-group network_obj_grp_id [icmp_type | object-group icmp_type_obj_grp_id]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
|
access-list id {deny | permit}{protocol | object-group protocol_obj_grp_id {source_addr | local_addr} {source_mask | local_mask} | object-group network_obj_grp_id [operator port [port] | interface if_name | object-group service_obj_grp_id] {destination_addr | remote_addr} {destination_mask | remote_mask} | object-group network_obj_grp_id [operator port [port] | object-group service_obj_grp_id]} [log [[disable | default] | [level]]] [interval secs]]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
access-list id deny|permit {any | <ip> <mask>}
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
access-list id remark text
|
PIX Firewall
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
|
|
X
|
debug access-list all | standard
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
debug access-list all | standard | turbo
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
activation-key |
activation-key activation-key-four-tuple
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
alias |
alias [(if_name)] dnat_ip foreign_ip [netmask]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
arp |
arp if_name ip_address mac_address [ alias ]
|
PIX Firewall
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
X
|
|
|
arp timeout seconds
|
PIX Firewall
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
X
|
|
|
auth-prompt |
auth-prompt [ accept | reject | prompt ] string
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
auto-update |
auto-update device-id harware-serial | hostname | ipaddress [if_name] | mac-address [if_name] string text
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
auto-update poll-period poll_period [retry_count [retry_period]]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
auto-update server url [verify_certificate]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
|
auto-update timeout period
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
banner |
banner {exec | login | motd} text
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ca |
ca authenticate ca_nickname [fingerprint]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
ca configure ca_nickname ca | ra retry_period retry_count [crloptional]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
ca crl request ca_nickname
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
ca enroll ca_nickname challenge_password [serial] [ipaddress]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
ca generate rsa {key | specialkey} key_modulus_size
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
ca identity ca_nickname ca_ipaddress[:ca_script_location] [ldap_ip address]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
|
ca save all
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
ca subject-name ca_nickname X.500_string
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ca verifycertdn X.500_string
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ca zeroize rsa [keypair_name]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
ca generate rsa key |
ca generate rsa key modulus
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
capture |
capture capture_name [access-list acl_name][buffer bytes] [ethernet-type type][interface name] [packet-length bytes] [circular-buffer]
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
clear |
clear file configuration | pdm | pki
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
clock |
clock set hh:mm:ss {day month | month day} year
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
clock summer-time zone recurring [week weekday month hh:mm week weekday month hh:mm] [offset]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
clock summer-time zone date {day month | month day} year hh:mm {day month | month day} year hh:mm [offset]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
clock timezone zone hours [minutes]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
conduit |
Note Conduits rely on the converter tool to translate conduits and outbounds to access-list commands.
|
conduit permit | deny protocol global_ip global_mask [operator port [port]] foreign_ip foreign_mask [operator port [port]]
|
PIX Firewall
|
|
|
X
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
conduit permit | deny icmp global_ip global_mask foreign_ip foreign_mask [icmp_type]
|
PIX Firewall
|
|
|
X
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
|
conduit deny | permit protocol | object-group protocol_obj_grp_id global_ip global_mask | object-group network_obj_grp_id [operator port [port] | object-group service_obj_grp_id] foreign_ip foreign_mask | object-group network_obj_grp_id [operator port [port] | object-group service_obj_grp_id]
|
PIX Firewall
|
|
|
X
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
conduit deny | permit icmp global_ip global_mask | object-group network_obj_grp_id foreign_ip foreign_mask | object-group network_obj_grp_id [icmp_type | object-group icmp_type_obj_grp_id]
|
PIX Firewall
|
|
|
X
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
configure |
configure factory-default [inside_ip_address [address_mask]]
Note Applies to PIX 501 and PIX 506/506E only.
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
configure floppy
Note Applies only to older PIX Firewalls that have a floppy drive.
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
configure http[s] :// [user:password@] location [ :port ] / http_pathname
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
configure memory
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
|
configure net [[server_ip]:[filename]]
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
configure terminal
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
console |
console timeout number
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
copy
|
copy capture: capture_name tftp://location/path [pcap]
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
copy http[s]://[user:password@] location [:port ] / http_pathname flash [: [image | pdm] ]
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
copy tftp[:[[//location] [/tftp_pathname]]] flash[:[image | pdm]]
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
crashinfo |
crashinfo test
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
|
crashinfo force [page-fault | watchdog]
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
crashinfo save [enable | disable]
|
PIX Firewall
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
|
|
X
|
crypto dynamic-map |
crypto dynamic-map dynamic-map-name dynamic-seq-num match address acl_name
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
crypto dynamic-map dynamic-map-name dynamic-seq-num set peer hostname | ip-address
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
crypto dynamic-map dynamic-map-name dynamic-seq-num set pfs [group1 | group2]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
crypto dynamic-map dynamic-map-name dynamic-seq-num set security-association lifetime seconds seconds | kilobytes kilobytes
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
crypto dynamic-map dynamic-map-name dynamic-seq-num set transform-set transform-set-name1 [ transform-set-name9]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
crypto ipsec |
crypto ipsec security-association lifetime seconds seconds | kilobytes kilobytes
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
crypto ipsec transform-set transform-set-name transform1 [transform2 [transform3]]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
crypto ipsec transform-set transform-set-name mode transport
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
crypto map |
crypto map map-name client [token] authentication aaa-server-name
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
crypto map map-name client configuration address initiate | respond
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
crypto map map-name interface interface-name
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
crypto map map-name seq-num ipsec-isakmp | ipsec-manual [dynamic dynamic-map-name]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
|
crypto map map-name seq-num match address acl_name
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
crypto map map-name seq-num set peer hostname | ip-address
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
crypto map map-name seq-num set pfs [group1 | group2]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
crypto map map-name seq-num set security-association lifetime seconds seconds | kilobytes kilobytes
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
crypto map map-name seq-num set session-key inbound | outbound ah spi hex-key-string
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
crypto map map-name seq-num set session-key inbound | outbound esp spi cipher hex-key-string [authenticator hex-key-string]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
crypto map map-name seq-num set transform-set transform-set-name1 [transform-set-name6]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
debug |
debug
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
dhcpd |
dhcpd address ip1[-ip2] [if_name]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
dhcpd auto_config [client_ifx_name]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
dhcpd dns dns1 [dns2]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
dhcpd domain domain_name
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
dhcpd enable [if_name]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
dhcpd lease lease_length
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
dhcpd option 66 ascii {server_name | server_ip_str}
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
|
dhcpd option 150 ip server_ip1 [server_ip2]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
dhcpd ping timeout timeout
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
dhcpd wins wins1 [wins2]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
dhcprelay |
dhcprelay enable client_ifc
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
dhcprelay server dhcp_server_ip server_ifc
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
dhcprelay setroute client_ifc
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
dhcprelay timeout seconds
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
disable |
disable
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
domain-name |
domain-name name
|
PIX Firewall
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
|
|
X
|
eeprom |
eeprom update
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
enable |
enable [priv_1evel]
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
enable password [pw] [encrypted]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
enable password [pw] [level priv_level] [encrypted]
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
established |
established dest_protocol [src_port] [permitto protocol port [-port]] [permitfrom protocol port [-port]]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
X
|
|
|
|
exit |
exit
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
failover |
failover
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
failover active
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
failover ip address if_name ip_address
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
failover lan enable
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
failover lan interface if_name
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
failover lan key key_secret
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
failover lan unit primary | secondary
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
failover link [stateful_if_name]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
|
failover mac address mif_name act_mac stn_mac
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
failover poll seconds
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
failover replicate http
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
failover reset
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
failover timeout seconds
|
PIX Firewall
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
|
|
X
|
filter |
filter activex port local_ip mask foreign_ip mask
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
filter ftp dest-port local_ip local_mask foreign_ip foreign_mask [allow] [interact-block]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
|
filter https dest-port local_ip local_mask foreign_ip foreign_mask [allow]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
|
filter java port[-port] local_ip mask foreign_ip mask
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
filter url [port[-port]] local_ip local_mask foreign_ip foreign_mask [allow]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
filter url [http | port[-port]] local_ip local_mask foreign_ip foreign_mask [allow]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
filter url [http | port[-port]] local_ip local_mask foreign_ip foreign_mask [allow] [proxy-block] [longurl-truncate | longurl-deny] [cgi-truncate]
Note Syntax errors are generated on [proxy-block] [longurl-truncate | longurl-deny] [cgi-truncate]
|
PIX Firewall
|
|
|
X
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
filter url except local_ip local_mask foreign_ip foreign_mask
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
X
|
|
|
|
fixup protocol |
fixup protocol ctiqbe 2748
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
|
fixup protocol esp-ike
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
fixup protocol ftp [strict] [port]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
fixup protocol http [port[-port]]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
fixup protocol h323 {h225 | ras} port [-port]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
fixup protocol icmp error
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
fixup protocol ils [port[-port]]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
fixup protocol mgcp [port [-port]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
fixup protocol pptp 1723
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
|
fixup protocol rsh [514]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
fixup protocol rtsp [port]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
fixup protocol sip [port[-port]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
fixup protocol sip udp [5060]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
fixup protocol skinny [port[-port]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
fixup protocol smtp [port[-port]]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
fixup protocol sqlnet [port[-port]]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
flashfs |
flashfs downgrade {4.x | 5.0 | 5.1}
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
floodguard |
floodguard enable
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
floodguard disable
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
fragment |
Note Fragments can be imported correctly, but will generate commands per interface only.
|
fragment size database-limit [interface]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
fragment chain chain-limit [interface]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
fragment timeout seconds [interface]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
global |
global [(if_name)] nat_id {global_ip [-global_ip] [netmask global_mask]} | interface
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
help |
help
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
hostname |
hostname newname
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
http |
http ip_address [netmask] [if_name]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
http server enable
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
icmp |
icmp permit | deny [host] src_addr [src_mask] [type] int_name
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
igmp |
Note See the multicast command for igmp subcommands.
|
interface |
Note See also router interface command reference for ospf subcommand support.
|
interface interface_name
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
interface hardware_id [hardware_speed] [shutdown]
|
PIX Firewall OS
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
interface hardware_id vlan_id [logical | physical] [shutdown]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
|
interface hardware_id change-vlan old_vlan_id new_vlan_id
|
PIX Firewall
|
|
|
X
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ospf authentication [message-digest | null]
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
ospf authentication-key password
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
ospf cost interface_cost
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
ospf database-filter all out
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
ospf dead-interval seconds
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
ospf hello-interval seconds
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
ospf message-digest-key key-id md5 key
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
|
ospf mtu-ignore
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
ospf priority number
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
ospf retransmit-interval seconds
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
ospf transmit-delay seconds
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
ip address |
ip address if_name ip_address [netmask]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
ip address outside dhcp [setroute] [retry retry_cnt]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
ip address if_name pppoe [setroute]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ip address if_name ip_address netmask pppoe [setroute]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ip audit |
ip audit attack [action [alarm] [drop] [reset]]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ip audit info [action [alarm] [drop] [reset]]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ip audit interface if_name audit_name
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ip audit name audit_name attack [action [alarm] [drop] [reset]]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ip audit name audit_name info [action [alarm] [drop] [reset]]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ip audit signature signature_number disable
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ip local pool |
ip local pool pool_name pool_start-address[-pool_end-address]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ip prefix-list |
Note See also prefix-list commands.
|
ip prefix-list list-name [seq seq-value] {deny | permit network/length}[ge ge-value] [le le-value]
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
ip prefix-list sequence-number
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
ip verify reverse-path |
ip verify reverse-path interface int_name
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
isakmp |
isakmp client configuration address-pool local pool-name [interface-name]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
isakmp enable interface-name
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
isakmp identity {address | hostname}
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
isakmp identity {address | hostname | [key-id key_id_string]}
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
|
isakmp keepalive seconds [retry_seconds]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
isakmp key keystring address peer-address [netmask mask] [no-xauth] [no-config-mode]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
isakmp nat-traversal [natkeepalive]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
isakmp peer fqdn fqdn no-xauth no-config-mode
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
isakmp policy |
isakmp policy priority authentication pre-share | rsa-sig
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
isakmp policy priority encryption aes | aes-192| aes-256 | des | 3des
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
isakmp policy priority group1 | 5
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
|
isakmp policy priority group1 | 2 | 5
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
isakmp policy priority hash md5 | sha
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
isakmp policy priority lifetime seconds
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
kill |
kill
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
logging |
logging on
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
logging buffered level
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
logging console level
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
logging device-id {hostname | ipaddress if_name | string text}
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
|
logging facility facility
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
logging history level
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
logging host [in_if_name] ip_address [protocol/port]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
logging host [in_if_name] ip_address [protocol/port] format emblem
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
logging message syslog_id
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
X
|
|
|
|
|
|
logging message syslog_id [level level]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
logging monitor level
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
logging queue queue_size
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
|
logging standby
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
logging timestamp
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
logging trap level
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
login |
login
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
mac-list |
mac-list id deny | permit mac macmask
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
management- access |
management-access mgmt_if
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
mgcp |
mgcp call-agent ip_address group_id
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
mgcp command-queue limit
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
|
mgcp gateway ip_address group_id
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
mroute |
mroute src smask in-if-name dst dmask out-if-name
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
multicast |
multicast interface interface_name [max-groups number]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
igmp forward interface interface_name
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
igmp access-group acl_id
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
igmp join-group group
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
igmp max-groups number
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
igmp query-interval seconds
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
|
igmp query-max-response-time seconds
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
igmp version {1 | 2}
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
mtu |
mtu if_name bytes
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
name/names |
name ip_address name
|
PIX Firewall
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
X
|
|
|
names
|
PIX Firewall
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
X
|
|
|
nameif |
nameif vlan_id if_name security_level
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
nameif {hardware_id | vlan_id} if_name security_level
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
nat
|
nat [(if_name)] id address [netmask][norandomseq] [timeout hh:mm:ss] [conn_limit [em_limit]]]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
nat [(if_name)] nat_id local_ip [netmask [max_conns [em_limit]]] [norandomseq]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
nat [(if_name)] id address [netmask [outside] [dns] [norandomseq] [timeout hh:mm:ss] [conn_limit [em_limit]]]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
nat [(if_name)] 0 access-list acl_name
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
ntp |
ntp authenticate
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ntp authentication-key number md5 value
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ntp server ip_address [key number] source if_name [prefer]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
|
ntp trusted-key number
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
object-group |
Note Support for service groups within object grouping is limited. Service groups are successfully parsed, but flatten immediately. This affects commands with keywords icmp-type, protocol, and service.
|
object-group grp_id
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
object-group icmp-type grp_iddescription description_text icmp-group icmp_type
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
object-group network grp_id description description_text network-object host host_addr network-object host_addr netmask
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
object-group protocol grp_id description description_text protocol-object protocol
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
object-group service grp_id {tcp | udp | tcp-udp} description description_text port-object eq service port-object range begin_service end_service
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
outbound / apply |
Note Outbounds rely on the converter tool to translate outbounds and conduits to access-list commands.
|
apply [(if_name)] list_ID outgoing_src | outgoing_dest
|
PIX Firewall
|
|
|
X
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
outbound list_ID permit | deny ip_address [netmask [port[-port]] [protocol]
|
PIX Firewall
|
|
|
X
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
outbound list_ID except ip_address [netmask [port[-port]] [protocol]
|
PIX Firewall
|
|
|
X
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
pager |
pager [lines number]
|
PIX Firewall
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
X
|
|
|
password |
{password | passwd} password [encrypted]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
pdm |
pdm history enable
|
PIX Firewall
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
X
|
|
|
pdm history [view {all | 12h | 5d | 60m | 10m}] [snapshot] [feature {all | blocks | cpu | failover | ids | interface if_name | memory | perfmon | xlates}] [pdmclient]
|
PIX Firewall
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
X
|
|
|
|
pdm location ip_address netmask if_name
|
PIX Firewall
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
X
|
|
|
pdm logging [level [messages]]
|
PIX Firewall
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
X
|
|
|
perfmon |
perfmon verbose
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
perfmon interval seconds
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
perfmon quiet
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
perfmon settings
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
ping |
ping [if_name] ip_address
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
prefix-list |
Note See also ip prefix-list commands.
|
prefix-list list_name [seq seq_value] {permit | deny prefix / len} [ge min_value] [le max_value]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
prefix-list sequence-number
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
privilege |
privilege [show | clear | configure] level level [mode enable | configure] command command
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
quit |
quit
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
reload |
reload
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
reload noconfirm
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
rip |
rip if_name default | passive [version [1 | 2]] [authentication [text | md5 key (key_id)]]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
route |
route if_name ip_address netmask gateway_ip [metric]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
route-map |
route-map map_tag [permit | deny] [seq_num]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
match [interface | route-type | metric | ip address | ip next-hop | ip route-source]
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
set metric [+ | -] metric_value
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
set metric-type type-1 | type-2 | internal | external
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
set ip next-hop ip-address [ip-address...]
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
|
X
|
|
|
|
|
router ospf |
router ospf pid
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
area area_id
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
|
area area_id authentication [message-digest]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
area area_id default-cost cost
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
area area_id filter-list prefix {prefix_list_name in | out}
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
area area_id nssa [no-redistribution] [default-information-originate [metric-type 1 | 2] [metric metric_value]] [no-summary]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
area area_id range ip_address netmask [advertise | not-advertise]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
area area_id stub [no-summary]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
area area_id virtual-link router_id [authentication [message-digest | null]] [hello-interval seconds] [retransmit-interval seconds] [transmit-delay seconds] [dead-interval seconds] [authentication-key password] [message-digest-key id md5 password]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
|
compatible rfc1583
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
default-information originate [always] [metric metric_value] [metric-type {1 | 2}] [route-map map_name]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
distance ospf [intra-area d1][inter-area d2][external d3]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
ignore lsa mospf
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
log-adj-changes [detail]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
network prefix ip_address netmask area area_id
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
redistribute {static | connected} [metric metric_value ] [metric-type metric_type] [route-map map_name] [tag tag_value] [subnets]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
|
redistribute ospf pid [match {internal | external [1|2] | nssa-external [1|2]}] [metric metric_value ] [metric-type metric_type] [route-map map_name] [tag tag_value] [subnets]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
router-id ip_address
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
summary-address addr netmask [not-advertise] [tag tag_value]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
timers {spf spf_delay spf_holdtime | lsa-group-pacing seconds}
|
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
routing interface |
routing interface interface_name
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ospf authentication [message-digest | null]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ospf authentication-key password
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
|
ospf cost interface_cost
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ospf database-filter all out
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ospf dead-interval seconds
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ospf hello-interval seconds
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ospf message-digest-key key-id md5 key
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ospf mtu-ignore
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ospf priority number
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
ospf retransmit-interval seconds
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
|
ospf transmit-delay seconds
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
service |
service resetinbound | resetoutside
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
session |
session enable
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
setup |
setup
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
show |
show
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
shun |
shun src_ip [dst_ip sport dport [protocol]]
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
snmp-server |
snmp-server community key
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
snmp-server {contact | location} text
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
|
snmp-server host [if_name] ip_addr [trap | poll]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
snmp-server enable traps
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
ssh |
ssh ip_address [netmask] [interface_name]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
ssh disconnect session_id
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
ssh timeout mm
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
static |
static [(prenat_interface, postnat_interface)] {mapped_address | interface} real_address [netmask mask] [norandomseq] [connection_limit [em_limit]]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
static [(prenat_interface, postnat_interface)] {mapped_address | interface} real_address dns [netmask mask] [norandomseq] [connection_limit [em_limit]]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
syslog |
syslog
Note Deprecated in PIX Firewall OS Version 6.2.
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
sysopt |
sysopt connection permit-pptp | permit-l2tp | permit-ipsec
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
sysopt connection tcpmss bytes
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
sysopt connection tcpmss minimum bytes
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
sysopt connection timewait
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
sysopt ipsec pl-compatible
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
sysopt nodnsalias inbound | outbound
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
|
sysopt noproxyarp if_name
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
sysopt radius ignore-secret
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
sysopt route dnat
Note This command is deprecated in PIX OS Version 6.3.
|
PIX Firewall
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
X
|
|
|
sysopt security fragguard
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
sysopt uauth allow-http-cache
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
telnet |
telnet ip_address [netmask] [if_name]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
telnet timeout minutes
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
terminal |
terminal monitor
|
PIX Firewall
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
X
|
|
|
terminal width characters
|
PIX Firewall
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
X
|
|
|
tftp-server |
tftp-server [if_name] ip _address path
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
timeout |
timeout [xlate [hh:mm:ss]] [conn [hh:mm:ss]] [half-closed [hh:mm:ss]] [udp [hh:mm:ss]] [rpc [hh:mm:ss]] [h225 [hh:mm:ss]] [h323 [hh:mm:ss]] [mgcp hh:mm:ss] [sip [hh:mm:ss]] [sip_media [hh:mm:ss]][uauth [hh:mm:ss] [absolute | inactivity]]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
url-block |
url-block block block_buffer_limit
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
url-block url-mempool memory_pool_size
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
url-block url-size long_url_size
Note Websense only.
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
url-cache |
url-cache {dst | src_dst} size kbytes
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
X
|
|
|
|
|
|
url-server |
url-server [(if_name)] vendor n2h2 host local_ip [port number] [timeout seconds] [protocol {TCP | UDP}]
Note N2H2 only.
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
url-server [(if_name)] vendor websense host local_ip [timout seconds] [protocol {TCP | UDP} version]
Note Websense only.
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
url-server [(if_name)] host local_ip [timeout seconds] [protocol {TCP | UDP} version]
Note Websense only.
|
PIX Firewall
|
|
|
|
|
|
X
|
FWSM
|
X
|
|
|
|
|
|
username |
username username {[{nopassword | password password} [encrypted]] [privilege level]}
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
|
X
|
virtual |
virtual http ip_address [warn]
|
PIX Firewall
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
X
|
|
|
|
virtual telnet ip_address
|
PIX Firewall
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
X
|
|
|
vpdn |
vpdn enable if_name
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
vpdn group group_name [[accept dialin pptp | l2tp]] | [ppp encryption mppe 40 | 128| auto [required]] | [ client configuration address local address_pool_name ] | [client configuration dns dns_ip1 [dns_ip2]] | [ client configuration wins wins_ip1 [wins_ip2]] | [client authentication local | aaa auth_aaa_group] | [ client accounting acct_aaa_group] | [pptp echo echo_time] | [ l2tp tunnel hello hello_time]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
vpdn username name password passwd store-local
|
PIX Firewall (PPPoE only)
|
X
|
|
|
|
|
|
PIX Firewall (all other instances)
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
|
|
X
|
vpdn username name password passwd
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
vpdn group group_name localname username
|
PIX Firewall (PPPoE only)
|
X
|
|
|
|
|
|
PIX Firewall (all other instances)
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
|
|
X
|
|
vpdn group group_name request dialout pppoe
|
PIX Firewall (PPPoE only)
|
X
|
|
|
|
|
|
PIX Firewall (all other instances)
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
|
|
X
|
vpdn group group_name ppp authentication PAP | CHAP | MSCHAP
|
PIX Firewall (PPPoE only)
|
X
|
|
|
|
|
|
PIX Firewall (all other instances)
|
|
|
|
X
|
|
|
FWSM
|
|
|
|
|
|
X
|
vpnclient |
vpnclient vpngroup group_name password preshared_key
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
vpnclient username xauth_username password xauth_password
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
vpnclient server ip_primary [ip_secondary_1, ip_sendary_2, ..., ip_secondary_n]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
vpnclient mac-exempt mac_addr_1 mac_mask_1 [mac_addr_2 mac_mask_2]
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
vpnclient mode client-mode | network-extension-mode
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
|
vpnclinet enable
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
vpnclient management {[tunnel {ip_addr_1| ip_mask_1} [{ip_addr_2 | ip_mask_1}...]] | [clear]}
|
PIX Firewall
|
X
|
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
vpnclient connect
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
vpnclient disconnect
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
|
|
|
|
X
|
vpngroup |
vpngroup group_name address-pool pool_name
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
vpngroup group_name authentication-server server_tag
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
vpngroup group_name backup-server {{ip1 [ip2 ... ip10]} | clear}
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
|
vpngroup group_name default-domain domain_name
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
vpngroup group_name device-pass-through
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
vpngroup group_name dns-server dns_ip_prim [dns_ip_sec]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
vpngroup group_name idle-time idle_seconds
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
vpngroup group_name max-time max_seconds
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
vpngroup group_name password preshared_key
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
vpngroup group_name pfs
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
|
vpngroup group_name split-dns domain_name1 [domain_name2, domain_name3, ..., domain_name8]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
vpngroup group_name split-tunnel acl_name
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
vpngroup group_name user-authentication
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
vpngroup group_name user-idle-timeout user_idle_seconds
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
vpngroup group_name wins-server wins_ip_prim [wins_ip_sec]
|
PIX Firewall
|
|
X
|
|
|
|
|
FWSM
|
|
X
|
|
|
|
|
who |
who [local_ip]
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
write |
write net [[server_ip]:[filename]]
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
|
write floppy
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
write memory | floppy [uncompressed]
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
write standby
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|
write terminal
|
PIX Firewall
|
|
|
|
|
X
|
|
FWSM
|
|
|
|
|
X
|
|