Table Of Contents

Supported Devices, OS Versions and Commands for Management Center for
Firewalls 1.3.1

Supported Devices

Support for PIX Firewall and Firewall Services Module CLI Commands

Summary of Commands Not Supported

Supported Devices, OS Versions and Commands for Management Center for
Firewalls 1.3.1

---

Revised: July 20, 2004

This document includes:

• Supported Devices

• Support for PIX Firewall and Firewall Services Module CLI Commands

• Summary of Commands Not Supported

Supported Devices

Table 1 lists the devices and platform OS versions supported by Management Center for Firewalls (Firewall MC) 1.3.1.

Table 1 Devices 

Series	Devices Supported	Software
Cisco PIX Firewall Series	PIX 501, PIX 506, PIX 506E, PIX 515, PIX 515E, PIX 525, PIX 535	PIX OS Version: 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.2, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.3, 6.3.1, 6.3.2, 6.3.3.
FWSM	N/A	FWSM OS Version: 1.1.1, 1.1.2, 1.1.3, 2.1.0, 2.1.1, 2.2, 2.2.1.

Support for PIX Firewall and Firewall Services Module CLI Commands

PIX Firewall and Firewall Services Module (FWSM) CLI commands receive different levels of support from Firewall MC 1.3. You should fully understand the level of support that each command receives from Firewall MC; this understanding enables you to use commands or command combinations in PIX Firewall and FWSM configuration files so that import operations and deployment jobs succeed.

The levels of support provided by Firewall MC are:

•Supported—Firewall MC fully supports the command. It can import and deploy a configuration with the command.

•Unsupported—Firewall MC does not support the command. Based on the value of the Action on Unknown commands setting (Configuration > MC Settings > Management), Firewall MC generates an error or places the command as an ending command.

•Error—Commands in this category interact unpredictably with Firewall MC features that may be configured in the user interface. If a command in this category appears in a configuration during import or during deploy to device, Firewall MC generates an error and the import fails.

•Ignored—Commands in this category do not interact with features configured in the Firewall MC user interface. These commands are copied verbatim during import as an ending command.

•Discarded—Commands in this category are discarded upon import.

•Deprecated—Commands in this category are supported in beginning and ending commands, but can result in overlapping commands with unexpected results. These commands have been outdated by newer CLI constructs and might become obsolete in future versions of CLI. We recommend that you not use deprecated commands.

•Not Used—The command is not designed for use with a particular platform.

---

Note To access ending commands, select Configuration > Device Settings > Configuring Additions > Ending Commands.

---

Command descriptions shown in Table 2 use these conventions:

•Braces ({ }) indicate a required choice.

•Square brackets ([ ]) indicate optional elements.

•Vertical bars ( | ) separate alternative, mutually exclusive elements.

Table 2 Firewall MC 1.3.1 CLI Commands Support Status 

Command Reference	CLI Commands	Supported	Unsupported	Error	Ignored	Discarded	Not Used
aaa accounting	aaa accounting include | exclude acctg_service inbound | outbound | interface_name local_ip local_mask foreign_ip foreign_mask group_tag Note Include and exclude are not supported, but can be manually converted to an ACL.
	PIX Firewall			X
	FWSM			X
	aaa accounting match acl_name inbound | outbound | interface_name group_tag
	PIX Firewall	X
	FWSM	X
aaa authentication	aaa authentication include | exclude authen_service inbound | outbound | if _name local_ip local_mask foreign_ip foreign_mask group_tag Note Include and exclude are not supported, but can be manually converted to an ACL.
	PIX Firewall			X
	FWSM			X
	aaa authentication match acl_name inbound | outbound | interface_name group_tag
	PIX Firewall	X
	FWSM	X
	aaa authentication [serial | enable | telnet | ssh | http] console group_tag
	PIX Firewall	X
	FWSM	X
	aaa authentication secure-http-client
	PIX Firewall	X
	FWSM	X
aaa authorization	aaa authorization command {LOCAL | tacacs_server_tag}
	PIX Firewall		X
	FWSM		X
	aaa authorization include | exclude author_service inbound | outbound | interface_name local_ip local_mask foreign_ip foreign_mask Note Include and exclude are not supported, but can be manually converted to an ACL.
	PIX Firewall			X
	FWSM			X
	aaa authorization match acl_name inbound | outbound | interface_name group_tag
	PIX Firewall	X
	FWSM	X
aaa mac-exempt	aaa mac-exempt match id
	PIX Firewall		X
	FWSM		X
aaa proxy-limit	aaa proxy-limit proxy limit | disable
	PIX Firewall		X
	FWSM		X
aaa-server	aaa-server group_tag (interface_name) host server_ip key timeout seconds
	PIX Firewall	X
	FWSM	X
	aaa-server group_tag protocol auth_protocol
	PIX Firewall	X
	FWSM	X
	aaa-server radius-acctport port
	PIX Firewall		X
	FWSM		X
	aaa-server radius-authport port
	PIX Firewall		X
	FWSM		X
	debug radius session
	PIX Firewall					X
	FWSM					X
access-group	access-group acl_ID in interface interface_name
	PIX Firewall	X
	FWSM	X
	[no] access-group access-list in interface interface_name [per-user-override]
	PIX Firewall			X
	FWSM						X
access-list	Note The optional line number arguments are not supported. These arguments will never appear in show config; they are used as an active command to allow you to edit the ACLs inline.
	access-list [ acl_ID ] compiled Note Once defined, it is applied globally.
	PIX Firewall	X
	FWSM	X
	access-list deny-flow-max n
	PIX Firewall	X
	FWSM	X
	access-list alert-interval secs
	PIX Firewall	X
	FWSM	X
	access-list id [deny | permit ] icmp {source_addr | local_addr} {source_mask | local_mask} {destination_addr | remote_addr} {destination_mask | remote_mask } icmp_type
	PIX Firewall	X
	FWSM						X
	access-list id [ deny | permit ] icmp host sip | sip smask | object-group network_obj_grp_id dip dmask | object-group network_obj_grp_id [ icmp_type | object-group icmp_type_obj_grp_id ] [ log [ disable ] | [ level ] | [ default ] [ interval secs ]]
	PIX Firewall						X
	FWSM	X
	access-list id {deny | permit} icmp {source_addr | local_addr} {source_mask | local_mask} | interface interface_name | object-group network_obj_grp_id {destination_addr | remote_addr} {destination_mask | remote_mask} | interface interface_name | object-group network_obj_grp_id [icmp_type | object-group icmp_type_obj_grp_id] [log [[disable | default] | [level]]] [interval secs]] Note The interface argument is not supported and results in an error during import.
	PIX	X
	FWSM						X
	access-list acl_ID { deny | permit } protocol {source_addr | local_addr} {source_mask | local_mask}[operator port [port] { destination_addr | remote_addr } { destination_mask | remote_mask } [ operator port  [ port ]
	PIX	X
	FWSM						X
	access-list id {deny | permit}{protocol | object-group protocol_obj_grp_id {source_addr | local_addr} {source_mask | local_mask} | object-group network_obj_grp_id [operator port [port] | interface interface_name | object-group service_obj_grp_id] {destination_addr | remote_addr} {destination_mask | remote_mask} object-group network_obj_grp_id [operator port [port] | object-group service_obj_grp_id]} [log [[disable | default] | [level]]] [interval secs]] Note The interface argument is not supported and results in an error during import.
	PIX Firewall	X
	FWSM						X
	access-list id deny|permit {any | <ip> <mask>}
	PIX Firewall						X
	FWSM		X
	access-list id extended deny  | permit protocol | object-group protocol_obj_grp_id host sip | sip smask | object-group network_obj_grp_id [ operator <port> [<port>] | object-group service_obj_grp_id ] dip dmask | object-group network_obj_grp_id [ operator <port> [ <port> ] | object-group service_obj_grp_id ] [ log [ disable ] | [ level ] | [ default ] [ interval secs ]]
	PIX Firewall						X
	FWSM	X
	access-list id remark text Note This command is discarded on import. Your annotations will be lost; however, the import will succeed.
	PIX Firewall					X
	FWSM					X
	debug access-list all | standard | turbo
	PIX Firewall					X
	FWSM					X
	access-list id object-group-search Note This command might not be added to the epilog in Firewall MC because Firewall MC could modify the ACL name during deployment. If the object-group-search command is in the epilog, its ACL name might not match the one Firewall MC deploys.
	PIX Firewall					X
	FWSM						X
	access-list mode auto-commit|manual-commit Note Firewall MC automatically generates this command during deployment.
	PIX Firewall						X
	FWSM					X
	access-list commit
	PIX Firewall					X
	FWSM					X
activation-key	activation-key activation-key-four-tuple
	PIX Firewall					X
	FWSM					X
admin-context	admin-context admin-context-name
	PIX Firewall						X
	FWSM		X
alias	alias [(interface_name) ] dnat_ip foreign_ip [ netmask ]
	PIX Firewall		X
	FWSM		X	X (L2)
allocate- interface	[no] allocate-interface vlan number[ -vlan number ] [ context_alias [ -context_alias]]
	PIX Firewall						X
	FWSM		X
area	[no] area area_id {authentication [message-digest]} | { default-cost cost } | { filter-list prefix { prefix_list_name in | out }} | { range ip_address netmask [ advertise | not-advertise ]}
	PIX Firewall		X
	FWSM		X
	[no] area area_id nssa [ no-redistribution ] [ default-information-originate [metric-type 1 | 2 ] [ metric metric_value ]] [ no-summary ]
	PIX Firewall		X
	FWSM		X
	area area_id stub [ no-summary ]
	PIX Firewall		X
	FWSM		X
	[no] area area_id { virtual-link router_id } [authentication [ message-digest  | null ]] [ hello-interval seconds ] [ retransmit-interval seconds ] [ transmit-delay seconds ] [ dead-interval seconds ] [ authentication-key password ] [ message-digest-key id md5 password ]
	PIX Firewall		X
	FWSM		X
arp	arp interface_name ip_address mac_address [ alias ]
	PIX Firewall				X
	FWSM				X
	arp timeout seconds
	PIX Firewall				X
	FWSM				X
arp-inspection	[no] arp-inspection
	PIX Firewall						X
	FWSM				X
auth-prompt	auth-prompt [ accept | reject | prompt ] string
	PIX Firewall	X
	FWSM	X
auto-update	auto-update device-id harware-serial | hostname | ipaddress [ interface_name ] | mac-address [ interface_name ] string text
	PIX Firewall	X
	FWSM						X
	auto-update poll-period poll_period [ retry_count [ retry_period ]]
	PIX Firewall	X
	FWSM						X
	auto-update server url [ verify_certificate ]
	PIX Firewall	X
	FWSM						X
	auto-update timeout period
	PIX Firewall	X
	FWSM						X
banner	banner {exec | login | motd} text
	PIX Firewall				X
	FWSM				X
ca	ca authenticate ca_nickname [ fingerprint ]
	PIX Firewall				X
	FWSM				X
	ca configure ca_nickname ca | ra retry_period retry_count [ crloptional ]
	PIX Firewall				X
	FWSM				X
	ca crl request ca_nickname
	PIX Firewall				X
	FWSM				X
	ca enroll ca_nickname challenge_password [ serial] [ ipaddress ]
	PIX Firewall				X
	FWSM				X
	ca generate rsa { key | specialkey} key_modulus_size
	PIX Firewall				X
	FWSM				X
	ca identity ca_nickname ca_ipaddress[ :ca_script_location ] [ ldap_ip address ]
	PIX Firewall				X
	FWSM				X
	ca save all
	PIX Firewall				X
	FWSM				X
	ca subject-name ca_nickname X.500_string
	PIX Firewall				X
	FWSM				X
	ca verifycertdn X.500_string
	PIX Firewall				X
	FWSM				X
	ca zeroize rsa [ keypair_name ]
	PIX Firewall				X
	FWSM				X
ca generate rsa key	ca generate rsa key modulus
	PIX Firewall				X
	FWSM						X
capture	capture capture_name [ access-list acl_name ][ buffer bytes ] [ ethernet-type type ][ interface name ] [ packet-length bytes ] [ circular-buffer ]
	PIX Firewall					X
	FWSM					X
cd	cd [ disk: ] [ path ]
	PIX Firewall						X
	FWSM					X
changeto	changeto {system | context name}
	PIX Firewall						X
	FWSM					X
class	[no] class name
	PIX Firewall						X
	FWSM		X
clear	clear file configuration | pdm | pki
	PIX Firewall					X
	FWSM					X
clock	clock set hh:mm:ss {day month | month day} year
	PIX Firewall					X
	FWSM						X
	clock summer-time zone recurring [ week weekday month hh:mm week weekday month hh:mm ] [ offset ]
	PIX Firewall				X
	FWSM						X
	clock summer-time zone date { day month  | month day } year hh:mm { day month | month day } year hh:mm [ offset ]
	PIX Firewall				X
	FWSM						X
	clock timezone zone hours [ minutes ]
	PIX Firewall		X
	FWSM						X
conduit	Note Conduits rely on the converter tool to translate conduits and outbounds to access-list commands. Otherwise, errors result during import.
	conduit { permit | deny } protocol global_ip global_mask [ operator port [ port ]] foreign_ip foreign_mask [ operator port  [ port ]]
	PIX Firewall			X
	FWSM			X
	conduit permit | deny icmp global_ip global_mask foreign_ip foreign_mask [icmp_type]
	PIX Firewall			X
	FWSM			X
	conduit deny | permit protocol | object-group protocol_obj_grp_id global_ip global_mask | object-group network_obj_grp_id [operator port [port] | object-group service_obj_grp_id] foreign_ip foreign_mask | object-group network_obj_grp_id [operator port [port] | object-group service_obj_grp_id]
	PIX Firewall			X
	FWSM			X
	conduit deny | permit icmp global_ip global_mask | object-group network_obj_grp_id foreign_ip foreign_mask | object-group network_obj_grp_id [icmp_type | object-group icmp_type_obj_grp_id]
	PIX Firewall			X
	FWSM			X
compatible rfc1583	[no] compatible rfc1583
	PIX Firewall		X
	FWSM		X
configure	configure factory-default [inside_ip_address [address_mask]] Note Applies to PIX 501 and PIX 506/506E only.
	PIX Firewall					X
	FWSM						X
	configure floppy Note Applies only to older PIX Firewalls that have a floppy drive.
	PIX Firewall					X
	FWSM						X
	configure http[s] :// [user:password@] location [ :port ] / http_pathname
	PIX Firewall					X
	FWSM					X
	configure memory
	PIX Firewall					X
	FWSM					X
	configure net [[server_ip]:[filename]]
	PIX Firewall					X
	FWSM					X
	configure terminal
	PIX Firewall					X
	FWSM					X
config-url	[no] config-url url
	PIX Firewall						X
	FWSM		X
console timeout	console timeout number
	PIX Firewall	X
	FWSM	X
context	[no] context name
	PIX Firewall						X
	FWSM		X
copy	copy capture: capture_name tftp://location/path [ pcap ]
	PIX Firewall					X
	FWSM					X
	copy disk: [ path ]  tftp [:[[ //location ][ /pathname ]]] copy disk: [ path ]  disk:[ path ] copy disk: [ path ] flash[:[ image | pdm ]] copy disk: [ path ] [ startup-config  | running-config ] copydisk: [ path ] ftp:// [ user [ :password ]@] location/pathname [ ;type=xx ]
	PIX Firewall						X
	FWSM					X
	copy flash [:[ image | pdm ]] tftp [:[[ //location ][ /pathname ]]] copy flash :[ image | pdm ]] disk: [ path ]
	PIX Firewall						X
	FWSM					X
	copy http[s]://[ user:password@] location [:port ] / http_pathname flash [: [ image | pdm] ]
	PIX Firewall					X
	FWSM					X
	copy running-config startup-config
	PIX Firewall						X
	FWSM					X
	copy [ startup-config | running-config ] disk: [path] copy startup-config running-config copy [ startup-config | running-config ] tftp[:[[//location][/pathname]]]
	PIX Firewall						X
	FWSM					X
	copy tftp[:[[//location] [/tftp_pathname]]] flash[:[image | pdm]]
	PIX Firewall					X
	FWSM					X
crashinfo	crashinfo test
	PIX Firewall					X
	FWSM					X
	crashinfo force [page-fault | watchdog]
	PIX Firewall					X
	FWSM					X
	crashinfo save [enable | disable]
	PIX Firewall				X
	FWSM				X
crypto dynamic-map	[no] crypto dynamic-map dynamic-map-name dynamic-seq-num subcommand
	PIX Firewall						X
	FWSM		X
	[no] crypto dynamic-map dynamic-map-name dynamic-seq-num match address acl_name
	PIX Firewall	X
	FWSM						X
	crypto dynamic-map dynamic-map-name dynamic-seq-num set peer hostname | ip-address
	PIX Firewall	X
	FWSM						X
	crypto dynamic-map dynamic-map-name dynamic-seq-num set pfs [ group1 | group2 ] group5 ]
	PIX Firewall	X
	FWSM						X
	crypto dynamic-map dynamic-map-name dynamic-seq-num set security-association lifetime seconds seconds | kilobytes kilobytes
	PIX Firewall	X
	FWSM						X
	crypto dynamic-map dynamic-map-name dynamic-seq-num set transform-set transform-set-name1 [ transform-set-name9 ]
	PIX Firewall	X
	FWSM						X
crypto ipsec	crypto ipsec security-association lifetime seconds seconds | kilobytes kilobytes
	PIX Firewall	X
	FWSM		X
	crypto ipsec transform-set transform-set-name transform1 [transform2 [ transform3 ]]
	PIX Firewall	X
	FWSM						X
	crypto ipsec transform-set transform-set-name mode transport
	PIX Firewall	X
	FWSM						X
	[no] crypto ipsec transform-set transform-set-name {{ transform1 [transform2 [transform3]]} | mode transport }
	PIX Firewall						X
	FWSM		X
	crypto ipsec transform-set transform-set-name [ah-md5-hmac | ah-sha-hmac] [esp-aes | esp-aes-192 | esp-aes-256 | esp-des | esp-3des | esp-null] [esp-md5-hmac | esp-sha-hmac]
	PIX Firewall						X
	FWSM		X
crypto map	crypto map map-name client [token] authentication aaa-server-name
	PIX Firewall	X
	FWSM		X
	crypto map map-name client configuration address initiate | respond
	PIX Firewall	X
	FWSM		X
	crypto map map-name interface interface-name
	PIX Firewall	X
	FWSM		X
	crypto map map-name seq-num ipsec-isakmp | ipsec-manual [dynamic dynamic-map-name]
	PIX Firewall	X
	FWSM		X
	crypto map map-name seq-num ipsec-manual [dynamic dynamic-map-name]
	PIX Firewall			X
	FWSM						X
	crypto map map-name seq-num match address acl_name
	PIX Firewall	X
	FWSM		X
	crypto map map-name seq-num set peer hostname | ip-address
	PIX Firewall	X
	FWSM		X
	crypto map map-name seq-num set pfs [group1 | group2]
	PIX Firewall	X
	FWSM		X
	crypto map map-name seq-num set security-association lifetime seconds seconds | kilobytes kilobytes
	PIX Firewall	X
	FWSM		X
	crypto map map-name seq-num set session-key inbound | outbound ah spi hex-key-string
	PIX Firewall			X
	FWSM		X
	crypto map map-name seq-num set session-key inbound | outbound esp spi cipher hex-key-string [ authenticator hex-key-string]
	PIX Firewall			X
	FWSM		X
	crypto map map-name seq-num set transform-set transform-set-name1 [transform-set-name6]
	PIX Firewall	X
	FWSM		X
dbg	[no] dbg block sub-block
	PIX Firewall						X
	FWSM		X
debug	debug
	PIX Firewall					X
	FWSM					X
default- information originate	default-information originate [ always] [ metric metric_value] [ metric-type {1 | 2}] [route-map map_name]
	PIX Firewall						X
	FWSM		X
delete	delete [/recursive] [/force] [disk:] path
	PIX Firewall						X
	FWSM		X
description	[no] description
	PIX Firewall						X
	FWSM		X
dhcpd	dhcpd address ip1[-ip2] [interface_name]
	PIX Firewall	X
	FWSM	X
	dhcpd auto_config [client_ifx_name]
	PIX Firewall	X
	FWSM	X
	dhcpd dns dns1 [dns2]
	PIX Firewall	X
	FWSM	X
	dhcpd domain domain_name
	PIX Firewall	X
	FWSM	X
	dhcpd enable [interface_name] Note PIX Firewall OS version 6.3 allows you to enable dhcp on any interface; however, Firewall MC currently only allows you to enable dhcp on the inside interface.
	PIX Firewall	X
	FWSM	X
	dhcpd lease lease_length
	PIX Firewall	X
	FWSM	X
	dhcpd option 66 ascii {server_name | server_ip_str}
	PIX Firewall	X
	FWSM	X
	dhcpd option 150 ip server_ip1 [server_ip2]
	PIX Firewall	X
	FWSM	X
	dhcpd ping timeout timeout
	PIX Firewall	X
	FWSM	X
	dhcpd wins wins1 [wins2]
	PIX Firewall	X
	FWSM	X
dhcprelay	dhcprelay enable client_ifc
	PIX Firewall	X
	FWSM	X		X (L2)
	dhcprelay server dhcp_server_ip server_ifc
	PIX Firewall	X
	FWSM	X		X (L2)
	dhcprelay setroute client_ifc
	PIX Firewall	X
	FWSM	X		X (L2)
	dhcprelay timeout seconds
	PIX Firewall	X
	FWSM	X		X (L2)
dir	dir [ /recursive ] [ disk:] [ flash: ] path
	PIX Firewall						X
	FWSM		X
disable	disable
	PIX Firewall					X
	FWSM					X
distance	distance ospf [ intra-area d1 ][ inter-area d2 ][ external d3 ]
	PIX Firewall						X
	FWSM		X	X (L2)
domain-name	domain-name name
	PIX Firewall				X
	FWSM				X
dynamic-map	[no] dynamic-map dynamic-map-name dynamic-seq-num subcommand
	PIX Firewall						X
	FWSM		X
eeprom	eeprom update
	PIX Firewall					X
	FWSM						X
enable	enable [priv_1evel]
	PIX Firewall					X
	FWSM					X
	enable password [pw] [encrypted]
	PIX Firewall	X
	FWSM	X
	enable password [pw] [level priv_level] [encrypted]
	PIX Firewall					X
	FWSM					X
established	established dest_protocol [src_port] [permitto protocol port [-port]] [permitfrom protocol port [-port]]
	PIX Firewall				X
	FWSM				X
exit	exit | quit
	PIX Firewall					X
	FWSM					X
failover	Note All failover commands for FWSM are supported in single context mode only.
	failover
	PIX Firewall	X
	FWSM	X
	failover active
	PIX Firewall					X
	FWSM					X
	failover interface seconds
	PIX Firewall						X
	FWSM		X
	failover interface ip ifc_name ip_address mask standby ip_address
	PIX Firewall						X
	FWSM	X
	failover interface-policy n [ percent ]
	PIX Firewall						X
	FWSM	X
	[no] failover lan interface ifc_name vlan vlan
	PIX Firewall						X
	FWSM	X
	failover ip address interface_name ip_address
	PIX Firewall	X
	FWSM						X
	failover lan enable
	PIX Firewall	X
	FWSM						X
	failover lan interface interface_name
	PIX Firewall	X
	FWSM						X
	failover lan key key_secret
	PIX Firewall	X
	FWSM						X
	failover lan unit {primary |  secondary } Note Firewall MC controls only the active unit; it does not distinguish between primary and secondary units.
	PIX Firewall	X
	FWSM	X
	failover link stateful_interface_name
	PIX Firewall	X
	FWSM						X
	failover link ifc_name [ vlan vlan ]
	PIX Firewall						X
	FWSM	X
	failover mac address minterface_name act_mac stn_mac
	PIX Firewall		X
	FWSM						X
	failover poll seconds
	PIX Firewall	X
	FWSM						X
	failover polltime { unit | interface } [ msec ] x [ holdtime  [ msec ] y ]
	PIX Firewall						X
	FWSM	X
	no failover polltime {unit | interface} seconds
	PIX Firewall						X
	FWSM	X
	failover replicate http
	PIX Firewall	X
	FWSM	X
	failover reset
	PIX Firewall					X
	FWSM					X
	failover timeout seconds
	PIX Firewall				X
	FWSM				X
filter	filter activex port local_ip mask foreign_ip mask
	PIX Firewall	X
	FWSM		X
	filter ftp dest-port local_ip local_mask foreign_ip foreign_mask [ allow ] [ interact-block ]
	PIX Firewall	X
	FWSM	X
	filter https dest-port local_ip local_mask foreign_ip foreign_mask [ allow ]
	PIX Firewall	X
	FWSM	X
	filter java port[ -port ] local_ip mask foreign_ip mask
	PIX Firewall	X
	FWSM		X
	filter url  [ http [ port [ -port ]] local_ip local_mask foreign_ip foreign_mask [ allow ]
	PIX Firewall	X
	FWSM	X
	filter url [http | port[-port]] local_ip local_mask foreign_ip foreign_mask [allow] [proxy-block] [longurl-truncate | longurl-deny] [cgi-truncate] Note Syntax errors are generated on [proxy-block] [longurl-truncate | longurl-deny] [cgi-truncate]
	PIX Firewall	X
	FWSM	X
	filter url except local_ip local_mask foreign_ip foreign_mask
	PIX Firewall	X
	FWSM	X
firewall	[no] firewall transparent Note Import Only -State displayed in GUI and not generated.
	PIX Firewall						X
	FWSM	X (L2)		X (L3)
fixup protocol	fixup protocol ctiqbe 2748
	PIX Firewall	X
	FWSM	X
	fixup protocol esp-ike
	PIX Firewall	X
	FWSM	X
	fixup protocol ftp [strict] [port]
	PIX Firewall	X
	FWSM	X
	fixup protocol http [port[-port]]
	PIX Firewall	X
	FWSM	X
	fixup protocol h323 { h225 | ras} port [-port]
	PIX Firewall	X
	FWSM	X
	fixup protocol icmp error
	PIX Firewall	X
	FWSM	X
	fixup protocol ils [port[-port]]
	PIX Firewall	X
	FWSM	X
	fixup protocol mgcp [port [-port]
	PIX Firewall	X
	FWSM	X
	fixup protocol pptp 1723
	PIX Firewall	X
	FWSM	X
	fixup protocol rpc port
	PIX Firewall						X
	FWSM	X
	fixup protocol rsh [514]
	PIX Firewall	X
	FWSM	X
	fixup protocol rtsp [ port]
	PIX Firewall	X
	FWSM	X
	fixup protocol sip [ port[-port]
	PIX Firewall	X
	FWSM	X
	fixup protocol sip udp [5060]
	PIX Firewall	X
	FWSM	X
	fixup protocol skinny [ port[-port]
	PIX Firewall	X
	FWSM	X
	fixup protocol smtp [ port[-port]]
	PIX Firewall	X
	FWSM	X
	fixup protocol sqlnet [ port[-port]]
	PIX Firewall	X
	FWSM	X
	fixup protocol tftp
	PIX Firewall	X
	FWSM	X
	fixup protocol dns maximum-length
	PIX Firewall	X
	FWSM	X
flashfs	flashfs downgrade {4.x | 5.0 | 5.1}
	PIX Firewall					X
	FWSM						X
	[no] flashfs
	PIX Firewall						X
	FWSM					X
floodguard	floodguard enable | disable
	PIX Firewall	X
	FWSM	X
format	format disk:
	PIX Firewall
	FWSM					X
fragment	Note Fragments can be imported correctly, but will generate commands per interface only.
	fragment size database-limit [interface]
	PIX Firewall	X
	FWSM	X
	fragment chain chain-limit [interface]
	PIX Firewall	X
	FWSM	X
	fragment timeout seconds [interface]
	PIX Firewall	X
	FWSM	X
ftp mode	[no] ftp mode passive Note Single-context mode.
	PIX Firewall						X
	FWSM		X
	[no] ftp mode passive Note Multiple-context mode.
	PIX Firewall						X
	FWSM			X
gdb	[no] gdb { break | enable }
	PIX Firewall						X
	FWSM					X
global	global [(interface_name) ] nat_id {global_ip [-global_ip] [netmask global_mask]} | interface
	PIX Firewall	X
	FWSM	X
help	help
	PIX Firewall					X
	FWSM					X
hostname	hostname newname
	PIX Firewall	X
	FWSM	X
http	http ip_address [netmask] [interface_name]
	PIX Firewall	X
	FWSM	X
	http server enable
	PIX Firewall	X
	FWSM	X
icmp	icmp permit | deny [host] src_addr [src_mask] [type] int_name
	PIX Firewall	X
	FWSM	X
igmp	Note See the multicast command for igmp subcommands.
ignore	[no] ignore lsa mospf
	PIX Firewall						X
	FWSM		X	X (L2)
interface	Note See also router interface command reference for ospf subcommand support.
	[no] interface interface_name
	PIX Firewall						X
	FWSM	X
	interface hardware_id [hardware_speed] [shutdown]
	PIX Firewall OS	X
	FWSM						X
	interface hardware_id vlan_id [logical | physical] [shutdown]
	PIX Firewall	X
	FWSM						X
	interface hardware_id change-vlan old_vlan_id new_vlan_id
	PIX Firewall			X
	FWSM						X
	FWSM 2.2 interface submode command: [ shutdown ] Example: fwsm(config)# interface inside fwsm(config-interface) shutdown
	PIX Firewall						X
	FWSM	X (L2) (L3)
	FWSM 2.2 interface submode command [ ospf ] Example: fwsm(config)# interface inside fwsm(config-interface) ospf *
	PIX Firewall						X
	FWSM		X
ip address	ip address ip_address [mask] [standby sby_ip_addr]
	PIX Firewall						X
	FWSM	X
	ip address interface_name ip_address [mask] [standby sby_ip_addr]
	PIX Firewall						X
	FWSM	X
	ip address interface_name ip_address [netmask]
	PIX Firewall	X
	FWSM						X
	ip address outside dhcp [setroute] [retry retry_cnt]
	PIX Firewall	X
	FWSM						X
	ip address interface_name pppoe [setroute]
	PIX Firewall	X
	FWSM						X
	ip address interface_name ip_address netmask pppoe [setroute]
	PIX Firewall	X
	FWSM						X
ip audit	ip audit attack [ action [ alarm ] [ drop ] [reset]]
	PIX Firewall	X
	FWSM						X
	ip audit info [action [ alarm ] [ drop ] [reset]]
	PIX Firewall	X
	FWSM						X
	ip audit interface interface_name audit_name
	PIX Firewall	X
	FWSM						X
	ip audit name audit_name attack [ action [ alarm ] [ drop ] [reset]]
	PIX Firewall	X
	FWSM						X
	ip audit name audit_name info [action [ alarm ] [ drop ] [reset]]
	PIX Firewall	X
	FWSM						X
	ip audit signature signature_number disable
	PIX Firewall	X
	FWSM						X
ip local pool	ip local pool pool_name pool_start-address[-pool_end-address]
	PIX Firewall		X
	FWSM						X
ip prefix-list	Note See also prefix-list commands.
	[no] ip prefix-list list-name [seq seq-value] {deny | permit network/length}[ge ge-value] [le le-value]
	PIX Firewall						X
	FWSM		X
	ip prefix-list sequence-number
	PIX Firewall						X
	FWSM		X
ip verify reverse-path	ip verify reverse-path interface int_name
	PIX Firewall	X
	FWSM	X
isakmp	isakmp client configuration address-pool local pool-name [interface-name]
	PIX Firewall	X
	FWSM		X
	isakmp enable interface-name
	PIX Firewall	X
	FWSM		X
	isakmp identity {address | hostname | [key-id key_id_string]}
	PIX Firewall	X
	FWSM		X
	isakmp keepalive seconds [retry_seconds]
	PIX Firewall	X
	FWSM		X
	isakmp key keystring address peer-address [netmask mask] [no-xauth] [no-config-mode]
	PIX Firewall	X
	FWSM		X
	isakmp nat-traversal [natkeepalive]
	PIX Firewall	X
	FWSM		X
	isakmp peer fqdn fqdn no-xauth no-config-mode
	PIX Firewall	X
	FWSM		X
isakmp policy	isakmp policy priority authentication pre-share | rsa-sig
	PIX Firewall	X
	FWSM		X
	isakmp policy priority encryption aes | aes-192| aes-256 | des | 3des
	PIX Firewall	X
	FWSM		X
	isakmp policy priority group1 | 2 | 5
	PIX Firewall	X
	FWSM		X
	isakmp policy priority hash md5 | sha
	PIX Firewall	X
	FWSM		X
	isakmp policy priority lifetime seconds
	PIX Firewall	X
	FWSM		X
kill	kill
	PIX Firewall					X
	FWSM					X
limit-resource	[no] limit-resource {[rate] resource_name | all} number [%]
	PIX Firewall						X
	FWSM		X
log-adj- changes	log-adj-changes [ detail ]
	PIX Firewall						X
	FWSM		X	X (L2)
	no log-adj-changes
	PIX Firewall						X
	FWSM		X	X (L2)
logging	logging on
	PIX Firewall	X
	FWSM	X
	logging buffered level
	PIX Firewall	X
	FWSM	X
	logging console level
	PIX Firewall	X
	FWSM	X
	logging device-id {hostname | ipaddress interface_name | string text}
	PIX Firewall	X
	FWSM	X
	logging facility facility
	PIX Firewall	X
	FWSM	X
	logging history level
	PIX Firewall	X
	FWSM	X
	logging host [in_interface_name] ip_address [protocol/port] format emblem [interface int1 [ int2 ...]] Note The interface parameter is not supported. An import error results if the interface parameter is defined.
	PIX Firewall	X
	FWSM	X
	logging message syslog_id [ level level]
	PIX Firewall	X
	FWSM	X
	logging monitor level
	PIX Firewall	X
	FWSM	X
	logging queue queue_size
	PIX Firewall	X
	FWSM	X
	logging standby
	PIX Firewall	X
	FWSM	X
	logging timestamp
	PIX Firewall	X
	FWSM	X
	logging trap level
	PIX Firewall	X
	FWSM	X
logical- interface	[no] logical-interface vlan number [-vlan number] [ context_alias [ context_alias]]
	PIX Firewall						X
	FWSM		X
login	login
	PIX Firewall					X
	FWSM					X
logout	logout
	PIX Firewall						X
	FWSM		X
mac-address- table static	[no] mac-address-table static interface_name mac
	PIX Firewall						X
	FWSM	X (L2)		X (L3)
mac-address- table aging-time	[no] mac-address-table aging-time minutes no mac-address-table aging-time
	PIX Firewall						X
	FWSM	X (L2)		X L3)
mac-learn	[no] mac-learn interface_name disable
	PIX Firewall						X
	FWSM	X (L2)		X (L3)
mac-list	mac-list id deny | permit mac macmask
	PIX Firewall		X
	FWSM		X
management- access	management-access mgmt_if
	PIX Firewall	X
	FWSM	X
match	(ospf)
	match [ interface interface_name | metric metric_value | ip address acl_id | route-type {local | internal | [ external [type-1 | type-2]]} | nssa-external [type-1 | type-2] | ip next-hop acl_id | ip route-source acl_id]
	PIX Firewall						X
	FWSM		X
match interface	(IP) (ospf)
	[no] match interface interface-type interface-number [... interface-type interface-number ]
	PIX Firewall						X
	FWSM		X
match ip address	(ospf)
	[no] match ip address {access-list-number | access-list-name} [... access-list-number | ... access-list-name ]
	PIX Firewall						X
	FWSM		X
match ip next-hop	(ospf)
	[no] match ip next-hop {access-list-number | access-list-name} [...access-list-number | ...access-list-name ]
	PIX Firewall						X
	FWSM		X
match ip route-source	match ip route-source {access-list-number | access-list-name}[...access-list-number | ...access-list-name]
	PIX Firewall						X
	FWSM		X
match metric	(ospf)
	[no] match ip route-source {access-list-number | access-list-name}[...access-list-number | ...access-list-name]
	PIX Firewall						X
	FWSM		X
match route-type	(IP) (ospf)
	[no] match route-type {local | internal | external [type-1 | type-2] | level-1 | level-2}
	PIX Firewall						X
	FWSM		X
member	(context submode)
	[no] member class_name
	PIX Firewall						X
	FWSM		X
mgcp	mgcp call-agent ip_address group_id
	PIX Firewall		X
	FWSM		X
	mgcp command-queue limit
	PIX Firewall		X
	FWSM		X
	mgcp gateway ip_address group_id
	PIX Firewall		X
	FWSM		X
mkdir	mkdir [ disk: ] path
	PIX Firewall						X
	FWSM		X
mode	mode { single  | multiple }
	PIX Firewall						X
	FWSM		X
monitor- interface	[no] monitor-interface interface_name
	PIX Firewall						X
	FWSM	X
more	more [/ascii] || [/binary] [ disk: ] path
	PIX Firewall						X
	FWSM		X
mroute	mroute src smask in-if-name dst dmask out-if-name
	PIX Firewall		X
	FWSM		X
multicast and subcommands	multicast interface interface_name
	PIX Firewall		X
	FWSM		X
	igmp forward interface interface_name
	PIX Firewall		X
	FWSM		X
	igmp access-group acl_id
	PIX Firewall		X
	FWSM		X
	igmp join-group group
	PIX Firewall		X
	FWSM		X
	igmp max-groups number
	PIX Firewall		X
	FWSM		X
	igmp query-interval seconds
	PIX Firewall		X
	FWSM		X
	igmp query-max-response-time seconds
	PIX Firewall		X
	FWSM		X
	igmp version {1 | 2}
	PIX Firewall		X
	FWSM		X
mtu	mtu interface_name bytes
	PIX Firewall	X
	FWSM	X
name/names	name ip_address name
	PIX Firewall	X
	FWSM	X
	names
	PIX Firewall	X
	FWSM	X
nameif	nameif {hardware_id | vlan_id} interface_name security_level
	PIX Firewall	X
	FWSM						X
	nameif interface interface_name security_level
	PIX Firewall						X
	FWSM	X
nat	nat [interface_name] id address [ netmask ][ norandomseq ] [ timeout hh:mm:ss ] [ conn_limit [ em_limit ]]]
	PIX Firewall	X
	FWSM						X
	nat [interface_name] id address [netmask [ outside ] [ dns ] [ norandomseq ] [ timeout hh:mm:ss ] [ conn_limit [ em_limit ]]]
	PIX Firewall	X
	FWSM						X
	nat [interface_name] 0 access-list acl_name
	PIX Firewall	X
	FWSM	X
	nat [interface_name] id access-list acl_name [ outside ] [ dns ] [ norandomseq ] [ timeout hh:mm:ss ] [ conn_limit  [ em_limit]]]
	PIX Firewall	X
	FWSM						X
	nat interface_name nat_id local_ip [mask [dns] [outside] [norandomseq ] [max_conns [emb_limit ]]]}
	PIX Firewall						X
	FWSM	X
	nat interface_name nat_id { 0 [ access-list acl_name [ outside ]]}
	PIX Firewall						X
	FWSM	X
np	np { 1 | 2 | 3 | all } cab address data
	PIX Firewall						X
	FWSM		X
ntp	ntp authenticate
	PIX Firewall				X
	FWSM						X
	ntp authentication-key number md5 value
	PIX Firewall				X
	FWSM						X
	ntp server ip_address [ key number ] source interface_name [ prefer ]
	PIX Firewall				X
	FWSM						X
	ntp trusted-key number
	PIX Firewall				X
	FWSM						X
object-group	Note Support for service groups within object grouping is limited. Service groups are successfully parsed, but flatten immediately. This affects commands with keywords icmp-type, protocol, and service.
	object-group grp_id
	PIX Firewall	X
	FWSM	X
	object-group icmp-type grp_id description description_text icmp-group icmp_type
	PIX Firewall	X
	FWSM	X
	object-group network grp_id description description_text network-object host host_addr network-object host_addr netmask
	PIX Firewall	X
	FWSM	X
	object-group protocol grp_id description description_text protocol-object protocol
	PIX Firewall	X
	FWSM	X
	object-group service grp_id {tcp | udp | tcp-udp} description description_text port-object eq service port-object range begin_service end_service
	PIX Firewall	X
	FWSM	X
ospf	(interface submode)
	ospf { authentication  [ message-digest | null]} | { authentication-key password} | { cost interface_cost} | { database-filter all out} | { dead-interval seconds} | { hello-interval seconds} | { message-digest-key key-id md5 key} | {mtu-ignore} | { priority number} | {retransmit-interval seconds} | { transmit-delay seconds}
	PIX Firewall						X
	FWSM		X
outbound / apply	Note Outbounds rely on the converter tool to translate outbounds and conduits to access-list commands. Commands have been deprecated.
	apply [interface_name ] list_ID outgoing_src  |  outgoing_dest
	PIX Firewall			X
	FWSM						X
	outbound list_ID permit | deny ip_address [netmask [port[-port]] [protocol]
	PIX Firewall			X
	FWSM						X
	outbound list_ID except ip_address [netmask [port[-port]] [protocol]
	PIX Firewall			X
	FWSM						X
pager	pager [ lines number]
	PIX Firewall				X
	FWSM				X
password	{ password | passwd } password [ encrypted ]
	PIX Firewall	X
	FWSM	X
pdm	pdm history enable
	PIX Firewall				X
	FWSM				X
	pdm history [view {all | 12h | 5d | 60m | 10m}] [snapshot] [feature {all | blocks | cpu | failover | ids | interface interface_name | memory | perfmon | xlates}] [pdmclient]
	PIX Firewall				X
	FWSM				X
	pdm location ip_address netmask interface_name
	PIX Firewall				X
	FWSM				X
	pdm logging [level [messages]]
	PIX Firewall				X
	FWSM				X
perfmon	perfmon verbose
	PIX Firewall					X
	FWSM					X
	perfmon interval seconds
	PIX Firewall					X
	FWSM					X
	perfmon quiet
	PIX Firewall					X
	FWSM					X
	perfmon settings
	PIX Firewall					X
	FWSM					X
ping	ping [ interface_name ] ip_address
	PIX Firewall					X
	FWSM					X
prefix-list	Note See also ip prefix-list commands.
	prefix-list list_name [seq seq_value] {permit | deny prefix / len} [ge min_value] [le max_value]
	PIX Firewall		X
	FWSM						X
	prefix-list {list_name [ seq seq_value] { permit | deny prefix / len} [ ge min_value] [ le max_value]} | sequence-number
	PIX Firewall						X
	FWSM		X
	prefix-list list_name description text
	PIX Firewall						X
	FWSM		X
	prefix-list sequence-number
	PIX Firewall		X
	FWSM		X
privilege	privilege [ show | clear | configure ] level level [ mode enable | configure] command command
	PIX Firewall		X
	FWSM		X
pwd	pwd
	PIX Firewall		X
	FWSM		X
quit	quit
	PIX Firewall					X
	FWSM					X
redistribute	redistribute { static | connected } [ metric metric_value ] [ metric-type metric_type] [ route-map map_name] [ tag tag_value] [ subnets ]
	PIX Firewall						X
	FWSM		X (L3)	X (L2)
	redistribute ospf pid [match {internal | external [1 | 2] | nssa-external [1|2]}] [metric metric_value ] [metric-type metric_type] [route-map map_name] [tag tag_value] [subnets]
	PIX Firewall						X
	FWSM		X (L3)	X (L2)
reload	reload
	PIX Firewall			X
	FWSM			X
	reload noconfirm
	PIX Firewall			X
	FWSM			X
rename	rename [ disk: ] [ source-path ] [ disk: ] [ destination-path ]
	PIX Firewall						X
	FWSM		X
rip	rip interface_name default | passive [version [1 | 2]] [authentication [text | md5 key (key_id)]]
	PIX Firewall	X
	FWSM	X
rmdir	rmdir [ disk: ] [ path ]
	PIX Firewall						X
	FWSM		X
route	route interface_name ip_address netmask gateway_ip [metric]
	PIX Firewall	X
	FWSM	X
route-map	route-map map_tag [permit | deny] [seq_num]
	PIX Firewall		X
	FWSM		X	X (L2)
	match [interface | route-type | metric | ip address | ip next-hop | ip route-source]
	PIX Firewall						X
	FWSM		X
	set metric [+ | -] metric_value
	PIX Firewall						X
	FWSM		X
	set metric-type type-1 | type-2 | internal | external
	PIX Firewall						X
	FWSM		X
	set ip next-hop ip-address [ip-address...]
	PIX Firewall						X
	FWSM		X
router	route interface_name ip_address netmask gateway_ip [ metric ]
	PIX Firewall	X
	FWSM	X
router-id	router-id ip_address
	PIX Firewall						X
	FWSM		X	X (L2)
router ospf and subcommands	router ospf pid
	PIX Firewall		X
	FWSM	X
	area area_id
	PIX Firewall		X
	FWSM		X
	area area_id authentication [message-digest]
	PIX Firewall		X
	FWSM		X
	area area_id default-cost cost
	PIX Firewall		X
	FWSM		X
	area area_id filter-list prefix {prefix_list_name in | out}
	PIX Firewall		X
	FWSM		X
	area area_id nssa [no-redistribution] [default-information-originate [metric-type 1 | 2] [metric metric_value]] [no-summary]
	PIX Firewall		X
	FWSM		X
	area area_id range ip_address netmask [advertise | not-advertise]
	PIX Firewall		X
	FWSM		X
	area area_id stub [no-summary]
	PIX Firewall		X
	FWSM		X
	area area_id virtual-link router_id [ authentication [ message-digest | null ]] [ hello-interval seconds ] [ retransmit-interval seconds] [ transmit-delay seconds] [ dead-interval seconds ] [ authentication-key password ] [ message-digest-key id md5 password ]
	PIX Firewall		X
	FWSM		X
	compatible rfc1583
	PIX Firewall		X
	FWSM		X
	default-information originate [always] [metric metric_value] [metric-type {1 | 2}] [route-map map_name]
	PIX Firewall		X
	FWSM		X
	distance ospf [intra-area d1][inter-area d2][external d3]
	PIX Firewall		X
	FWSM		X
	ignore lsa mospf
	PIX Firewall		X
	FWSM		X
	log-adj-changes [detail]
	PIX Firewall		X
	FWSM	X
	network prefix ip_address netmask area area_id
	PIX Firewall		X
	FWSM		X
	redistribute {static | connected} [metric metric_value ] [metric-type metric_type] [route-map map_name] [tag tag_value] [subnets]
	PIX Firewall		X
	FWSM		X
	redistribute ospf pid [match {internal | external [1|2] | nssa-external [1|2]}] [metric metric_value ] [metric-type metric_type] [route-map map_name] [tag tag_value] [subnets]
	PIX Firewall		X
	FWSM		X
	router-id ip_address
	PIX Firewall		X
	FWSM		X
	summary-address addr netmask [not-advertise] [tag tag_value]
	PIX Firewall		X
	FWSM		X
	timers {spf spf_delay spf_holdtime | lsa-group-pacing seconds}
	PIX Firewall		X
	FWSM		X
routing interface and subcommands	routing interface interface_name
	PIX Firewall		X
	FWSM		X
	ospf {authentication [message-digest | null]} | {authentication-key password} | {cost interface_cost} | {database-filter all out} | {dead-interval seconds} | {hello-interval seconds} | {message-digest-key key-id md5 key} | {mtu-ignore} | {priority number} | {retransmit-interval seconds} | {transmit-delay seconds}
	PIX Firewall		X
	FWSM		X
rpc-server	rpc-server ifc_name ip_addr mask service service_type protocol [TCP | UDP] port port [- port ] timeout hh:mm:ss
	PIX Firewall						X
	FWSM				X
same-security-traffic	same-security-traffic permit inter-interface
	PIX Firewall						X
	FWSM	X
service	service resetinbound | resetoutside
	PIX Firewall	X
	FWSM	X
session	session enable
	PIX Firewall			X
	FWSM			X
set ip next-hop	set ip next-hop ip-address [ ip-address ]
	PIX Firewall						X
	FWSM		X
set metric	set metric metric_value
	PIX Firewall						X
	FWSM		X
set metric-type	set metric-type {type-1 | type-2 | internal | external}
	PIX Firewall						X
	FWSM		X
setup	setup
	PIX Firewall					X
	FWSM					X
show	show
	PIX Firewall					X
	FWSM					X
shun	shun src_ip [dst_ip sport dport [protocol]]
	PIX Firewall					X
	FWSM					X
shutdown	shutdown
	PIX Firewall						X
	FWSM	X
snmp-server	snmp-server community key
	PIX Firewall	X
	FWSM	X
	snmp-server {contact | location} text
	PIX Firewall	X
	FWSM	X
	snmp-server host [interface_name] ip_addr [trap | poll]
	PIX Firewall	X
	FWSM	X
	snmp-server enable traps
	PIX Firewall	X
	FWSM	X
ssh	ssh ip_address [netmask] [interface_name]
	PIX Firewall	X
	FWSM	X
	ssh disconnect session_id
	PIX Firewall					X
	FWSM					X
	ssh timeout mm
	PIX Firewall	X
	FWSM	X
static	Note Firewall MC does not support the interface option; an error results during import.
	[no] static [ local_iinterface, global_interface ] {global_ip | interface} {local_ip [ netmask mask ] | access-list acl_name} [ dns ] [ norandomseq ] [ max_conns [ emb_limit]]
	PIX Firewall	X
	FWSM	X
	[no] static [local_interface, global_interface] { tcp | udp } {global_ip | interface} global_port {local_ip local_port [netmask mask] | access-list acl_name} [ dns ] [ norandomseq ] [ max_conns [ emb_limit ]]
	PIX Firewall	X
	FWSM	X
summary- address	summary-address addr netmask [ not-advertise ] [ tag tag_value ]
	PIX Firewall						X
	FWSM		X
syslog	syslog Note This command is deprecated in PIX Firewall OS Version 6.2.
	PIX Firewall		X
	FWSM						X
sysopt	sysopt connection permit-pptp  | permit-l2tp
	PIX Firewall		X
	FWSM						X
	sysopt connection permit-ipsec
	PIX Firewall	X
	FWSM						X
	sysopt connection tcpmss bytes
	PIX Firewall	X
	FWSM	X
	sysopt connection tcpmss minimum bytes
	PIX Firewall		X
	FWSM						X
	sysopt connection timewait
	PIX Firewall		X
	FWSM		X
	sysopt ipsec pl-compatible
	PIX Firewall		X
	FWSM		X
	sysopt nodnsalias inbound | outbound
	PIX Firewall		X
	FWSM		X
	sysopt noproxyarp interface_name
	PIX Firewall	X
	FWSM	X
	sysopt radius ignore-secret
	PIX Firewall		X
	FWSM		X
	sysopt route dnat Note This command is deprecated in PIX OS Version 6.3.
	PIX Firewall				X
	FWSM						X
	sysopt security fragguard Note This command is deprecated in PIX OS Version 6.3.
	PIX Firewall		X
	FWSM						X
	sysopt uauth allow-http-cache
	PIX Firewall		X
	FWSM						X
telnet	telnet ip_address [netmask] [interface_name]
	PIX Firewall	X
	FWSM	X
	telnet timeout minutes
	PIX Firewall	X
	FWSM	X
terminal	terminal monitor
	PIX Firewall				X
	FWSM				X
	terminal width characters
	PIX Firewall				X
	FWSM				X
tftp-server	tftp-server [ interface_name] ip _address path
	PIX Firewall	X
	FWSM	X
timeout	timeout [ xlate [hh:mm:ss]] [ conn [hh:mm:ss]] [ half-closed [hh:mm:ss]] [ udp [hh:mm:ss]] [ rpc [hh:mm:ss]] [ h225 [hh:mm:ss]] [ h323 [hh:mm:ss]] [ mgcp hh:mm:ss] [ sip [hh:mm:ss]] [ sip_media [hh:mm:ss]][ uauth [hh:mm:ss] [ absolute | inactivity]]
	PIX Firewall	X
	FWSM	X
timers	timers {spf spf_delay spf_holdtime | lsa-group-pacing seconds}
	PIX Firewall						X
	FWSM		X
upgrade-mp	upgrade-mp tftp://location/pathname
	PIX Firewall						X
	FWSM		X
	upgrade-mp http[s]://[user:password@]location [:port]/pathname
	PIX Firewall						X
	FWSM		X
	upgrade-mp tftp[:[[//location][/pathname]]]
	PIX Firewall						X
	FWSM		X
uptime	uptime
	PIX Firewall						X
	FWSM		X
url-block	url-block block block_buffer_limit
	PIX Firewall	X
	FWSM	X
	url-block url-mempool memory_pool_size
	PIX Firewall	X
	FWSM	X
	url-block url-size long_url_size Note Websense only.
	PIX Firewall	X
	FWSM	X
url-cache	url-cache {dst | src_dst} size kbytes
	PIX Firewall	X
	FWSM	X
url-server	url-server [ interface_name ] vendor n2h2 host local_ip [ port number ] [ timeout seconds ] [ protocol {TCP | UDP}] Note N2H2 only.
	PIX Firewall	X
	FWSM	X
	url-server [ interface_name] vendor websense host local_ip [ timout seconds ] [ protocol {TCP |  UDP } version] Note Websense only.
	PIX Firewall	X
	FWSM	X
username	username username {[{nopassword | password password} [encrypted]] [privilege level]}
	PIX Firewall	X
	FWSM	X
virtual	virtual http ip_address [warn]
	PIX Firewall				X
	FWSM				X
	virtual telnet ip_address
	PIX Firewall				X
	FWSM				X
vpdn	vpdn enable interface_name
	PIX Firewall		X
	FWSM		X
	vpdn group group_name [[accept dialin pptp | l2tp]] | [ppp encryption mppe 40 | 128| auto [required]] | [ client configuration address local address_pool_name ] | [client configuration dns dns_ip1 [dns_ip2]] | [ client configuration wins wins_ip1 [wins_ip2]] | [client authentication local | aaa auth_aaa_group] | [ client accounting acct_aaa_group] | [pptp echo echo_time] | [ l2tp tunnel hello hello_time]
	PIX Firewall		X
	FWSM		X
	vpdn username name password passwd store-local
	PIX Firewall (PPPoE only)	X
	PIX Firewall (all other instances)				X
	FWSM	X
	vpdn username name password passwd
	PIX Firewall		X
	FWSM		X
	vpdn group group_name localname username
	PIX Firewall (PPPoE only)	X
	PIX Firewall (all other instances)				X
	FWSM	X
	vpdn group group_name request dialout pppoe
	PIX Firewall (PPPoE only)	X
	PIX Firewall (all other instances)				X
	FWSM	X
	vpdn group group_name ppp authentication PAP | CHAP | MSCHAP
	PIX Firewall (PPPoE only)	X
	PIX Firewall (all other instances)				X
	FWSM	X
vpnclient	vpnclient vpngroup group_name password preshared_key
	PIX Firewall	X
	FWSM	X
	vpnclient username xauth_username password xauth_password
	PIX Firewall	X
	FWSM	X
	vpnclient server ip_primary [ip_secondary_1, ip_sendary_2, ..., ip_secondary_n]
	PIX Firewall	X
	FWSM	X
	vpnclient mac-exempt mac_addr_1 mac_mask_1 [mac_addr_2 mac_mask_2]
	PIX Firewall	X
	FWSM	X
	vpnclient mode client-mode | network-extension-mode
	PIX Firewall	X
	FWSM	X
	vpnclinet enable
	PIX Firewall	X
	FWSM	X
	vpnclient management {[tunnel {ip_addr_1| ip_mask_1} [{ip_addr_2 | ip_mask_1}...]] | [clear]}
	PIX Firewall	X
	FWSM	X
	vpnclient connect
	PIX Firewall		X
	FWSM		X
	vpnclient disconnect
	PIX Firewall		X
	FWSM		X
	vpnclient nem-st-autoconnect
	PIX Firewall		X
	FWSM		X
vpngroup	vpngroup group_name address-pool pool_name
	PIX Firewall	X
	FWSM						X
	vpngroup group_name authentication-server server_tag
	PIX Firewall	X
	FWSM						X
	vpngroup group_name backup-server {{ip1 [ip2 ... ip10]} | clear}
	PIX Firewall	X
	FWSM						X
	vpngroup group_name clear-client-cfg
	PIX Firewall						X
	FWSM						X
	vpngroup group_name default-domain domain_name
	PIX Firewall	X
	FWSM						X
	vpngroup group_name device-pass-through
	PIX Firewall	X
	FWSM						X
	vpngroup group_name dns-server dns_ip_prim [dns_ip_sec]
	PIX Firewall	X
	FWSM						X
	vpngroup group_name idle-time idle_seconds
	PIX Firewall	X
	FWSM						X
	vpngroup group_name max-time max_seconds
	PIX Firewall	X
	FWSM						X
	vpngroup group_name password preshared_key
	PIX Firewall	X
	FWSM						X
	vpngroup group_name pfs
	PIX Firewall	X
	FWSM						X
	vpngroup group_name split-dns domain_name1 [domain_name2, domain_name3, ..., domain_name8]
	PIX Firewall	X
	FWSM						X
	vpngroup group_name split-tunnel acl_name
	PIX Firewall	X
	FWSM						X
	vpngroup group_name user-authentication
	PIX Firewall	X
	FWSM						X
	vpngroup group_name user-idle-timeout user_idle_seconds
	PIX Firewall	X
	FWSM						X
	vpngroup group_name wins-server wins_ip_prim [wins_ip_sec]
	PIX Firewall	X
	FWSM						X
who	who [local_ip]
	PIX Firewall					X
	FWSM					X
write	write net [[server_ip]:[filename]]
	PIX Firewall					X
	FWSM					X
	write floppy
	PIX Firewall					X
	FWSM					X
	write memory | floppy [uncompressed]
	PIX Firewall					X
	FWSM					X
	write standby
	PIX Firewall					X
	FWSM					X
	write terminal
	PIX Firewall					X
	FWSM					X
	write { erase [ uncompressed ] | memory | standby | terminal}
	PIX Firewall						X
	FWSM					X

Summary of Commands Not Supported

The following is a high-level summary of the PIX 6.3.3 and FWMC 2.1 commands that are not supported in the Firewall MC 1.3 GUI. We recommend that you refer to Table 2 for details about the commands and the level of support provided by Firewall MC.

•Active commands such as show, debug, and clear are either discarded or generate errors during import.

•OSPF commands are treated as unknown commands.

•IPSec commands on FWSM 2.1 are treated as unknown commands.

•FWSM system context commands are treated as unknown commands. This includes commands such as creation and deletion of security contexts, switching the blade between single and multiple context or between routed and transparent mode, failover configuration in system context, and resource manager.

•Access-list interface used in place of a source or destination address is not supported; object-group-search cannot easily be added to the epilog in the Firewall MC GUI, because Firewall MC could modify the ACL name during deployment. If the object-group-search command is in the epilog, its ACL name might not match the one Firewall MC deploys.

•AAA include and exclude commands are not supported, but they can be manually converted to an ACL.