cc/td/doc/product/rtrmgmt/cw2000/mgt_pix
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table Of Contents

Supported Devices, OS Versions and Commands for Management Center for
Firewalls 1.3.3

Supported Devices

Support for PIX Firewall and Firewall Services Module CLI Commands

Summary of Commands Not Supported


Supported Devices, OS Versions and Commands for Management Center for
Firewalls 1.3.3


Revised: September 16, 2005

This document includes:

Supported Devices

Support for PIX Firewall and Firewall Services Module CLI Commands

Summary of Commands Not Supported

Supported Devices

Table 1 lists the devices supported by Management Center for Firewalls 1.3.3.

Table 1 Devices 

Series
Devices Supported
Software

Cisco PIX Firewall Series

PIX 501, PIX 506, PIX 506E, PIX 515, PIX 515E, PIX 525, PIX 535

PIX OS Version:

6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.2, 6.2.1, 6.2.2, 6.3, 6.2.3, 6.2.4, 6.3.1, 6.3.2, 6.3.3, 6.3.4.

FWSM

N/A

FWSM OS Version:

1.1.1, 1.1.2, 1.1.3, 1.1.4, 2.1.0, 2.1.1, 2.2, 2.2.1, 2.3.


Support for PIX Firewall and Firewall Services Module CLI Commands

PIX Firewall and Firewall Services Module (FWSM) CLI commands receive different levels of support from Firewall MC 1.3.3. You should fully understand the level of support that each command receives from Firewall MC; this understanding enables you to use commands or command combinations in PIX Firewall and FWSM configuration files so that import operations and deployment jobs succeed.

The levels of support provided by Firewall MC are:

Supported—Firewall MC fully supports the command. It can import and deploy a configuration with the command.

Unsupported—Firewall MC does not support the command. Based on the value of the Action on Unknown commands setting (Configuration > MC Settings > Management), Firewall MC generates an error or places the command as an ending command.

Error—Commands in this category can interact unpredictably with Firewall MC features that may be configured in the user interface. If a command in this category appears in a configuration during import or during deploy to device, Firewall MC generates an error and the import fails.

Ignored—Commands in this category do not interact with features configured in the Firewall MC user interface. These commands are copied verbatim during import as an ending command.

Discarded—Commands in this category are discarded upon import.

Deprecated—Commands in this category are supported in beginning and ending commands, but can result in overlapping commands with unexpected results. These commands have been outdated by newer CLI constructs and might become obsolete in future versions of CLI. We recommend that you not use deprecated commands.

Not Used—The command is not designed for use with a particular platform.


Note To access ending commands, select Configuration > Device Settings > Configuring Additions > Ending Commands.


Command descriptions showin in Table 2 use these conventions:

Braces ({ }) indicate a required choice.

Square brackets ([ ]) indicate optional elements.

Vertical bars ( | ) separate alternative, mutually exclusive elements.

Table 2 Firewall MC 1.3.3 CLI Commands Support Status 

Command Reference
CLI Commands
Supported
Unsupported
Error
Ignored
Discarded
Not Used
aaa accounting

aaa accounting include | exclude acctg_service inbound | outbound | interface_name local_ip local_mask foreign_ip foreign_mask group_tag

Note Include and exclude are not supported, but can be manually converted to an ACL.

PIX Firewall

   

X

     

FWSM

   

X

     

aaa accounting match acl_name inbound | outbound | interface_name group_tag

PIX Firewall

X

         

FWSM

X

         
aaa authentication

aaa authentication include | exclude authen_service inbound | outbound | if _name local_ip local_mask foreign_ip foreign_mask group_tag

Note Include and exclude are not supported, but can be manually converted to an ACL.

PIX Firewall

   

X

     

FWSM

   

X

     

aaa authentication match acl_name inbound | outbound | interface_name group_tag

PIX Firewall

X

         

FWSM

X

         
 

[no] aaa authentication secure-http-client

PIX Firewall

         

X

FWSM

X

         

aaa authentication [serial | enable | telnet | ssh | http] console group_tag [LOCAL]

PIX Firewall

X

         

FWSM

X

         

aaa authentication secure-http-client

PIX Firewall

X

         

FWSM

X

         
aaa authorization

aaa authorization command {LOCAL | tacacs_server_tag} [LOCAL]

PIX Firewall

 

X

       

FWSM

 

X

       

aaa authorization include | exclude author_service inbound | outbound | interface_name local_ip local_mask foreign_ip foreign_mask

Note Include and exclude are not supported, but can be manually converted to an ACL.

PIX Firewall

   

X

     

FWSM

   

X

     

aaa authorization match acl_name inbound | outbound | interface_name group_tag

PIX Firewall

X

         

FWSM

X

         
aaa mac-exempt

aaa mac-exempt match id

PIX Firewall

 

X

       

FWSM

 

X

       
aaa proxy-limit

aaa proxy-limit proxy limit | disable

PIX Firewall

 

X

       

FWSM

 

X

       
aaa-server

aaa-server group_tag (interface_name) host server_ip key timeout seconds

PIX Firewall

X

         

FWSM

X

         

aaa-server group_tag protocol auth_protocol

PIX Firewall

X

         

FWSM

X

         

aaa-server radius-acctport port

PIX Firewall

 

X

       

FWSM

 

X

       

aaa-server radius-authport port

PIX Firewall

 

X

       

FWSM

 

X

       

debug radius session

PIX Firewall

       

X

 

FWSM

       

X

 

[no] aaa-server <tag> max-failed-attempts <tries>

PIX Firewall

X

         

FWSM

X

         

[no] aaa-server <tag> deadtime <deadtimeout>

PIX Firewall

X

         

FWSM

X

         
access-group

access-group acl_ID in interface interface_name

PIX Firewall

X

         

FWSM

X

         

[no] access-group access-list in interface interface_name [per-user-override]

PIX Firewall

   

X

     

FWSM

         

X

access-list

Note The optional line number arguments are not supported. These arguments will never appear in show config; they are used as an active command to allow you to edit the ACLs inline.

access-listacl_ID ] compiled

Note Once defined, it is applied globally.

PIX Firewall

X

         

FWSM

X

         

access-list deny-flow-max n

PIX Firewall

X

         

FWSM

X

         

access-list alert-interval secs

PIX Firewall

X

         

FWSM

X

         

access-list id [deny | permit ] icmp {source_addr | local_addr} {source_mask | local_mask} {destination_addr | remote_addr} {destination_mask | remote_mask } icmp_type

PIX Firewall

X

         

FWSM

         

X

 

access-list iddeny | permit ] icmp host sip | sip smask | object-group network_obj_grp_id dip dmask | object-group network_obj_grp_id icmp_type | object-group icmp_type_obj_grp_id ] [ log [ disable ] | [ level ] | [ default ] [ interval secs ]]

PIX Firewall

         

X

FWSM

X

         

access-list id {deny | permit} icmp {source_addr | local_addr} {source_mask | local_mask} | interface interface_name | object-group network_obj_grp_id {destination_addr | remote_addr} {destination_mask | remote_mask} | interface interface_name | object-group network_obj_grp_id [icmp_type | object-group icmp_type_obj_grp_id] [log [[disable | default] | [level]]] [interval secs]]

Note The interface argument is not supported and results in an error during import.

PIX

X

         

FWSM

         

X

access-list acl_IDdeny | permit } protocol {source_addr | local_addr} {source_mask | local_mask}[operator port [port] { destination_addr | remote_addr } { destination_mask | remote_mask } [ operator port  port ]

PIX

X

         

FWSM

         

X

 

access-list id {deny | permit}{protocol | object-group protocol_obj_grp_id {source_addr | local_addr} {source_mask | local_mask} | object-group network_obj_grp_id [operator port [port] | interface interface_name | object-group service_obj_grp_id] {destination_addr | remote_addr} {destination_mask | remote_mask} object-group network_obj_grp_id [operator port [port] | object-group service_obj_grp_id]} [log [[disable | default] | [level]]] [interval secs]]

Note The interface argument is not supported and results in an error during import.

PIX Firewall

X

         

FWSM

         

X

access-list id deny|permit {any | <ip> <mask>}

PIX Firewall

         

X

FWSM

 

X

       

access-list id extended deny  | permit protocolobject-group protocol_obj_grp_id host sip | sip smask | object-group network_obj_grp_id operator <port> [<port>] | object-group service_obj_grp_id dip dmask | object-group network_obj_grp_id [ operator <port> [ <port> ] | object-group service_obj_grp_id ] [ logdisable ] | [ level ] | [ default ] [ interval secs ]]

PIX Firewall

         

X

FWSM

X

         

access-list id remark text

Note This command is discarded on import. Your annotations will be lost; however, the import will succeed.

PIX Firewall

       

X

 

FWSM

       

X

 
 

debug access-list all | standard | turbo

PIX Firewall

       

X

 

FWSM

       

X

 

access-list id object-group-search

Note This command might not be added to the epilog in Firewall MC because Firewall MC could modify the ACL name during deployment. If the object-group-search command is in the epilog, its ACL name might not match the one that Firewall MC deploys.

PIX Firewall

       

X

 

FWSM

         

X

access-list mode auto-commit|manual-commit

Note Firewall MC automatically generates this command during deployment.

PIX Firewall

         

X

FWSM

       

X

 

access-list commit

PIX Firewall

       

X

 

FWSM

       

X

 
activation-key

activation-key activation-key-four-tuple

PIX Firewall

       

X

 

FWSM

       

X

 
admin-context

admin-context admin-context-name

PIX Firewall

         

X

FWSM

 

X

       
alias

alias [(interface_name) ] dnat_ip foreign_ip netmask ]

PIX Firewall

 

X

       

FWSM

 

X

X (L2)

     
allocate-
interface

[no] allocate-interface vlan number-vlan number ] [ context_alias -context_alias]]

PIX Firewall

         

X

FWSM

 

X

       
area

[no] area area_id {authentication [message-digest]} | { default-cost cost } | { filter-list prefixprefix_list_name in | out }} | { range ip_address netmaskadvertise | not-advertise ]}

PIX Firewall

 

X

       

FWSM

 

X

       

[no] area area_id nssano-redistribution ] [ default-information-originate [metric-type 1 | ] [ metric metric_value ]] [ no-summary ]

PIX Firewall

 

X

       

FWSM

 

X

       

area area_id stubno-summary ]

PIX Firewall

 

X

       

FWSM

 

X

       

[no] area area_idvirtual-link router_id } [authenticationmessage-digest  | null ]] [ hello-interval seconds ] [ retransmit-interval seconds ] [ transmit-delay seconds ] [ dead-interval seconds ] [ authentication-key password ] [ message-digest-key id md5 password ]

PIX Firewall

 

X

       

FWSM

 

X

       
arp

arp interface_name ip_address mac_address [ alias ]

PIX Firewall

     

X

   

FWSM

     

X

   

arp timeout seconds

PIX Firewall

     

X

   

FWSM

     

X

   
arp-inspection

[no] arp-inspection

PIX Firewall

         

X

FWSM

     

X

   
auth-prompt

auth-prompt [ accept | reject | prompt ] string

PIX Firewall

X

         

FWSM

X

         
auto-update

auto-update device-id harware-serial | hostname | ipaddressinterface_name ] | mac-addressinterface_name ] string text

PIX Firewall

X

         

FWSM

         

X

auto-update poll-period poll_period retry_countretry_period ]]

PIX Firewall

X

         

FWSM

         

X

 

auto-update server urlverify_certificate ]

PIX Firewall

X

         

FWSM

         

X

auto-update timeout period

PIX Firewall

X

         

FWSM

         

X

banner

banner {exec | login | motd} text

PIX Firewall

     

X

   

FWSM

     

X

   
ca

ca authenticate ca_nicknamefingerprint ]

PIX Firewall

     

X

   

FWSM

     

X

   

ca configure ca_nickname ca | ra retry_period retry_countcrloptional ]

PIX Firewall

     

X

   

FWSM

     

X

   

ca crl request ca_nickname

PIX Firewall

     

X

   

FWSM

     

X

   

ca enroll ca_nickname challenge_passwordserial] [ ipaddress ]

PIX Firewall

     

X

   

FWSM

     

X

   

ca generate rsakey | specialkey} key_modulus_size

PIX Firewall

     

X

   

FWSM

     

X

   
 

ca identity ca_nickname ca_ipaddress:ca_script_location ] [ ldap_ip address ]

PIX Firewall

     

X

   

FWSM

     

X

   

ca save all

PIX Firewall

     

X

   

FWSM

     

X

   

ca subject-name ca_nickname X.500_string

PIX Firewall

     

X

   

FWSM

     

X

   

ca verifycertdn X.500_string

PIX Firewall

     

X

   

FWSM

     

X

   

ca zeroize rsa keypair_name ]

PIX Firewall

     

X

   

FWSM

     

X

   
ca generate rsa key

ca generate rsa key modulus

PIX Firewall

     

X

   

FWSM

         

X

capture

capture capture_nameaccess-list acl_name ][ buffer bytes ] [ ethernet-type type ][ interface name ] [ packet-length bytes ] [ circular-buffer ]

PIX Firewall

       

X

 

FWSM

       

X

 
cd

cddisk: ] [ path ]

PIX Firewall

         

X

FWSM

       

X

 
changeto

changeto {system | context name}

PIX Firewall

         

X

FWSM

       

X

 
class

[no] class name

PIX Firewall

         

X

FWSM

 

X

       
clear

clear file configuration | pdm | pki

PIX Firewall

       

X

 

FWSM

       

X

 
clock

clock set hh:mm:ss {day month | month day} year

PIX Firewall

       

X

 

FWSM

         

X

clock summer-time zone recurringweek weekday month hh:mm week weekday month hh:mm ] [ offset ]

PIX Firewall

     

X

   

FWSM

         

X

clock summer-time zone dateday month month day } year hh:mm
day month | month day } year hh:mmoffset ]

PIX Firewall

     

X

   

FWSM

         

X

 

clock timezone zone hoursminutes ]

PIX Firewall

 

X

       

FWSM

         

X

conduit

Note Conduits rely on the converter tool to translate conduits and outbounds to access-list commands. Otherwise, errors result during import.

conduit { permit | deny } protocol global_ip global_maskoperator port port ]] foreign_ip foreign_maskoperator port  [ port ]]

PIX Firewall

   

X

     

FWSM

   

X

     

conduit permit | deny icmp global_ip global_mask foreign_ip foreign_mask [icmp_type]

PIX Firewall

   

X

     

FWSM

   

X

     

conduit deny | permit protocol | object-group protocol_obj_grp_id global_ip global_mask | object-group network_obj_grp_id [operator port [port] | object-group service_obj_grp_id] foreign_ip foreign_mask | object-group network_obj_grp_id [operator port [port] | object-group service_obj_grp_id]

PIX Firewall

   

X

     

FWSM

   

X

     

conduit deny | permit icmp global_ip global_mask | object-group network_obj_grp_id foreign_ip foreign_mask | object-group network_obj_grp_id [icmp_type | object-group icmp_type_obj_grp_id]

PIX Firewall

   

X

     

FWSM

   

X

     
compatible rfc1583

[no] compatible rfc1583

PIX Firewall

 

X

       

FWSM

 

X

       
configure

configure factory-default [inside_ip_address [address_mask]]

Note Applies to PIX 501 and PIX 506/506E only.

PIX Firewall

       

X

 

FWSM

         

X

configure floppy

Note Applies only to older PIX Firewalls that have a floppy drive.

PIX Firewall

       

X

 

FWSM

         

X

configure http[s] :// [user:password@] location [ :port ] / http_pathname

PIX Firewall

       

X

 

FWSM

       

X

 

configure memory

PIX Firewall

       

X

 

FWSM

       

X

 

configure net [[server_ip]:[filename]]

PIX Firewall

       

X

 

FWSM

       

X

 

configure terminal

PIX Firewall

       

X

 

FWSM

       

X

 
config-url

[no] config-url url

PIX Firewall

         

X

FWSM

 

X

       
console timeout

console timeout number

PIX Firewall

X

         

FWSM

X

         
context

[no] context name

PIX Firewall

         

X

FWSM

 

X

       

copy

copy capture: capture_name tftp://location/pathpcap ]

PIX Firewall

       

X

 

FWSM

       

X

 

copy disk: [ path ]  tftp [:[[ //location ][ /pathname ]]]

copy disk: [ path ]  disk:[ path ]

copy disk: [ path ] flash[:[ image | pdm ]]

copy disk: [ path ] [ startup-config  | running-config ]

copydisk: [ path ftp:// user :password ]@location/pathname ;type=xx ]

PIX Firewall

         

X

FWSM

       

X

 

copy flash [:[ image | pdm ]] tftp [:[[ //location ][ /pathname ]]]

copy flash :[ image | pdm ]] disk: [ path ]

PIX Firewall

         

X

FWSM

       

X

 
 

copy http[s]://user:password@] location [:port ] / http_pathname flash [: [ image | pdm] ]

PIX Firewall

       

X

 

FWSM

       

X

 

copy running-config startup-config

PIX Firewall

         

X

FWSM

       

X

 

copystartup-config | running-config ] disk: [path]

copy startup-config running-config

copystartup-config | running-config ] tftp[:[[//location][/pathname]]]

PIX Firewall

         

X

FWSM

       

X

 

copy tftp[:[[//location] [/tftp_pathname]]] flash[:[image | pdm]]

PIX Firewall

       

X

 

FWSM

       

X

 
crashinfo

crashinfo test

PIX Firewall

       

X

 

FWSM

       

X

 

crashinfo force [page-fault | watchdog]

PIX Firewall

       

X

 

FWSM

       

X

 

crashinfo save [enable | disable]

PIX Firewall

     

X

   

FWSM

     

X

   
crypto dynamic-map

[no] crypto dynamic-map dynamic-map-name dynamic-seq-num subcommand

PIX Firewall

         

X

FWSM

 

X

       

[no] crypto dynamic-map dynamic-map-name dynamic-seq-num match address acl_name

PIX Firewall

X

         

FWSM

         

X

crypto dynamic-map dynamic-map-name dynamic-seq-num set peer hostname | ip-address

PIX Firewall

X

         

FWSM

         

X

crypto dynamic-map dynamic-map-name dynamic-seq-num set pfsgroup1 | group2 group5 ]

PIX Firewall

X

         

FWSM

         

X

crypto dynamic-map dynamic-map-name dynamic-seq-num set security-association lifetime seconds seconds | kilobytes kilobytes

PIX Firewall

X

         

FWSM

         

X

crypto dynamic-map dynamic-map-name dynamic-seq-num set transform-set transform-set-name1 [ transform-set-name9 ]

PIX Firewall

X

         

FWSM

         

X

crypto ipsec

crypto ipsec security-association lifetime seconds seconds | kilobytes kilobytes

PIX Firewall

X

         

FWSM

 

X

       

crypto ipsec transform-set transform-set-name transform1 [transform2 [ transform3 ]]

PIX Firewall

X

         

FWSM

         

X

crypto ipsec transform-set transform-set-name mode transport

PIX Firewall

X

         

FWSM

         

X

[no] crypto ipsec transform-set transform-set-name {{ transform1 [transform2 [transform3]]} | mode transport }

PIX Firewall

         

X

FWSM

 

X

       

crypto ipsec transform-set transform-set-name [ah-md5-hmac | ah-sha-hmac] [esp-aes | esp-aes-192 | esp-aes-256 | esp-des | esp-3des | esp-null] [esp-md5-hmac | esp-sha-hmac]

PIX Firewall

         

X

FWSM

 

X

       
crypto map

crypto map map-name client [token] authentication aaa-server-name [LOCAL]

PIX Firewall

X

         

FWSM

 

X

       

crypto map map-name client configuration address initiate | respond

PIX Firewall

X

         

FWSM

 

X

       
 

crypto map map-name interface interface-name

PIX Firewall

X

         

FWSM

 

X

       

crypto map map-name seq-num ipsec-isakmp | ipsec-manual [dynamic dynamic-map-name]

PIX Firewall

X

         

FWSM

 

X

       

crypto map map-name seq-num ipsec-manual [dynamic dynamic-map-name]

PIX Firewall

   

X

     

FWSM

         

X

crypto map map-name seq-num match address acl_name

PIX Firewall

X

         

FWSM

 

X

       

crypto map map-name seq-num set peer hostname | ip-address

PIX Firewall

X

         

FWSM

 

X

       

crypto map map-name seq-num set pfs [group1 | group2]

PIX Firewall

X

         

FWSM

 

X

       

crypto map map-name seq-num set security-association lifetime seconds seconds | kilobytes kilobytes

PIX Firewall

X

         

FWSM

 

X

       
 

crypto map map-name seq-num set session-key inbound | outbound ah spi hex-key-string

PIX Firewall

   

X

     

FWSM

 

X

       

crypto map map-name seq-num set session-key inbound | outbound esp spi cipher hex-key-string [ authenticator hex-key-string]

PIX Firewall

   

X

     

FWSM

 

X

       

crypto map map-name seq-num set transform-set transform-set-name1 [transform-set-name6]

PIX Firewall

X

         

FWSM

 

X

       
dbg

[no] dbg block sub-block

PIX Firewall

         

X

FWSM

 

X

       
debug

debug

PIX Firewall

       

X

 

FWSM

       

X

 
default-
information originate

default-information originate [ always] [ metric metric_value] [ metric-type {1 | 2}] [route-map map_name]

PIX Firewall

         

X

FWSM

 

X

       
delete

delete [/recursive] [/force] [disk:] path

PIX Firewall

         

X

FWSM

 

X

       
description

[no] description

PIX Firewall

         

X

FWSM

 

X

       
dhcpd

dhcpd address ip1[-ip2] [interface_name]

PIX Firewall

X

         

FWSM

X

         

dhcpd auto_config [client_ifx_name]

PIX Firewall

X

         

FWSM

X

         

dhcpd dns dns1 [dns2]

PIX Firewall

X

         

FWSM

X

         

dhcpd domain domain_name

PIX Firewall

X

         

FWSM

X

         

dhcpd enable [interface_name]

Note PIX Firewall OS version 6.3 allows you to enable dhcp on any interface; however, Firewall MC currently only allows you to enable dhcp on the inside interface.

PIX Firewall

X

         

FWSM

X

         

dhcpd lease lease_length

PIX Firewall

X

         

FWSM

X

         
 

dhcpd option 66 ascii {server_name | server_ip_str}

PIX Firewall

X

         

FWSM

X

         

dhcpd option 150 ip server_ip1 [server_ip2]

PIX Firewall

X

         

FWSM

X

         

dhcpd ping timeout timeout

PIX Firewall

X

         

FWSM

X

         

dhcpd wins wins1 [wins2]

PIX Firewall

X

         

FWSM

X

         
dhcprelay

dhcprelay enable client_ifc

PIX Firewall

X

         

FWSM

X

 

X (L2)

     

dhcprelay server dhcp_server_ip server_ifc

PIX Firewall

X

         

FWSM

X

 

X (L2)

     

dhcprelay setroute client_ifc

PIX Firewall

X

         

FWSM

X

 

X (L2)

     
 

dhcprelay timeout seconds

PIX Firewall

X

         

FWSM

X

 

X (L2)

     
dir

dir [ /recursive ] [ disk:] [ flash: ] path

PIX Firewall

         

X

FWSM

 

X

       
disable

disable

PIX Firewall

       

X

 

FWSM

       

X

 
distance

distance ospf intra-area d1 ][ inter-area d2 ][ external d3 ]

PIX Firewall

         

X

FWSM

 

X

X (L2)

     
domain-name

domain-name name

PIX Firewall

     

X

   

FWSM

     

X

   
dynamic-map

[no] dynamic-map dynamic-map-name dynamic-seq-num subcommand

PIX Firewall

         

X

FWSM

 

X

       
eeprom

eeprom update

PIX Firewall

       

X

 

FWSM

         

X

enable

enable [priv_1evel]

PIX Firewall

       

X

 

FWSM

       

X

 

enable password [pw] [encrypted]

PIX Firewall

X

         

FWSM

X

         

enable password [pw] [level priv_level] [encrypted]

PIX Firewall

       

X

 

FWSM

       

X

 
established

established dest_protocol [src_port] [permitto protocol port [-port]] [permitfrom protocol port [-port]]

PIX Firewall

     

X

   

FWSM

     

X

   
exit

exit | quit

PIX Firewall

       

X

 

FWSM

       

X

 
failover

Note All failover commands for FWSM are supported in single context mode only.

failover

PIX Firewall

X

         

FWSM

X

         

failover active

PIX Firewall

       

X

 

FWSM

       

X

 
 

failover interface seconds

PIX Firewall

         

X

FWSM

 

X

       

failover interface ip ifc_name ip_address mask standby ip_address

PIX Firewall

         

X

FWSM

X

         

failover interface-policy n [percent]

PIX Firewall

X

         

FWSM

X

         

[no] failover lan interface ifc_name vlan vlan

PIX Firewall

         

X

FWSM

X

         

failover ip address interface_name ip_address

PIX Firewall

X

         

FWSM

         

X

failover lan enable

PIX Firewall

X

         

FWSM

         

X

failover lan interface interface_name

PIX Firewall

X

         

FWSM

         

X

failover lan key key_secret

PIX Firewall

X

         

FWSM

         

X

 

failover lan unit {primary |  secondary }

Note Firewall MC controls only the active unit; it does not distinguish between primary and secondary units.

PIX Firewall

X

         

FWSM

X

         

failover link stateful_interface_name

PIX Firewall

X

         

FWSM

         

X

failover link ifc_namevlan vlan ]

PIX Firewall

         

X

FWSM

X

         

failover mac address minterface_name act_mac stn_mac

PIX Firewall

 

X

       

FWSM

         

X

failover poll seconds

PIX Firewall

X

         

FWSM

         

X

failover polltimeunit | interface } [ msec ] x [ holdtime  [ msec ] y ]

PIX Firewall

         

X

FWSM

X

         

[no] failover polltime {unit | interface} seconds

PIX Firewall

         

X

FWSM

X

         
 

failover replicate http

PIX Firewall

X

         

FWSM

X

         

failover reset

PIX Firewall

       

X

 

FWSM

       

X

 

[no] failover suspend-config-sync

PIX Firewall

         

X

FWSM

           

failover timeout seconds

PIX Firewall

     

X

   

FWSM

     

X

   
filter

Note All filter commands have an `except' form that is supported in the epilog.

filter activex port local_ip mask foreign_ip mask

PIX Firewall

X

         

FWSM

 

X

       

filter ftp dest-port local_ip local_mask foreign_ip foreign_maskallow ] [ interact-block ]

PIX Firewall

X

         

FWSM

X

         

filter https dest-port local_ip local_mask foreign_ip foreign_maskallow ]

PIX Firewall

X

         

FWSM

X

         
 

filter java port-port ] local_ip mask foreign_ip mask

PIX Firewall

X

         

FWSM

 

X

       

filter url  [ http port -port ]] local_ip local_mask foreign_ip foreign_maskallow ]

PIX Firewall

X

         

FWSM

X

         

filter url [http | port[-port]] local_ip local_mask foreign_ip foreign_mask [allow] [proxy-block] [longurl-truncate | longurl-deny] [cgi-truncate]

Note Syntax errors are generated on [proxy-block] [longurl-truncate | longurl-deny] [cgi-truncate]

PIX Firewall

X

         

FWSM

X

         

filter url except local_ip local_mask foreign_ip foreign_mask

PIX Firewall

X

         

FWSM

X

         
firewall

[no] firewall transparent

Note Import Only -State displayed in GUI and not generated.

PIX Firewall

         

X

FWSM

X (L2)

 

X (L3)

     
fixup protocol

fixup protocol ctiqbe 2748

PIX Firewall

X

         

FWSM

X

         

fixup protocol esp-ike

PIX Firewall

X

         

FWSM

X

         

fixup protocol ftp [strict] [port]

PIX Firewall

X

         

FWSM

X

         

fixup protocol http [port[-port]]

PIX Firewall

X

         

FWSM

X

         

fixup protocol h323 { h225 | ras} port [-port]

PIX Firewall

X

         

FWSM

X

         

fixup protocol icmp error

PIX Firewall

X

         

FWSM

X

         

fixup protocol ils [port[-port]]

PIX Firewall

X

         

FWSM

X

         

fixup protocol mgcp [port [-port]

PIX Firewall

X

         

FWSM

X

         
 

fixup protocol pptp 1723

PIX Firewall

X

         

FWSM

X

         

fixup protocol rpc port

PIX Firewall

         

X

FWSM

X

         

fixup protocol rsh [514]

PIX Firewall

X

         

FWSM

X

         

fixup protocol rtsp [ port]

PIX Firewall

X

         

FWSM

X

         

fixup protocol sip [ port[-port]

PIX Firewall

X

         

FWSM

X

         

fixup protocol sip udp [5060]

PIX Firewall

X

         

FWSM

X

         

fixup protocol skinny [ port[-port]

PIX Firewall

X

         

FWSM

X

         

fixup protocol smtp [ port[-port]]

PIX Firewall

X

         

FWSM

X

         
 

fixup protocol sqlnet [ port[-port]]

PIX Firewall

X

         

FWSM

X

         

fixup protocol tftp

PIX Firewall

X

         

FWSM

X

         

fixup protocol dns maximum-length

PIX Firewall

X

         

FWSM

X

         
flashfs

flashfs downgrade {4.x | 5.0 | 5.1}

PIX Firewall

       

X

 

FWSM

         

X

[no] flashfs

PIX Firewall

         

X

FWSM

       

X

 
floodguard

floodguard enable | disable

PIX Firewall

X

         

FWSM

X

         
format

format disk:

PIX Firewall

           

FWSM

       

X

 
fragment

Note Fragments can be imported correctly, but will generate commands per interface only.

fragment size database-limit [interface]

PIX Firewall

X

         

FWSM

X

         

fragment chain chain-limit [interface]

PIX Firewall

X

         

FWSM

X

         

fragment timeout seconds [interface]

PIX Firewall

X

         

FWSM

X

         
ftp mode

[no] ftp mode passive

Note Single-context mode.

PIX Firewall

         

X

FWSM

 

X

       

[no] ftp mode passive

Note Multiple-context mode.

PIX Firewall

         

X

FWSM

   

X

     
gdb

[no] gdbbreak | enable }

PIX Firewall

         

X

FWSM

       

X

 
global

global [(interface_name) ] nat_id {global_ip [-global_ip] [netmask global_mask]} | interface

PIX Firewall

X

         

FWSM

X

         
help

help

PIX Firewall

       

X

 

FWSM

       

X

 
hostname

hostname newname

PIX Firewall

X

         

FWSM

X

         
http

http ip_address [netmask] [interface_name]

PIX Firewall

X

         

FWSM

X

         

http server enable

PIX Firewall

X

         

FWSM

X

         
icmp

icmp permit | deny [host] src_addr [src_mask] [type] int_name

PIX Firewall

X

         

FWSM

X

         
igmp

Note See the multicast command for igmp subcommands.

ignore

[no] ignore lsa mospf

PIX Firewall

         

X

FWSM

 

X

X (L2)

     
interface

Note See also router interface command reference for ospf subcommand support.

[no] interface interface_name

PIX Firewall

         

X

FWSM

X

         

interface hardware_id [hardware_speed] [shutdown]

PIX Firewall OS

X

         

FWSM

         

X

interface hardware_id vlan_id [logical | physical] [shutdown]

PIX Firewall

X

         

FWSM

         

X

interface hardware_id change-vlan old_vlan_id new_vlan_id

PIX Firewall

   

X

     

FWSM

         

X

FWSM 2.2 interface submode command: [ shutdown ]

Example:

fwsm(config)# interface inside

fwsm(config-interface) shutdown

PIX Firewall

         

X

FWSM

X
(L2) (L3)

         
 

FWSM 2.2 interface submode command [ ospf ]

Example:

fwsm(config)# interface inside

fwsm(config-interface) ospf *

PIX Firewall

         

X

FWSM

 

X

       
ip address

ip address ip_address [mask] [standby sby_ip_addr]

PIX Firewall

         

X

FWSM

X

         

ip address interface_name ip_address [mask] [standby sby_ip_addr]

PIX Firewall

         

X

FWSM

X

         

ip address interface_name ip_address [netmask]

PIX Firewall

X

         

FWSM

         

X

ip address outside dhcp [setroute] [retry retry_cnt]

PIX Firewall

X

         

FWSM

         

X

ip address interface_name pppoe [setroute]

PIX Firewall

X

         

FWSM

         

X

ip address interface_name ip_address netmask pppoe [setroute]

PIX Firewall

X

         

FWSM

         

X

ip audit

ip audit attack [ action [ alarm ] [ drop ] [reset]]

PIX Firewall

X

         

FWSM

         

X

ip audit info [action [ alarm ] [ drop ] [reset]]

PIX Firewall

X

         

FWSM

         

X

ip audit interface interface_name audit_name

PIX Firewall

X

         

FWSM

         

X

ip audit name audit_name attack [ action [ alarm ] [ drop ] [reset]]

PIX Firewall

X

         

FWSM

         

X

ip audit name audit_name info [action [ alarm ] [ drop ] [reset]]

PIX Firewall

X

         

FWSM

         

X

ip audit signature signature_number disable

PIX Firewall

X

         

FWSM

         

X

ip local pool

ip local pool pool_name pool_start-address[-pool_end-address] [mask <mask>]

PIX Firewall

 

X

       

FWSM

         

X

ip prefix-list

Note See also prefix-list commands.

[no] ip prefix-list list-name [seq seq-value] {deny | permit network/length}[ge ge-value] [le le-value]

PIX Firewall

         

X

FWSM

 

X

       

ip prefix-list sequence-number

PIX Firewall

         

X

FWSM

 

X

       
ip verify reverse-path

ip verify reverse-path interface int_name

PIX Firewall

X

         

FWSM

X

         
isakmp

isakmp client configuration address-pool local pool-name [interface-name]

PIX Firewall

X

         

FWSM

 

X

       

isakmp enable interface-name

PIX Firewall

X

         

FWSM

 

X

       

isakmp identity {address | hostname | [key-id key_id_string]}

PIX Firewall

X

         

FWSM

 

X

       

isakmp keepalive seconds [retry_seconds]

PIX Firewall

X

         

FWSM

 

X

       
 

isakmp key keystring address peer-address [netmask mask] [no-xauth] [no-config-mode]

PIX Firewall

X

         

FWSM

 

X

       

isakmp nat-traversal [natkeepalive]

PIX Firewall

X

         

FWSM

 

X

       

isakmp peer fqdn fqdn no-xauth no-config-mode

PIX Firewall

X

         

FWSM

 

X

       
isakmp policy

isakmp policy priority authentication pre-share | rsa-sig

PIX Firewall

X

         

FWSM

 

X

       

isakmp policy priority encryption aes | aes-192| aes-256 | des | 3des

PIX Firewall

X

         

FWSM

 

X

       

isakmp policy priority group1 | 2 | 5

PIX Firewall

X

         

FWSM

 

X

       

isakmp policy priority hash md5 | sha

PIX Firewall

X

         

FWSM

 

X

       
 

isakmp policy priority lifetime seconds

PIX Firewall

X

         

FWSM

 

X

       
kill

kill

PIX Firewall

       

X

 

FWSM

       

X

 
limit-resource

[no] limit-resource {[rate] resource_name | all} number [%]

PIX Firewall

         

X

FWSM

 

X

       
log-adj-
changes

log-adj-changes [ detail ]

PIX Firewall

         

X

FWSM

 

X

X (L2)

     

no log-adj-changes

PIX Firewall

         

X

FWSM

 

X

X (L2)

     
logging

logging on

PIX Firewall

X

         

FWSM

X

         

logging buffered level

PIX Firewall

X

         

FWSM

X

         
 

logging console level

PIX Firewall

X

         

FWSM

X

         

logging device-id {hostname | ipaddress interface_name | string text}

PIX Firewall

X

         

FWSM

X

         

logging facility facility

PIX Firewall

X

         

FWSM

X

         

logging history level

PIX Firewall

X

         

FWSM

X

         

logging host [in_interface_name] ip_address [protocol/port] format emblem [interface int1 [ int2 ...]]

Note The interface parameter is not supported. An import error results if the interface parameter is defined.

PIX Firewall

X

         

FWSM

X

         

logging message syslog_id [ level level]

PIX Firewall

X

         

FWSM

X

         

logging monitor level

PIX Firewall

X

         

FWSM

X

         
 

logging queue queue_size

PIX Firewall

X

         

FWSM

X

         

logging standby

PIX Firewall

X

         

FWSM

X

         

logging timestamp

PIX Firewall

X

         

FWSM

X

         

logging trap level

PIX Firewall

X

         

FWSM

X

         
logical-
interface

[no] logical-interface vlan number [-vlan number] [ context_aliascontext_alias]]

PIX Firewall

         

X

FWSM

 

X

       
login

login

PIX Firewall

       

X

 

FWSM

       

X

 
logout

logout

PIX Firewall

         

X

FWSM

 

X

       
mac-address-
table static

[no] mac-address-table static interface_name mac

PIX Firewall

         

X

FWSM

X (L2)

 

X (L3)

     
mac-address-
table aging-time

[no] mac-address-table aging-time minutes

no mac-address-table aging-time

PIX Firewall

         

X

FWSM

X (L2)

 

X L3)

     
mac-learn

[no] mac-learn interface_name disable

PIX Firewall

         

X

FWSM

X (L2)

 

X (L3)

     
mac-list

mac-list id deny | permit mac macmask

PIX Firewall

 

X

       

FWSM

 

X

       
management-
access

management-access mgmt_if

PIX Firewall

X

         

FWSM

X

         
match

(ospf)

match [ interface interface_name | metric metric_value | ip address acl_id | route-type {local | internal | [ external [type-1 | type-2]]} | nssa-external [type-1 | type-2] | ip next-hop acl_id | ip route-source acl_id]

PIX Firewall

         

X

FWSM

 

X

       
match interface

(IP) (ospf)

[no] match interface interface-type interface-number [... interface-type interface-number ]

PIX Firewall

         

X

FWSM

 

X

       
match ip address

(ospf)

[no] match ip address {access-list-number | access-list-name} [... access-list-number | ... access-list-name ]

PIX Firewall

         

X

FWSM

 

X

       
match ip next-hop

(ospf)

[no] match ip next-hop {access-list-number | access-list-name} [...access-list-number | ...access-list-name ]

PIX Firewall

         

X

FWSM

 

X

       
match ip route-source

match ip route-source {access-list-number | access-list-name}[...access-list-number | ...access-list-name]

PIX Firewall

         

X

FWSM

 

X

       
match metric

(ospf)

[no] match ip route-source {access-list-number | access-list-name}[...access-list-number | ...access-list-name]

PIX Firewall

         

X

FWSM

 

X

       
match route-type

(IP) (ospf)

[no] match route-type {local | internal | external [type-1 | type-2] | level-1 | level-2}

PIX Firewall

         

X

FWSM

 

X

       
member

(context submode)

[no] member class_name

PIX Firewall

         

X

FWSM

 

X

       
mgcp

mgcp call-agent ip_address group_id

PIX Firewall

 

X

       

FWSM

 

X

       

mgcp command-queue limit

PIX Firewall

 

X

       

FWSM

 

X

       

mgcp gateway ip_address group_id

PIX Firewall

 

X

       

FWSM

 

X

       
mkdir

mkdirdisk: ] path

PIX Firewall

         

X

FWSM

 

X

       
mode

modesingle  | multiple }

PIX Firewall

         

X

FWSM

 

X

       
monitor-
interface

[no] monitor-interface interface_name

PIX Firewall

         

X

FWSM

X

         
more

more [/ascii] || [/binary] [ disk: ] path

PIX Firewall

         

X

FWSM

 

X

       
mroute

mroute src smask in-if-name dst dmask out-if-name

PIX Firewall

 

X

       

FWSM

 

X

       
multicast
and subcommands

multicast interface interface_name

PIX Firewall

 

X

       

FWSM

 

X

       

igmp forward interface interface_name

PIX Firewall

 

X

       

FWSM

 

X

       

igmp access-group acl_id

PIX Firewall

 

X

       

FWSM

 

X

       

igmp join-group group

PIX Firewall

 

X

       

FWSM

 

X

       
 

igmp max-groups number

PIX Firewall

 

X

       

FWSM

 

X

       

igmp query-interval seconds

PIX Firewall

 

X

       

FWSM

 

X

       

igmp query-max-response-time seconds

PIX Firewall

 

X

       

FWSM

 

X

       

igmp version {1 | 2}

PIX Firewall

 

X

       

FWSM

 

X

       
mtu

mtu interface_name bytes

PIX Firewall

X

         

FWSM

X

         
name/names

name ip_address name

PIX Firewall

X

         

FWSM

X

         

names

PIX Firewall

X

         

FWSM

X

         
nameif

nameif {hardware_id | vlan_id} interface_name security_level

PIX Firewall

X

         

FWSM

         

X

nameif interface interface_name security_level

PIX Firewall

         

X

FWSM

X

         

nat

nat [interface_name] id addressnetmask ][ norandomseq ] [ timeout hh:mm:ss ] [ conn_limitem_limit ]]]

PIX Firewall

X

         

FWSM

         

X

nat [interface_name] id address [netmaskoutside ] [ dns ] [ norandomseq ] [ timeout hh:mm:ss ] [ conn_limitem_limit ]]]

PIX Firewall

X

         

FWSM

         

X

nat [interface_name] 0 access-list acl_name

PIX Firewall

X

         

FWSM

X

         

nat [interface_name] id access-list acl_nameoutside ] [ dns ] [ norandomseq ] [ timeout hh:mm:ss ] [ conn_limit em_limit]]]

PIX Firewall

X

         

FWSM

         

X

nat interface_name nat_id local_ip [mask [dns] [outside] [norandomseq ] [max_conns [emb_limit ]]]}

PIX Firewall

         

X

FWSM

X

         
 

nat interface_name nat_id0access-list acl_nameoutside ]]}

PIX Firewall

         

X

FWSM

X

         

[no] nat (<if_name>) <nat_id> <local_ip> [<mask> [dns] [outside] [[tcp] <max_conns> [emb_limit> [<norandomseq>]]]] [udp <udp_max_conns>]

PIX Firewall

         

X

FWSM

X

         

[no] static [(real_ifc, mapped_ifc)] {<mapped_ip>|interface} {<real_ip> [netmask <mask>]} | {access-list <acl_name>} [dns] [norandomseq] [[tcp] <max_conns> [<emb_lim>]] [udp <udp_max_conns>]

PIX Firewall

         

X

FWSM

X

         

[no] static [(real_ifc, mapped_ifc)] {tcp|udp} {<mapped_ip>|interface} <mapped_port> {<real_ip> <real_port> [netmask <mask>]} | {access-list <acl_name>} [dns] [norandomseq] [[tcp] <max_conns> [<emb_lim>]] [udp <udp_max_conns>]

PIX Firewall

         

X

FWSM

X

         
np

np { 1 | 2 | 3 | all } cab address data

PIX Firewall

         

X

FWSM

 

X

       
ntp

ntp authenticate

PIX Firewall

     

X

   

FWSM

         

X

ntp authentication-key number md5 value

PIX Firewall

     

X

   

FWSM

         

X

ntp server ip_address key number ] source interface_nameprefer ]

PIX Firewall

     

X

   

FWSM

         

X

ntp trusted-key number

PIX Firewall

     

X

   

FWSM

         

X

object-group

Note Support for service groups within object grouping is limited. Service groups are successfully parsed, but flatten immediately. This affects commands with keywords icmp-type, protocol, and service.

object-group grp_id

PIX Firewall

X

         

FWSM

X

         

object-group icmp-type grp_id description description_text icmp-group icmp_type

PIX Firewall

X

         

FWSM

X

         
ospf

object-group network grp_id description description_text network-object host host_addr network-object host_addr netmask

PIX Firewall

X

         

FWSM

X

         

object-group protocol grp_id description description_text protocol-object protocol

PIX Firewall

X

         

FWSM

X

         

object-group service grp_id {tcp | udp | tcp-udp} description description_text port-object eq service port-object range begin_service end_service

PIX Firewall

X

         

FWSM

X

         

(interface submode)

ospfauthentication  [ message-digest | null]} | { authentication-key password} | { cost interface_cost} | { database-filter all out} | { dead-interval seconds} | { hello-interval seconds} | { message-digest-key key-id md5 key} | {mtu-ignore} | { priority number} | {retransmit-interval seconds} | { transmit-delay seconds}

PIX Firewall

         

X

FWSM

 

X

       
outbound / apply

Note Outbounds rely on the converter tool to translate outbounds and conduits to access-list commands. Commands have been deprecated.

apply [interface_name ] list_ID outgoing_src outgoing_dest

PIX Firewall

   

X

     

FWSM

         

X

 

outbound list_ID permit | deny ip_address [netmask [port[-port]] [protocol]

PIX Firewall

   

X

     

FWSM

         

X

outbound list_ID except ip_address [netmask [port[-port]] [protocol]

PIX Firewall

   

X

     

FWSM

         

X

pager

pagerlines number]

PIX Firewall

     

X

   

FWSM

     

X

   
password

password | passwd } passwordencrypted ]

PIX Firewall

X

         

FWSM

X

         
pdm

pdm history enable

PIX Firewall

     

X

   

FWSM

     

X

   

pdm history [view {all | 12h | 5d | 60m | 10m}] [snapshot] [feature {all | blocks | cpu | failover | ids | interface interface_name | memory | perfmon | xlates}] [pdmclient]

PIX Firewall

     

X

   

FWSM

     

X

   

pdm location ip_address netmask interface_name

PIX Firewall

     

X

   

FWSM

     

X

   
 

pdm logging [level [messages]]

PIX Firewall

     

X

   

FWSM

     

X

   
perfmon

perfmon verbose

PIX Firewall

       

X

 

FWSM

       

X

 

perfmon interval seconds

PIX Firewall

       

X

 

FWSM

       

X

 

perfmon quiet

PIX Firewall

       

X

 

FWSM

       

X

 

perfmon settings

PIX Firewall

       

X

 

FWSM

       

X

 
ping

pinginterface_name ] ip_address

PIX Firewall

       

X

 

FWSM

       

X

 
prefix-list

Note See also ip prefix-list commands.

prefix-list list_name [seq seq_value] {permit | deny prefix / len} [ge min_value] [le max_value]

PIX Firewall

 

X

       

FWSM

         

X

 

prefix-list {list_name [ seq seq_value] { permit | deny prefix / len} [ ge min_value] [ le max_value]} | sequence-number

PIX Firewall

         

X

FWSM

 

X

       

prefix-list list_name description text

PIX Firewall

         

X

FWSM

 

X

       

prefix-list sequence-number

PIX Firewall

 

X

       

FWSM

 

X

       
privilege

privilege [ showclear | configure ] level levelmode enable | configure] command command

PIX Firewall

 

X

       

FWSM

 

X

       
pwd

pwd

PIX Firewall

 

X

       

FWSM

 

X

       
quit

quit

PIX Firewall

       

X

 

FWSM

       

X

 
redistribute

redistribute { static | connected } [ metric metric_value ] [ metric-type metric_type] [ route-map map_name] [ tag tag_value] [ subnets ]

PIX Firewall

         

X

FWSM

 

X (L3)

X (L2)

     

redistribute ospf pid [match {internal | external [1 | 2] | nssa-external [1|2]}] [metric metric_value ] [metric-type metric_type] [route-map map_name] [tag tag_value] [subnets]

PIX Firewall

         

X

FWSM

 

X (L3)

X (L2)

     
reload

reload

PIX Firewall

   

X

     

FWSM

   

X

     

reload noconfirm

PIX Firewall

   

X

     

FWSM

   

X

     
rename

renamedisk: ] [ source-path ] [ disk: ] [ destination-path ]

PIX Firewall

         

X

FWSM

 

X

       
rip

rip interface_name default | passive [version [1 | 2]] [authentication [text | md5 key (key_id)]]

PIX Firewall

X

         

FWSM

X

         
rmdir

rmdirdisk: ] [ path ]

PIX Firewall

         

X

FWSM

 

X

       
route

route interface_name ip_address netmask gateway_ip [metric]

PIX Firewall

X

         

FWSM

X

         
route-map

route-map map_tag [permit | deny] [seq_num]

PIX Firewall

 

X

       

FWSM

 

X

X (L2)

     

match [interface | route-type | metric | ip address | ip next-hop | ip route-source]

PIX Firewall

         

X

FWSM

 

X

       

set metric [+ | -] metric_value

PIX Firewall

         

X

FWSM

 

X

       

set metric-type type-1 | type-2 | internal | external

PIX Firewall

         

X

FWSM

 

X

       

set ip next-hop ip-address [ip-address...]

PIX Firewall

         

X

FWSM

 

X

       
router

route interface_name ip_address netmask gateway_ipmetric ]

PIX Firewall

X

         

FWSM

X

         
router-id

router-id ip_address

PIX Firewall

         

X

FWSM

 

X

X (L2)

     
router ospf
and subcommands

router ospf pid

PIX Firewall

 

X

       

FWSM

X

         

area area_id

PIX Firewall

 

X

       

FWSM

 

X

       

area area_id authentication [message-digest]

PIX Firewall

 

X

       

FWSM

 

X

       

area area_id default-cost cost

PIX Firewall

 

X

       

FWSM

 

X

       

area area_id filter-list prefix {prefix_list_name in | out}

PIX Firewall

 

X

       

FWSM

 

X

       
 

area area_id nssa [no-redistribution] [default-information-originate [metric-type 1 | 2] [metric metric_value]] [no-summary]

PIX Firewall

 

X

       

FWSM

 

X

       

area area_id range ip_address netmask [advertise | not-advertise]

PIX Firewall

 

X

       

FWSM

 

X

       

area area_id stub [no-summary]

PIX Firewall

 

X

       

FWSM

 

X

       

area area_id virtual-link router_idauthenticationmessage-digest | null ]] [ hello-interval seconds ] [ retransmit-interval seconds] [ transmit-delay seconds] [ dead-interval seconds ] [ authentication-key password ] [ message-digest-key id md5 password ]

PIX Firewall

 

X

       

FWSM

 

X

       

compatible rfc1583

PIX Firewall

 

X

       

FWSM

 

X

       

default-information originate [always] [metric metric_value] [metric-type {1 | 2}] [route-map map_name]

PIX Firewall

 

X

       

FWSM

 

X

       

distance ospf [intra-area d1][inter-area d2][external d3]

PIX Firewall

 

X

       

FWSM

 

X

       
 

ignore lsa mospf

PIX Firewall

 

X

       

FWSM

 

X

       

log-adj-changes [detail]

PIX Firewall

 

X

       

FWSM

X

         

network prefix ip_address netmask area area_id

PIX Firewall

 

X

       

FWSM

 

X

       

redistribute {static | connected} [metric metric_value ] [metric-type metric_type] [route-map map_name] [tag tag_value] [subnets]

PIX Firewall

 

X

       

FWSM

 

X

       

redistribute ospf pid [match {internal | external [1|2] | nssa-external [1|2]}] [metric metric_value ] [metric-type metric_type] [route-map map_name] [tag tag_value] [subnets]

PIX Firewall

 

X

       

FWSM

 

X

       

router-id ip_address

PIX Firewall

 

X

       

FWSM

 

X

       

summary-address addr netmask [not-advertise] [tag tag_value]

PIX Firewall

 

X

       

FWSM

 

X

       
 

timers {spf spf_delay spf_holdtime | lsa-group-pacing seconds}

 

PIX Firewall

 

X

       

FWSM

 

X

       
routing interface and subcommands

routing interface interface_name

PIX Firewall

 

X

       

FWSM

 

X

       

ospf {authentication [message-digest | null]} | {authentication-key password} | {cost interface_cost} | {database-filter all out} | {dead-interval seconds} | {hello-interval seconds} | {message-digest-key key-id md5 key} | {mtu-ignore} | {priority number} | {retransmit-interval seconds} | {transmit-delay seconds}

PIX Firewall

 

X

       

FWSM

 

X

       
rpc-server

rpc-server ifc_name ip_addr mask service service_type protocol [TCP | UDP] port port [- port ] timeout hh:mm:ss

PIX Firewall

         

X

FWSM

     

X

   
same-security-traffic

same-security-traffic permit inter-interface

PIX Firewall

         

X

FWSM

X

         

same-security-traffic permit intra-interface

PIX Firewall

         

X

FWSM

           
service

service resetinbound | resetoutside

PIX Firewall

X

         

FWSM

X

         
session

session enable

PIX Firewall

   

X

     

FWSM

   

X

     
set ip next-hop

set ip next-hop ip-addressip-address ]

PIX Firewall

         

X

FWSM

 

X

       
set metric

set metric metric_value

PIX Firewall

         

X

FWSM

 

X

       
set metric-type

set metric-type {type-1 | type-2 | internal | external}

PIX Firewall

         

X

FWSM

 

X

       
setup

setup

PIX Firewall

       

X

 

FWSM

       

X

 
show

show

PIX Firewall

       

X

 

FWSM

       

X

 
shun

shun src_ip [dst_ip sport dport [protocol]]

PIX Firewall

       

X

 

FWSM

       

X

 
shutdown

shutdown

PIX Firewall

         

X

FWSM

X

         
snmp

snmp deny version <version-string>

PIX Firewall

     

X

   

FWSM

         

X

snmp-server

snmp-server community key

PIX Firewall

X

         

FWSM

X

         

snmp-server {contact | location} text

PIX Firewall

X

         

FWSM

X

         

snmp-server host [interface_name] ip_addr [trap | poll]

PIX Firewall

X

         

FWSM

X

         

snmp-server enable traps

PIX Firewall

X

         

FWSM

X

         

[no] snmp-server enable events [all | <feature> [<event1> ... <eventn>]]

PIX Firewall

         

X

FWSM

           
ssh

ssh ip_address [netmask] [interface_name]

PIX Firewall

X

         

FWSM

X

         

ssh disconnect session_id

PIX Firewall

       

X

 

FWSM

       

X

 
 

ssh timeout mm

PIX Firewall

X

         

FWSM

X

         
static

Note Firewall MC does not support the interface option; an error results during import.

[no] staticlocal_iinterface, global_interface ] {global_ip | interface} {local_ipnetmask mask ] | access-list acl_name} [ dns ] [ norandomseq ] [ max_connsemb_limit]]

PIX Firewall

X

         

FWSM

X

         

[no] static [local_interface, global_interface] { tcp | udp } {global_ip | interface} global_port {local_ip local_port [netmask mask] | access-list acl_name} [ dns ] [ norandomseq ] [ max_connsemb_limit ]]

PIX Firewall

X

         

FWSM

X

         
summary-
address

summary-address addr netmasknot-advertise ] [ tag tag_value ]

PIX Firewall

         

X

FWSM

 

X

       
syslog

syslog

Note This command is deprecated in PIX Firewall OS Version 6.2.

PIX Firewall

 

X

       

FWSM

         

X

sysopt

sysopt connection permit-pptp  | permit-l2tp

PIX Firewall

 

X

       

FWSM

         

X

sysopt connection permit-ipsec

PIX Firewall

X

         

FWSM

         

X

sysopt connection tcpmss bytes

PIX Firewall

X

         

FWSM

X

         

sysopt connection tcpmss minimum bytes

PIX Firewall

 

X

       

FWSM

         

X

sysopt connection timewait

PIX Firewall

 

X

       

FWSM

 

X

       

sysopt ipsec pl-compatible

PIX Firewall

 

X

       

FWSM

 

X

       

sysopt nodnsalias inbound | outbound

PIX Firewall

 

X

       

FWSM

 

X

       

sysopt noproxyarp interface_name

PIX Firewall

X

         

FWSM

X

         
 

sysopt radius ignore-secret

PIX Firewall

 

X

       

FWSM

 

X

       

sysopt route dnat

Note This command is deprecated in PIX OS Version 6.3.

PIX Firewall

     

X

   

FWSM

         

X

sysopt security fragguard

Note This command is deprecated in PIX OS Version 6.3.

PIX Firewall

 

X

       

FWSM

         

X

sysopt uauth allow-http-cache

PIX Firewall

 

X

       

FWSM

         

X

telnet

telnet ip_address [netmask] [interface_name]

PIX Firewall

X

         

FWSM

X

         

telnet timeout minutes

PIX Firewall

X

         

FWSM

X

         
terminal

terminal monitor

PIX Firewall

     

X

   

FWSM

     

X

   

terminal width characters

PIX Firewall

     

X

   

FWSM

     

X

   
tftp-server

tftp-server [ interface_name] ip _address path

PIX Firewall

X

         

FWSM

X

         
timeout

timeoutxlate [hh:mm:ss]] [ conn [hh:mm:ss]] [ half-closed [hh:mm:ss]] [ udp [hh:mm:ss]] [ rpc [hh:mm:ss]] [ h225 [hh:mm:ss]] [ h323 [hh:mm:ss]] [ mgcp hh:mm:ss] [ sip [hh:mm:ss]] [ sip_media [hh:mm:ss]][ uauth [hh:mm:ss] [ absolute | inactivity]]

PIX Firewall

X

         

FWSM

X

         
timers

timers {spf spf_delay spf_holdtime | lsa-group-pacing seconds}

PIX Firewall

         

X

FWSM

 

X

       
upgrade-mp

upgrade-mp tftp://location/pathname

PIX Firewall

         

X

FWSM

 

X

       

upgrade-mp http[s]://[user:password@]location [:port]/pathname

PIX Firewall

         

X

FWSM

 

X

       
 

upgrade-mp tftp[:[[//location][/pathname]]]

PIX Firewall

         

X

FWSM

 

X

       
uptime

uptime

PIX Firewall

         

X

FWSM

 

X

       
url-block

url-block block block_buffer_limit

PIX Firewall

X

         

FWSM

X

         

url-block url-mempool memory_pool_size

PIX Firewall

X

         

FWSM

X

         

url-block url-size long_url_size

Note Websense only.

PIX Firewall

X

         

FWSM

X

         
url-cache

url-cache {dst | src_dst} size kbytes

PIX Firewall

X

         

FWSM

X

         
url-server

url-serverinterface_name ] vendor n2h2 host local_ipport number ] [ timeout seconds ] [ protocol {TCP | UDP}]

Note N2H2 only.

PIX Firewall

X

         

FWSM

X

         

url-server interface_name] vendor websense host local_ip [ timout seconds ] [ protocol {TCP |  UDP } version]

Note Websense only.

PIX Firewall

X

         

FWSM

X

         
username

username username {[{nopassword | password password} [encrypted]] [privilege level]}

PIX Firewall

X

         

FWSM

X

         
virtual

virtual http ip_address [warn]

PIX Firewall

     

X

   

FWSM

     

X

   

virtual telnet ip_address

PIX Firewall

     

X

   

FWSM

     

X

   
vpdn

vpdn enable interface_name

PIX Firewall

 

X

       

FWSM

 

X

       

vpdn group group_name [[accept dialin pptp | l2tp]] | [ppp encryption mppe 40 | 128| auto [required]] | [ client configuration address local address_pool_name ] | [client configuration dns dns_ip1 [dns_ip2]] | [ client configuration wins wins_ip1 [wins_ip2]] | [client authentication local | aaa auth_aaa_group] | [ client accounting acct_aaa_group] | [pptp echo echo_time] | [ l2tp tunnel hello hello_time]

PIX Firewall

 

X

       

FWSM

 

X

       

vpdn username name password passwd store-local

PIX Firewall (PPPoE only)

X

         

PIX Firewall (all other instances)

     

X

   

FWSM

X

         

vpdn username name password passwd

PIX Firewall

 

X

       

FWSM

 

X

       
 

vpdn group group_name localname username

PIX Firewall (PPPoE only)

X

         

PIX Firewall (all other instances)

     

X

   

FWSM

X

         

vpdn group group_name request dialout pppoe

PIX Firewall (PPPoE only)

X

         

PIX Firewall (all other instances)

     

X

   

FWSM

X

         
 

vpdn group group_name ppp authentication PAP | CHAP | MSCHAP

PIX Firewall (PPPoE only)

X

         

PIX Firewall (all other instances)

     

X

   

FWSM

X

         
vpnclient

vpnclient vpngroup group_name password preshared_key

PIX Firewall

X

         

FWSM

X

         

vpnclient username xauth_username password xauth_password

PIX Firewall

X

         

FWSM

X

         

vpnclient server ip_primary [ip_secondary_1, ip_sendary_2, ..., ip_secondary_n]

PIX Firewall

X

         

FWSM

X

         

vpnclient mac-exempt mac_addr_1 mac_mask_1 [mac_addr_2 mac_mask_2]

PIX Firewall

X

         

FWSM

X

         

vpnclient mode client-mode | network-extension-mode

PIX Firewall

X

         

FWSM

X

         

vpnclinet enable

PIX Firewall

X

         

FWSM

X

         
 

vpnclient management {[tunnel {ip_addr_1| ip_mask_1} [{ip_addr_2 | ip_mask_1}...]] | [clear]}

PIX Firewall

X

         

FWSM

X

         

vpnclient connect

PIX Firewall

 

X

       

FWSM

 

X

       

vpnclient disconnect

PIX Firewall

 

X

       

FWSM

 

X

       

vpnclient nem-st-autoconnect

PIX Firewall

 

X

       

FWSM

 

X

       
vpngroup

vpngroup group_name address-pool pool_name

PIX Firewall

X

         

FWSM

         

X

vpngroup group_name authentication-server server_tag

PIX Firewall

X

         

FWSM

         

X

vpngroup group_name backup-server {{ip1 [ip2 ... ip10]} | clear}

PIX Firewall

X

         

FWSM

         

X

 

vpngroup group_name clear-client-cfg

PIX Firewall

         

X

FWSM

 

X

       

vpngroup group_name default-domain domain_name

PIX Firewall

X

         

FWSM

         

X

vpngroup group_name device-pass-through

PIX Firewall

X

         

FWSM

         

X

vpngroup group_name dns-server dns_ip_prim [dns_ip_sec]

PIX Firewall

X

         

FWSM

         

X

vpngroup group_name idle-time idle_seconds

PIX Firewall

X

         

FWSM

         

X

vpngroup group_name max-time max_seconds

PIX Firewall

X

         

FWSM

         

X

vpngroup group_name password preshared_key

PIX Firewall

X

         

FWSM

         

X

vpngroup group_name pfs

PIX Firewall

X

         

FWSM

         

X

 

vpngroup group_name split-dns domain_name1 [domain_name2, domain_name3, ..., domain_name8]

PIX Firewall

X

         

FWSM

         

X

vpngroup group_name split-tunnel acl_name

PIX Firewall

X

         

FWSM

         

X

vpngroup group_name user-authentication

PIX Firewall

X

         

FWSM

         

X

vpngroup group_name user-idle-timeout user_idle_seconds

PIX Firewall

X

         

FWSM

         

X

vpngroup group_name wins-server wins_ip_prim [wins_ip_sec]

PIX Firewall

X

         

FWSM

         

X

who

who [local_ip]

PIX Firewall

       

X

 

FWSM

       

X

 
write

write net [[server_ip]:[filename]]

PIX Firewall

       

X

 

FWSM

       

X

 
 

write floppy

PIX Firewall

       

X

 

FWSM

       

X

 

write memory | floppy [uncompressed]

PIX Firewall

       

X

 

FWSM

       

X

 

write standby

PIX Firewall

       

X

 

FWSM

       

X

 

write terminal

PIX Firewall

       

X

 

FWSM

       

X

 

writeeraseuncompressed ] | memory | standbyterminal}

PIX Firewall

         

X

FWSM

       

X

 

Summary of Commands Not Supported

The following is a high-level summary of the PIX 6.3.4 and FWMC 2.2.1 commands that are not supported in the Firewall MC 1.3.3 GUI. We recommend that you refer to Table 2 for details about the commands and the level of support provided by Firewall MC.

Active commands such as show, debug, and clear are either discarded or generate errors during import.

OSPF commands are treated as unknown commands.

IPSec commands on FWSM 2.2.1 are treated as unknown commands.

FWSM system context commands are treated as unknown commands. This includes commands such as creation and deletion of security contexts, switching the blade between single and multiple context or between routed and transparent mode, failover configuration in system context, and resource manager.

Access-list interface used in place of a source or destination address is not supported; object-group-search cannot easily be added to the epilog in the Firewall MC GUI, because Firewall MC could modify the ACL name during deployment. If the object-group-search command is in the epilog, its ACL name might not match the one Firewall MC deploys.

AAA include and exclude commands are not supported, but they can be manually converted to an ACL.

Integration of ACL Memory with Resource Manager—The associated CLI for this feature (resource-manager allocate-resource acl-memory-pool <1-12>) is not supported.


hometocprevnextglossaryfeedbacksearchhelp

Posted: Thu Feb 9 05:56:10 PST 2006
All contents are Copyright © 1992--2006 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.