Supported Devices, OS Versions and Commands for Management Center for Firewalls 1.1.2

Series	Devices Supported	Software
Cisco PIX Firewall Series	PIX 501, PIX 506, PIX 506E, PIX 515, PIX 515E, PIX 525, PIX 535	PIX OS 6.0(x), PIX OS 6.1(x), PIX OS 6.2(x), PIX OS 6.3
FWSM	N/A	FWSM 1.1.1, 1.1.2

PIX Firewall and Firewall Services Module (FWSM) CLI commands receive different levels of support from Firewall MC 1.1.2. You should fully understand the level of support that each command receives from Firewall MC. This understanding will enable you to use commands or command combinations in PIX Firewall and FWSM configuration files so that import operations and deployment jobs succeed.

Table 2 PIX Firewall Version 1.1.2 CLI Commands Support Status

Command Reference	CLI Commands	Supported	Unsupported	Error	Ignored	Discarded	Not Used
aaa accounting	aaa accounting include \| exclude acctg_service inbound \| outbound \| if_name local_ip local_mask foreign_ip foreign_mask group_tag Note Include and exclude are not supported, but can be manually converted to an ACL.
	PIX Firewall			X
	FWSM			X
	aaa accounting match acl_name inbound \| outbound \| if_name group_tag
	PIX Firewall	X
	FWSM	X
aaa authentication	aaa authentication include \| exclude authen_service inbound \| outbound \| if _name local_ip local_mask foreign_ip foreign_mask group_tag Note Include and exclude are not supported, but can be manually converted to an ACL.
	PIX Firewall			X
	FWSM			X
	aaa authentication match acl_name inbound \| outbound \| if_name group_tag
	PIX Firewall	X
	FWSM	X
	aaa authentication [enable \| telnet \| ssh \| http] console group_tag
	PIX Firewall	X
	FWSM	X
	aaa authentication [serial \| enable \| telnet \| ssh \| http] console group_tag
	PIX Firewall	X
	FWSM						X
aaa authorization	aaa authorization command {LOCAL \| tacacs_server_tag}
	PIX Firewall	X
	FWSM	X
	aaa authorization include \| exclude author_service inbound \| outbound \| if_name local_ip local_mask foreign_ip foreign_mask Note Include and exclude are not supported, but can be manually converted to an ACL.
	PIX Firewall			X
	FWSM			X
	aaa authorization match acl_name inbound \| outbound \| if_name group_tag
	PIX Firewall	X
	FWSM	X
aaa mac-exempt	aaa mac-exempt match id
	PIX Firewall		X
	FWSM						X
aaa proxy-limit	aaa proxy-limit proxy limit \| disable
	PIX Firewall		X
	FWSM		X
aaa-server	aaa-server group_tag (if_name) host server_ip key timeout seconds
	PIX Firewall	X
	FWSM	X
	aaa-server group_tag protocol auth_protocol
	PIX Firewall	X
	FWSM	X
	aaa-server radius-acctport port
	PIX Firewall		X
	FWSM		X
	aaa-server radius-authport port
	PIX Firewall		X
	FWSM		X
	debug radius session
	PIX Firewall					X
	FWSM					X
access-group	access-group acl_ID in interface interface_name
	PIX Firewall	X
	FWSM	X
access-list	access-list [acl_ID] compiled
	PIX Firewall	X
	FWSM						X
	access-list deny-flow-max n
	PIX Firewall		X
	FWSM						X
	access-list alert-interval secs
	PIX Firewall		X
	FWSM						X
	access-list acl_ID [deny \| permit] icmp {source_addr \| local_addr} {source_mask \| local_mask} {destination_addr \| remote_addr} {destination_mask \| remote_mask} icmp_type
	PIX Firewall	X
	FWSM	X
	access-list acl_ID {deny \| permit} protocol {source_addr \| local_addr} {source_mask \| local_mask} [operator port [port] {destination_addr \| remote_addr} {destination_mask \| remote_mask} [operator port [port]
	PIX	X
	FWSM	X
	access-list id {deny \| permit} icmp {source_addr \| local_addr} {source_mask \| local_mask} \| object-group network_obj_grp_id {destination_addr \| remote_addr} {destination_mask \| remote_mask} \| object-group network_obj_grp_id [icmp_type \| object-group icmp_type_obj_grp_id]
	PIX Firewall			X
	FWSM			X
	access-list id {deny \| permit} {protocol \| object-group protocol_obj_grp_id {source_addr \| local_addr} {source_mask \| local_mask} \| object-group network_obj_grp_id [operator port [port] \| object-group service_obj_grp_id] {destination_addr \| remote_addr} {destination_mask \| remote_mask} \| object-group network_obj_grp_id [operator port [port] \| object-group service_obj_grp_id]}
	PIX Firewall			X
	FWSM			X
	access-list id deny\|permit {any \| <ip> <mask>}
	PIX Firewall						X
	FWSM		X
	debug access-list all \| standard
	PIX Firewall					X
	FWSM					X
	debug access-list all \| standard \| turbo
	PIX Firewall					X
	FWSM						X
activation-key	activation-key activation-key-four-tuple
	PIX Firewall					X
	FWSM						X
alias	alias [(if_name)] dnat_ip foreign_ip [netmask]
	PIX Firewall		X
	FWSM		X
arp	arp if_name ip_address mac_address [ alias ]
	PIX Firewall				X
	FWSM				X
	arp timeout seconds
	PIX Firewall				X
	FWSM				X
auth-prompt	auth-prompt [ accept \| reject \| prompt ] string
	PIX Firewall	X
	FWSM	X
auto-update	auto-update device-id harware-serial \| hostname \| ipaddress [if_name] \| mac-address [if_name] string text
	PIX Firewall	X
	FWSM						X
	auto-update poll-period poll_period [retry_count [retry_period]]
	PIX Firewall	X
	FWSM						X
	auto-update server url [verify_certificate]
	PIX Firewall	X
	FWSM						X
	auto-update timeout period
	PIX Firewall	X
	FWSM						X
banner	banner {exec \| login \| motd} text
	PIX Firewall		X
	FWSM						X
ca	ca authenticate ca_nickname [fingerprint]
	PIX Firewall		X
	FWSM		X
	ca configure ca_nickname ca \| ra retry_period retry_count [crloptional]
	PIX Firewall		X
	FWSM		X
	ca crl request ca_nickname
	PIX Firewall		X
	FWSM		X
	ca enroll ca_nickname challenge_password [serial] [ipaddress]
	PIX Firewall		X
	FWSM		X
	ca generate rsa {key \| specialkey} key_modulus_size
	PIX Firewall		X
	FWSM		X
	ca identity ca_nickname ca_ipaddress[:ca_script_location] [ldap_ip address]
	PIX Firewall		X
	FWSM		X
	ca save all
	PIX Firewall		X
	FWSM		X
	ca subject-name ca_nickname X.500_string
	PIX Firewall		X
	FWSM						X
	ca verifycertdn X.500_string
	PIX Firewall		X
	FWSM						X
	ca zeroize rsa [keypair_name]
	PIX Firewall		X
	FWSM		X
ca generate rsa key	ca generate rsa key modulus
	PIX Firewall		X
	FWSM		X
capture	capture capture_name [access-list acl_name][buffer bytes] [ethernet-type type][interface name] [packet-length bytes] [circular-buffer]
	PIX Firewall					X
	FWSM						X
clear	clear file configuration \| pdm \| pki
	PIX Firewall					X
	FWSM						X
clock	clock set hh:mm:ss {day month \| month day} year
	PIX Firewall		X
	FWSM						X
	clock summer-time zone recurring [week weekday month hh:mm week weekday month hh:mm] [offset]
	PIX Firewall		X
	FWSM						X
	clock summer-time zone date {day month \| month day} year hh:mm {day month \| month day} year hh:mm [offset]
	PIX Firewall		X
	FWSM						X
	clock timezone zone hours [minutes]
	PIX Firewall		X
	FWSM						X
conduit	Note Conduits rely on the converter tool to translate conduits and outbounds to access-list commands.
	conduit permit \| deny protocol global_ip global_mask [operator port [port]] foreign_ip foreign_mask [operator port [port]]
	PIX Firewall			X
	FWSM						X
	conduit permit \| deny icmp global_ip global_mask foreign_ip foreign_mask [icmp_type]
	PIX Firewall			X
	FWSM						X
	conduit deny \| permit protocol \| object-group protocol_obj_grp_id global_ip global_mask \| object-group network_obj_grp_id [operator port [port] \| object-group service_obj_grp_id] foreign_ip foreign_mask \| object-group network_obj_grp_id [operator port [port] \| object-group service_obj_grp_id]
	PIX Firewall			X
	FWSM						X
	conduit deny \| permit icmp global_ip global_mask \| object-group network_obj_grp_id foreign_ip foreign_mask \| object-group network_obj_grp_id [icmp_type \| object-group icmp_type_obj_grp_id]
	PIX Firewall			X
	FWSM						X
configure	configure factory-default [inside_ip_address [address_mask]] Note Applies to PIX 501 and PIX 506/506E only.
	PIX Firewall					X
	FWSM						X
	configure floppy Note Applies only to older PIX Firewalls that have a floppy drive.
	PIX Firewall					X
	FWSM						X
	configure http[s] :// [user:password@] location [ :port ] / http_pathname
	PIX Firewall					X
	FWSM						X
	configure memory
	PIX Firewall					X
	FWSM					X
	configure net [[server_ip]:[filename]]
	PIX Firewall					X
	FWSM					X
	configure terminal
	PIX Firewall					X
	FWSM					X
console	console timeout number
	PIX Firewall					X
	FWSM						X
copy	copy capture: capture_name tftp://location/path [pcap]
	PIX Firewall					X
	FWSM						X
	copy http[s]://[user:password@] location [:port ] / http_pathname flash [: [image \| pdm] ]
	PIX Firewall					X
	FWSM						X
	copy tftp[:[[//location] [/tftp_pathname]]] flash[:[image \| pdm]]
	PIX Firewall					X
	FWSM					X
crashinfo	crashinfo test
	PIX Firewall		X
	FWSM						X
	crashinfo force [page-fault \| watchdog]
	PIX Firewall		X
	FWSM						X
	crashinfo save [enable \| disable]
	PIX Firewall		X
	FWSM						X
crypto dynamic-map	crypto dynamic-map dynamic-map-name dynamic-seq-num match address acl_name
	PIX Firewall		X
	FWSM		X
	crypto dynamic-map dynamic-map-name dynamic-seq-num set peer hostname \| ip-address
	PIX Firewall		X
	FWSM		X
	crypto dynamic-map dynamic-map-name dynamic-seq-num set pfs [group1 \| group2]
	PIX Firewall		X
	FWSM		X
	crypto dynamic-map dynamic-map-name dynamic-seq-num set security-association lifetime seconds seconds \| kilobytes kilobytes
	PIX Firewall		X
	FWSM		X
	crypto dynamic-map dynamic-map-name dynamic-seq-num set transform-set transform-set-name1 [ transform-set-name9]
	PIX Firewall		X
	FWSM		X
crypto ipsec	crypto ipsec security-association lifetime seconds seconds \| kilobytes kilobytes
	PIX Firewall		X
	FWSM		X
	crypto ipsec transform-set transform-set-name transform1 [transform2 [transform3]]
	PIX Firewall		X
	FWSM		X
	crypto ipsec transform-set transform-set-name mode transport
	PIX Firewall		X
	FWSM		X
crypto map	crypto map map-name client [token] authentication aaa-server-name
	PIX Firewall		X
	FWSM		X
	crypto map map-name client configuration address initiate \| respond
	PIX Firewall		X
	FWSM		X
	crypto map map-name interface interface-name
	PIX Firewall		X
	FWSM		X
	crypto map map-name seq-num ipsec-isakmp \| ipsec-manual [dynamic dynamic-map-name]
	PIX Firewall		X
	FWSM		X
	crypto map map-name seq-num match address acl_name
	PIX Firewall		X
	FWSM		X
	crypto map map-name seq-num set peer hostname \| ip-address
	PIX Firewall		X
	FWSM		X
	crypto map map-name seq-num set pfs [group1 \| group2]
	PIX Firewall		X
	FWSM		X
	crypto map map-name seq-num set security-association lifetime seconds seconds \| kilobytes kilobytes
	PIX Firewall		X
	FWSM		X
	crypto map map-name seq-num set session-key inbound \| outbound ah spi hex-key-string
	PIX Firewall		X
	FWSM		X
	crypto map map-name seq-num set session-key inbound \| outbound esp spi cipher hex-key-string [authenticator hex-key-string]
	PIX Firewall		X
	FWSM		X
	crypto map map-name seq-num set transform-set transform-set-name1 [transform-set-name6]
	PIX Firewall		X
	FWSM		X
debug	debug
	PIX Firewall					X
	FWSM					X
dhcpd	dhcpd address ip1[-ip2] [if_name]
	PIX Firewall	X
	FWSM	X
	dhcpd auto_config [client_ifx_name]
	PIX Firewall	X
	FWSM	X
	dhcpd dns dns1 [dns2]
	PIX Firewall	X
	FWSM	X
	dhcpd domain domain_name
	PIX Firewall	X
	FWSM	X
	dhcpd enable [if_name]
	PIX Firewall	X
	FWSM						X
	dhcpd lease lease_length
	PIX Firewall	X
	FWSM	X
	dhcpd option 66 ascii {server_name \| server_ip_str}
	PIX Firewall	X
	FWSM						X
	dhcpd option 150 ip server_ip1 [server_ip2]
	PIX Firewall	X
	FWSM						X
	dhcpd ping timeout timeout
	PIX Firewall	X
	FWSM	X
	dhcpd wins wins1 [wins2]
	PIX Firewall	X
	FWSM	X
disable	disable
	PIX Firewall					X
	FWSM					X
domain-name	domain-name name
	PIX Firewall				X
	FWSM						X
eeprom	eeprom update
	PIX Firewall					X
	FWSM						X
enable	enable [priv_1evel]
	PIX Firewall					X
	FWSM						X
	enable password [pw] [encrypted]
	PIX Firewall	X
	FWSM	X
	enable password [pw] [level priv_level] [encrypted]
	PIX Firewall					X
	FWSM						X
established	established dest_protocol [src_port] [permitto protocol port [-port]] [permitfrom protocol port [-port]]
	PIX Firewall			X
	FWSM			X
exit	exit
	PIX Firewall					X
	FWSM					X
failover	failover
	PIX Firewall	X
	FWSM	X
	failover active
	PIX Firewall					X
	FWSM					X
	failover ip address if_name ip_address
	PIX Firewall	X
	FWSM	X
	failover lan enable
	PIX Firewall	X
	FWSM	X
	failover lan interface if_name
	PIX Firewall	X
	FWSM						X
	failover lan key key_secret
	PIX Firewall	X
	FWSM						X
	failover lan unit primary \| secondary
	PIX Firewall					X
	FWSM						X
	failover link [stateful_if_name]
	PIX Firewall	X
	FWSM	X
	failover mac address mif_name act_mac stn_mac
	PIX Firewall		X
	FWSM						X
	failover poll seconds
	PIX Firewall	X
	FWSM	X
	failover replicate http
	PIX Firewall	X
	FWSM	X
	failover reset
	PIX Firewall					X
	FWSM					X
	failover timeout seconds
	PIX Firewall				X
	FWSM						X
filter	filter activex port local_ip mask foreign_ip mask
	PIX Firewall		X
	FWSM		X
	filter ftp dest-port local_ip local_mask foreign_ip foreign_mask [allow] [interact-block]
	PIX Firewall		X
	FWSM		X
	filter java port[-port] local_ip mask foreign_ip mask
	PIX Firewall		X
	FWSM		X
	filter url [port[-port]] local_ip local_mask foreign_ip foreign_mask [allow]
	PIX Firewall	X
	FWSM	X
	filter url [http \| port[-port]] local_ip local_mask foreign_ip ofreign_mask [allow]
	PIX Firewall	X
	FWSM						X
	filter url [http \| port[-port]] local_ip local_mask foreign_ip ofreign_mask [allow] [proxy-block] [longurl-truncate \| longurl-deny] [cgi-truncate] Note Syntax errors are generated on [proxy-block] [longurl-truncate \| longurl-deny] [cgi-truncate]
	PIX Firewall			X
	FWSM						X
	filter url except local_ip local_mask foreign_ip foreign_mask
	PIX Firewall			X
	FWSM			X
fixup protocol	fixup protocol ctiqbe 2748
	PIX Firewall	X
	FWSM						X
	fixup protocol esp-ike
	PIX Firewall	X
	FWSM						X
	fixup protocol ftp [strict] [port]
	PIX Firewall	X
	FWSM	X
	fixup protocol http [port[-port]]
	PIX Firewall	X
	FWSM	X
	fixup protocol h323 {h225 \| ras} port [-port]
	PIX Firewall	X
	FWSM	X
	fixup protocol icmp error
	PIX Firewall	X
	FWSM						X
	fixup protocol ils [port[-port]]
	PIX Firewall	X
	FWSM						X
	fixup protocol mgcp [port [-port]
	PIX Firewall	X
	FWSM						X
	fixup protocol pptp 1723
	PIX Firewall	X
	FWSM						X
	fixup protocol rsh [514]
	PIX Firewall	X
	FWSM	X
	fixup protocol rtsp [port]
	PIX Firewall	X
	FWSM	X
	fixup protocol sip [5060]
	PIX Firewall	X
	FWSM	X
	fixup protocol sip udp [5060]
	PIX Firewall	X
	FWSM	X
	fixup protocol skinny [2000]
	PIX Firewall	X
	FWSM	X
	fixup protocol smtp [port[-port]]
	PIX Firewall	X
	FWSM	X
	fixup protocol sqlnet [port[-port]]
	PIX Firewall	X
	FWSM	X
flashfs	flashfs downgrade {4.x \| 5.0 \| 5.1}
	PIX Firewall					X
	FWSM						X
floodguard	floodguard enable
	PIX Firewall	X
	FWSM	X
	floodguard disable
	PIX Firewall	X
	FWSM	X
fragment	Note Fragments can be imported correctly, but will generate commands per interface only.
	fragment size database-limit [interface]
	PIX Firewall	X
	FWSM	X
	fragment chain chain-limit [interface]
	PIX Firewall	X
	FWSM	X
	fragment timeout seconds [interface]
	PIX Firewall	X
	FWSM	X
global	global [(if_name)] nat_id {global_ip [-global_ip] [netmask global_mask]} \| interface
	PIX Firewall	X
	FWSM	X
help	help
	PIX Firewall					X
	FWSM					X
hostname	hostname newname
	PIX Firewall	X
	FWSM	X
http	http ip_address [netmask] [if_name]
	PIX Firewall	X
	FWSM	X
	http server enable
	PIX Firewall	X
	FWSM	X
icmp	icmp permit \| deny [host] src_addr [src_mask] [type] int_name
	PIX Firewall	X
	FWSM	X
igmp	Note See the multicast command for igmp subcommands.
interface	Note See also router interface command reference for ospf subcommand support.
	interface <interface name>
	PIX Firewall						X
	FWSM		X
	interface hardware_id [hardware_speed] [shutdown]
	PIX Firewall OS	X
	FWSM						X
	interface hardware_id vlan_id [logical \| physical] [shutdown]
	PIX Firewall			X
	FWSM						X
	interface hardware_id change-vlan old_vlan_id new_vlan_id
	PIX Firewall			X
	FWSM						X
	ospf authentication [message-digest \| null]
	PIX Firewall						X
	FWSM		X
	ospf authentication-key password
	PIX Firewall						X
	FWSM		X
	ospf cost interface_cost
	PIX Firewall						X
	FWSM		X
	ospf database-filter all out
	PIX Firewall						X
	FWSM		X
	ospf dead-interval seconds
	PIX Firewall						X
	FWSM		X
	ospf hello-interval seconds
	PIX Firewall						X
	FWSM		X
	ospf message-digest-key key-id md5 key
	PIX Firewall						X
	FWSM		X
	ospf mtu-ignore
	PIX Firewall						X
	FWSM		X
	ospf priority number
	PIX Firewall						X
	FWSM		X
	ospf retransmit-interval seconds
	PIX Firewall						X
	FWSM		X
	ospf transmit-delay seconds
	PIX Firewall						X
	FWSM		X
ip address	ip address if_name ip_address [netmask]
	PIX Firewall	X
	FWSM	X
	ip address outside dhcp [setroute] [retry retry_cnt]
	PIX Firewall	X
	FWSM	X
	ip address if_name pppoe [setroute]
	PIX Firewall	X
	FWSM						X
	ip address if_name ip_address netmask pppoe [setroute]
	PIX Firewall	X
	FWSM						X
ip audit	ip audit attack [action [alarm] [drop] [reset]]
	PIX Firewall	X
	FWSM						X
	ip audit info [action [alarm] [drop] [reset]]
	PIX Firewall	X
	FWSM						X
	ip audit interface if_name audit_name
	PIX Firewall	X
	FWSM						X
	ip audit name audit_name attack [action [alarm] [drop] [reset]]
	PIX Firewall	X
	FWSM						X
	ip audit name audit_name info [action [alarm] [drop] [reset]]
	PIX Firewall	X
	FWSM						X
	ip audit signature signature_number disable
	PIX Firewall	X
	FWSM						X
ip local pool	ip local pool pool_name pool_start-address[-pool_end-address]
	PIX Firewall		X
	FWSM						X
ip prefix-list	Note See also prefix-list commands.
	ip prefix-list list-name [seq seq-value] {deny \| permit network/length}[ge ge-value] [le le-value]
	PIX Firewall						X
	FWSM		X
	ip prefix-list sequence-number
	PIX Firewall						X
	FWSM		X
ip verify reverse-path	ip verify reverse-path interface int_name
	PIX Firewall	X
	FWSM	X
isakmp	isakmp client configuration address-pool local pool-name [interface-name]
	PIX Firewall		X
	FWSM		X
	isakmp enable interface-name
	PIX Firewall		X
	FWSM		X
	isakmp identity {address \| hostname}
	PIX Firewall		X
	FWSM		X
	isakmp identity {address \| hostname \| [key-id key_id_string]}
	PIX Firewall		X
	FWSM						X
	isakmp keepalive seconds [retry_seconds]
	PIX Firewall		X
	FWSM		X
	isakmp key keystring address peer-address [netmask mask] [no-xauth] [no-config-mode]
	PIX Firewall		X
	FWSM		X
	isakmp nat-traversal [natkeepalive]
	PIX Firewall		X
	FWSM						X
	isakmp peer fqdn fqdn no-xauth no-config-mode
	PIX Firewall		X
	FWSM		X
isakmp policy	isakmp policy priority authentication pre-share \| rsa-sig
	PIX Firewall		X
	FWSM		X
	isakmp policy priority encryption aes \| aes-192\| aes-256 \| des \| 3des
	PIX Firewall		X
	FWSM		X
	isakmp policy priority group1 \| 5
	PIX Firewall		X
	FWSM		X
	isakmp policy priority group1 \| 2 \| 5
	PIX Firewall		X
	FWSM						X
	isakmp policy priority hash md5 \| sha
	PIX Firewall		X
	FWSM		X
	isakmp policy priority lifetime seconds
	PIX Firewall		X
	FWSM		X
kill	kill
	PIX Firewall					X
	FWSM					X
logging	logging on
	PIX Firewall	X
	FWSM	X
	logging buffered level
	PIX Firewall	X
	FWSM	X
	logging console level
	PIX Firewall	X
	FWSM	X
	logging device-id {hostname \| ipaddress if_name \| string text}
	PIX Firewall	X
	FWSM						X
	logging facility facility
	PIX Firewall	X
	FWSM	X
	logging history level
	PIX Firewall	X
	FWSM	X
	logging host [in_if_name] ip_address [protocol/port]
	PIX Firewall	X
	FWSM	X
	logging host [in_if_name] ip_address [protocol/port] format emblem
	PIX Firewall		X
	FWSM						X
	logging message syslog_id
	PIX Firewall						X
	FWSM	X
	logging message syslog_id [level level]
	PIX Firewall		X
	FWSM						X
	logging monitor level
	PIX Firewall	X
	FWSM	X
	logging queue queue_size
	PIX Firewall	X
	FWSM	X
	logging standby
	PIX Firewall	X
	FWSM	X
	logging timestamp
	PIX Firewall	X
	FWSM	X
	logging trap level
	PIX Firewall	X
	FWSM	X
login	login
	PIX Firewall					X
	FWSM						X
mac-list	mac-list id deny \| permit mac macmask
	PIX Firewall		X
	FWSM						X
management- access	management-access mgmt_if
	PIX Firewall		X
	FWSM						X
mgcp	mgcp call-agent ip_address group_id
	PIX Firewall		X
	FWSM						X
	mgcp command-queue limit
	PIX Firewall		X
	FWSM						X
	mgcp gateway ip_address group_id
	PIX Firewall		X
	FWSM						X
mroute	mroute src smask in-if-name dst dmask out-if-name
	PIX Firewall		X
	FWSM						X
multicast	multicast interface interface_name [max-groups number]
	PIX Firewall		X
	FWSM						X
	igmp forward interface interface_name
	PIX Firewall		X
	FWSM						X
	igmp access-group acl_id
	PIX Firewall		X
	FWSM						X
	igmp join-group group
	PIX Firewall		X
	FWSM						X
	igmp max-groups number
	PIX Firewall		X
	FWSM						X
	igmp query-interval seconds
	PIX Firewall		X
	FWSM						X
	igmp query-max-response-time seconds
	PIX Firewall		X
	FWSM						X
	igmp version {1 \| 2}
	PIX Firewall		X
	FWSM						X
mtu	mtu if_name bytes
	PIX Firewall	X
	FWSM	X
name/names	name ip_address name
	PIX Firewall				X
	FWSM				X
	names
	PIX Firewall				X
	FWSM				X
nameif	nameif vlan_id if_name security_level
	PIX Firewall						X
	FWSM	X
	nameif hardware_id if_name security_level
	PIX Firewall	X
	FWSM						X
nat	nat [(if_name)] id address [netmask][norandomseq] [timeout hh:mm:ss] [conn_limit [em_limit]]]
	PIX Firewall	X
	FWSM						X
	nat [(if_name)] nat_id local_ip [netmask [max_conns [em_limit]]] [norandomseq]
	PIX Firewall						X
	FWSM	X
	nat [(if_name)] id address [netmask [outside] [dns] [norandomseq] [timeout hh:mm:ss] [conn_limit [em_limit]]]
	PIX Firewall			X
	FWSM						X
	nat [(if_name)] 0 access-list acl_name
	PIX Firewall		X
	FWSM		X
ntp	ntp authenticate
	PIX Firewall		X
	FWSM						X
	ntp authentication-key number md5 value
	PIX Firewall		X
	FWSM						X
	ntp server ip_address [key number] source if_name [prefer]
	PIX Firewall		X
	FWSM						X
	ntp trusted-key number
	PIX Firewall		X
	FWSM						X
object-group	object-group grp_id
	PIX Firewall			X
	FWSM			X
	object-group description description_text
	PIX Firewall			X
	FWSM			X
	object-group icmp-type grp_id icmp-group icmp_type
	PIX Firewall			X
	FWSM			X
	object-group network grp_id network-object host host_addr network-object host_addr netmask
	PIX Firewall			X
	FWSM			X
	object-group protocol grp_id protocol-object protocol
	PIX Firewall			X
	FWSM			X
	object-group service grp_id {tcp \| udp \| tcp-udp} port-object eq service port-object range begin_service end_service
	PIX Firewall			X
	FWSM			X
outbound / apply	Note Outbounds rely on the converter tool to translate outbounds and conduits to access-list commands.
	apply [(if_name)] list_ID outgoing_src \| outgoing_dest
	PIX Firewall			X
	FWSM						X
	outbound list_ID permit \| deny ip_address [netmask [port[-port]] [protocol]
	PIX Firewall			X
	FWSM						X
	outbound list_ID except ip_address [netmask [port[-port]] [protocol]
	PIX Firewall			X
	FWSM						X
pager	pager [lines number]
	PIX Firewall				X
	FWSM				X
password	{password \| passwd} password [encrypted]
	PIX Firewall	X
	FWSM	X
pdm	pdm history enable
	PIX Firewall				X
	FWSM				X
	pdm history [view {all \| 12h \| 5d \| 60m \| 10m}] [snapshot] [feature {all \| blocks \| cpu \| failover \| ids \| interface if_name \| memory \| perfmon \| xlates}] [pdmclient]
	PIX Firewall				X
	FWSM				X
	pdm location ip_address netmask if_name
	PIX Firewall				X
	FWSM				X
	pdm logging [level [messages]]
	PIX Firewall				X
	FWSM				X
perfmon	perfmon verbose
	PIX Firewall					X
	FWSM					X
	perfmon interval seconds
	PIX Firewall					X
	FWSM					X
	perfmon quiet
	PIX Firewall					X
	FWSM					X
	perfmon settings
	PIX Firewall					X
	FWSM					X
ping	ping [if_name] ip_address
	PIX Firewall					X
	FWSM					X
prefix-list	Note See also ip prefix-list commands.
	prefix-list list_name [seq seq_value] {permit \| deny prefix / len} [ge min_value] [le max_value]
	PIX Firewall		X
	FWSM						X
	prefix-list sequence-number
	PIX Firewall		X
	FWSM						X
privilege	privilege [show \| clear \| configure] level level [mode enable \| configure] command command
	PIX Firewall		X
	FWSM						X
quit	quit
	PIX Firewall					X
	FWSM					X
reload	reload
	PIX Firewall					X
	FWSM					X
	reload noconfirm
	PIX Firewall					X
	FWSM					X
rip	rip if_name default \| passive [version [1 \| 2]] [authentication [text \| md5 key (key_id)]]
	PIX Firewall	X
	FWSM	X
route	route if_name ip_address netmask gateway_ip [metric]
	PIX Firewall	X
	FWSM	X
route-map	route-map map_tag [permit \| deny] [seq_num]
	PIX Firewall		X
	FWSM		X
	match [interface \| route-type \| metric \| ip address \| ip next-hop \| ip route-source]
	PIX Firewall						X
	FWSM		X
	set metric [+ \| -] metric_value
	PIX Firewall						X
	FWSM		X
	set metric-type type-1 \| type-2 \| internal \| external
	PIX Firewall						X
	FWSM		X
	set ip next-hop ip-address [ip-address...]
	PIX Firewall						X
	FWSM		X
router ospf	router ospf pid
	PIX Firewall		X
	FWSM		X
	area area_id
	PIX Firewall		X
	FWSM		X
	area area_id authentication [message-digest]
	PIX Firewall		X
	FWSM		X
	area area_id default-cost cost
	PIX Firewall		X
	FWSM		X
	area area_id filter-list prefix {prefix_list_name in \| out}
	PIX Firewall		X
	FWSM		X
	area area_id nssa [no-redistribution] [default-information-originate [metric-type 1 \| 2] [metric metric_value]] [no-summary]
	PIX Firewall		X
	FWSM		X
	area area_id range ip_address netmask [advertise \| not-advertise]
	PIX Firewall		X
	FWSM		X
	area area_id stub [no-summary]
	PIX Firewall		X
	FWSM		X
	area area_id virtual-link router_id [authentication [message-digest \| null]] [hello-interval seconds] [retransmit-interval seconds] [transmit-delay seconds] [dead-interval seconds] [authentication-key password] [message-digest-key id md5 password]
	PIX Firewall		X
	FWSM		X
	compatible rfc1583
	PIX Firewall		X
	FWSM						X
	default-information originate [always] [metric metric_value] [metric-type {1 \| 2}] [route-map map_name]
	PIX Firewall		X
	FWSM		X
	distance ospf [intra-area d1][inter-area d2][external d3]
	PIX Firewall		X
	FWSM		X
	ignore lsa mospf
	PIX Firewall		X
	FWSM		X
	log-adj-changes [detail]
	PIX Firewall		X
	FWSM		X
	network prefix ip_address netmask area area_id
	PIX Firewall		X
	FWSM		X
	redistribute {static \| connected} [metric metric_value ] [metric-type metric_type] [route-map map_name] [tag tag_value] [subnets]
	PIX Firewall		X
	FWSM		X
	redistribute ospf pid [match {internal \| external [1\|2] \| nssa-external [1\|2]}] [metric metric_value ] [metric-type metric_type] [route-map map_name] [tag tag_value] [subnets]
	PIX Firewall		X
	FWSM		X
	router-id ip_address
	PIX Firewall		X
	FWSM		X
	summary-address addr netmask [not-advertise] [tag tag_value]
	PIX Firewall		X
	FWSM		X
	timers {spf spf_delay spf_holdtime \| lsa-group-pacing seconds}
	PIX Firewall		X
	FWSM		X
routing interface	routing interface interface_name
	PIX Firewall		X
	FWSM						X
	ospf authentication [message-digest \| null]
	PIX Firewall		X
	FWSM						X
	ospf authentication-key password
	PIX Firewall		X
	FWSM						X
	ospf cost interface_cost
	PIX Firewall		X
	FWSM						X
	ospf database-filter all out
	PIX Firewall		X
	FWSM						X
	ospf dead-interval seconds
	PIX Firewall		X
	FWSM						X
	ospf hello-interval seconds
	PIX Firewall		X
	FWSM						X
	ospf message-digest-key key-id md5 key
	PIX Firewall		X
	FWSM						X
	ospf mtu-ignore
	PIX Firewall		X
	FWSM						X
	ospf priority number
	PIX Firewall		X
	FWSM						X
	ospf retransmit-interval seconds
	PIX Firewall		X
	FWSM						X
	ospf transmit-delay seconds
	PIX Firewall		X
	FWSM						X
service	service resetinbound \| resetoutside
	PIX Firewall		X
	FWSM		X
session	session enable
	PIX Firewall					X
	FWSM						X
setup	setup
	PIX Firewall					X
	FWSM					X
show	show
	PIX Firewall					X
	FWSM					X
shun	shun src_ip [dst_ip sport dport [protocol]]
	PIX Firewall					X
	FWSM					X
snmp-server	snmp-server community key
	PIX Firewall	X
	FWSM	X
	snmp-server {contact \| location} text
	PIX Firewall	X
	FWSM	X
	snmp-server host [if_name] ip_addr [trap \| poll]
	PIX Firewall	X
	FWSM	X
	snmp-server enable traps
	PIX Firewall	X
	FWSM	X
ssh	ssh ip_address [netmask] [interface_name]
	PIX Firewall	X
	FWSM	X
	ssh disconnect session_id
	PIX Firewall					X
	FWSM					X
	ssh timeout mm
	PIX Firewall	X
	FWSM	X
static	static [(prenat_interface, postnat_interface)] {mapped_address \| interface} real_address [netmask mask] [norandomseq] [connection_limit [em_limit]]
	PIX Firewall	X
	FWSM	X
	static [(prenat_interface, postnat_interface)] {mapped_address \| interface} real_address dns [netmask mask] [norandomseq] [connection_limit [em_limit]]
	PIX Firewall			X
	FWSM						X
syslog	syslog Note Deprecated in PIX Firewall OS Version 6.2.
	PIX Firewall		X
	FWSM		X
sysopt	sysopt connection permit-pptp \| permit-l2tp \| permit-ipsec
	PIX Firewall		X
	FWSM						X
	sysopt connection tcpmss bytes
	PIX Firewall	X
	FWSM	X
	sysopt connection tcpmss minimum bytes
	PIX Firewall		X
	FWSM		X
	sysopt connection timewait
	PIX Firewall		X
	FWSM		X
	sysopt ipsec pl-compatible
	PIX Firewall		X
	FWSM						X
	sysopt nodnsalias inbound \| outbound
	PIX Firewall		X
	FWSM		X
	sysopt noproxyarp if_name
	PIX Firewall	X
	FWSM	X
	sysopt radius ignore-secret
	PIX Firewall		X
	FWSM		X
	sysopt route dnat
	PIX Firewall				X
	FWSM				X
	sysopt security fragguard
	PIX Firewall		X
	FWSM						X
	sysopt uauth allow-http-cache
	PIX Firewall		X
	FWSM						X
telnet	telnet ip_address [netmask] [if_name]
	PIX Firewall	X
	FWSM	X
	telnet timeout minutes
	PIX Firewall	X
	FWSM	X
terminal	terminal monitor
	PIX Firewall				X
	FWSM				X
	terminal width characters
	PIX Firewall				X
	FWSM				X
tftp-server	tftp-server [if_name] ip _address path
	PIX Firewall	X
	FWSM	X
timeout	timeout [xlate [hh:mm:ss]] [conn [hh:mm:ss]] [half-closed [hh:mm:ss]] [udp [hh:mm:ss]] [rpc [hh:mm:ss]] [h225 [hh:mm:ss]] [h323 [hh:mm:ss]] [sip [hh:mm:ss]] [sip_media [hh:mm:ss]] [uauth [hh:mm:ss] [absolut \| inactivity]]
	PIX Firewall	X
	FWSM	X
url-block	url-block block block_buffer_limit
	PIX Firewall		X
	FWSM		X
	url-block url-mempool memory_pool_size
	PIX Firewall		X
	FWSM		X
	url-block url-size long_url_size Note Websense only.
	PIX Firewall		X
	FWSM		X
url-cache	url-cache {dst \| src_dst} size kbytes
	PIX Firewall	X
	FWSM	X
url-server	url-server [(if_name)] vendor n2h2 host local_ip [port number] [timeout seconds] [protocol {TCP \| UDP}] Note N2H2 only.
	PIX Firewall		X
	FWSM						X
	url-server [(if_name)] vendor websense host local_ip [timout seconds] [protocol {TCP \| UDP} version] Note Websense only.
	PIX Firewall	X
	FWSM						X
	url-server [(if_name)] host local_ip [timeout seconds] [protocol {TCP \| UDP} version] Note Websense only.
	PIX Firewall						X
	FWSM	X
username	username username {[{nopassword \| password password} [encrypted]] [privilege level]}
	PIX Firewall					X
	FWSM						X
virtual	virtual http ip_address [warn]
	PIX Firewall				X
	FWSM				X
	virtual telnet ip_address
	PIX Firewall				X
	FWSM				X
vpdn	vpdn enable if_name
	PIX Firewall		X
	FWSM						X
	vpdn group group_name [[accept dialin pptp \| l2tp]] \| [ppp encryption mppe 40 \| 128\| auto [required]] \| [ client configuration address local address_pool_name ] \| [client configuration dns dns_ip1 [dns_ip2]] \| [ client configuration wins wins_ip1 [wins_ip2]] \| [client authentication local \| aaa auth_aaa_group] \| [ client accounting acct_aaa_group] \| [pptp echo echo_time] \| [ l2tp tunnel hello hello_time]
	PIX Firewall		X
	FWSM						X
	vpdn username name password passwd store-local
	PIX Firewall (PPPoE only)	X
	PIX Firewall (all other instances)				X
	FWSM						X
	vpdn username name password passwd
	PIX Firewall		X
	FWSM						X
	vpdn group group_name localname username
	PIX Firewall (PPPoE only)	X
	PIX Firewall (all other instances)				X
	FWSM						X
	vpdn group group_name request dialout pppoe
	PIX Firewall (PPPoE only)	X
	PIX Firewall (all other instances)				X
	FWSM						X
	vpdn group group_name ppp authentication PAP \| CHAP \| MSCHAP
	PIX Firewall (PPPoE only)	X
	PIX Firewall (all other instances)				X
	FWSM						X
vpnclient	vpnclient vpngroup group_name password preshared_key
	PIX Firewall	X
	FWSM						X
	vpnclient username xauth_username password xauth_password
	PIX Firewall	X
	FWSM						X
	vpnclient server ip_primary [ip_secondary_1, ip_sendary_2, ..., ip_secondary_n]
	PIX Firewall	X
	FWSM						X
	vpnclient mac-exempt mac_addr_1 mac_mask_1 [mac_addr_2 mac_mask_2]
	PIX Firewall		X
	FWSM						X
	vpnclient mode client-mode \| network-extension-mode
	PIX Firewall	X
	FWSM						X
	vpnclinet enable
	PIX Firewall	X
	FWSM						X
	vpnclient management {[tunnel {ip_addr_1\| ip_mask_1} [{ip_addr_2 \| ip_mask_1}...]] \| [clear]}
	PIX Firewall		X
	FWSM						X
	vpnclient connect
	PIX Firewall		X
	FWSM						X
	vpnclient disconnect
	PIX Firewall		X
	FWSM						X
vpngroup	vpngroup group_name address-pool pool_name
	PIX Firewall		X
	FWSM		X
	vpngroup group_name authentication-server server_tag
	PIX Firewall		X
	FWSM		X
	vpngroup group_name backup-server {{ip1 [ip2 ... ip10]} \| clear}
	PIX Firewall		X
	FWSM		X
	vpngroup group_name default-domain domain_name
	PIX Firewall		X
	FWSM		X
	vpngroup group_name device-pass-through
	PIX Firewall		X
	FWSM		X
	vpngroup group_name dns-server dns_ip_prim [dns_ip_sec]
	PIX Firewall		X
	FWSM		X
	vpngroup group_name idle-time idle_seconds
	PIX Firewall		X
	FWSM		X
	vpngroup group_name max-time max_seconds
	PIX Firewall		X
	FWSM		X
	vpngroup group_name password preshared_key
	PIX Firewall		X
	FWSM		X
	vpngroup group_name pfs
	PIX Firewall		X
	FWSM		X
	vpngroup group_name split-dns domain_name1 [domain_name2, domain_name3, ..., domain_name8]
	PIX Firewall		X
	FWSM		X
	vpngroup group_name split-tunnel acl_name
	PIX Firewall		X
	FWSM		X
	vpngroup group_name user-authentication
	PIX Firewall		X
	FWSM		X
	vpngroup group_name user-idle-timeout user_idle_seconds
	PIX Firewall		X
	FWSM		X
	vpngroup group_name wins-server wins_ip_prim [wins_ip_sec]
	PIX Firewall		X
	FWSM		X
who	who [local_ip]
	PIX Firewall					X
	FWSM					X
write	write net [[server_ip]:[filename]]
	PIX Firewall					X
	FWSM					X
	write floppy
	PIX Firewall					X
	FWSM					X
	write memory \| floppy [uncompressed]
	PIX Firewall					X
	FWSM					X
	write standby
	PIX Firewall					X
	FWSM					X
	write terminal
	PIX Firewall					X
	FWSM					X

Table of Contents

Supported Devices, OS Versions and Commands for Management Center for
Firewalls 1.1.2

Supported Devices

Support for PIX Firewall and Firewall Services Module CLI Commands