Connecting to the Firewall Services Module and Managing the Configuration



Similar documents
Backing Up and Restoring Data

Troubleshooting the Firewall Services Module

Administering the Network Analysis Module. Cisco IOS Software. Logging In to the NAM with Cisco IOS Software CHAPTER

Troubleshooting the Firewall Services Module

Lab Advanced Telnet Operations

- The PIX OS Command-Line Interface -

Basic Configuration of the Cisco Series Internet Router

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

USB Disable for Cisco ISRs Feature Module

Securing Networks with PIX and ASA

3.1 Connecting to a Router and Basic Configuration

Transferring Files Using HTTP or HTTPS

Basic Router and Switch Instructions (Cisco Devices)

Lab Configure Basic AP Security through IOS CLI

LAB Configuring NAT. Objective. Background/Preparation

Configuring System Message Logging

Configuring Devices for Use with Cisco Configuration Professional (CCP) 2.5

Enabling Remote Access to the ACE

Encrypted Preshared Key

- Advanced IOS Functions -

Backup and Recovery Procedures

Lab Load Balancing Across Multiple Paths

Lab Review of Basic Router Configuration with RIP. Objective. Background / Preparation. General Configuration Tips

Skills Assessment Student Training Exam

Configuring Basic Settings

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

Configuring a Cisco 2509-RJ Terminal Router

Applicazioni Telematiche

Configuring Access Service Security

Encrypted Preshared Key

Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example

Configuring System Message Logging

Connect the Host to attach to Fast Ethernet switch port Fa0/2. Configure the host as shown in the topology diagram above.

Enhanced Password Security - Phase I

Lab Configuring PAT with SDM and Static NAT using Cisco IOS Commands

Managing Software and Configurations

Enhanced Password Security - Phase I

Configuring Basic Settings

Objectives Understand Cisco IOS system architecture components. Work with the Cisco IOS Command Line Interface (CLI) and common commands.

Image Verification. Finding Feature Information. Restrictions for Image Verification

Lab Configuring Basic Router Settings with the Cisco IOS CLI

Lab 5.3.9b Managing Router Configuration Files Using TFTP

HTTP 1.1 Web Server and Client

Managing ACE Software Licenses

Configuring Password Encryption

How To Install Cisco Asr 9000 Series Router Software On A Mini Mini Mini (Cisco Ios) Router

Flow-Based per Port-Channel Load Balancing

Configuring Role-Based Access Control

Configuring Basic Settings

Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data

Cisco Configuration Professional Quick Start Guide

Configuring Auto-MDIX

Chapter 6 Updating Software Images and Configuration Files

Supported Platforms. Supported Standards, MIBs, and RFCs. Prerequisites. Related Features and Technologies. Related Documents. Improved Server Access

Lab Creating a Network Map using CDP Instructor Version 2500

Cisco ISE Command-Line Interface

Lab Configure Syslog on AP

You can specify IPv4 and IPv6 addresses while performing various tasks in this feature. The resource

Configuring CSS Remote Access Methods

Hillstone StoneOS User Manual Hillstone Unified Intelligence Firewall Installation Manual

Procedure: You can find the problem sheet on Drive D: of the lab PCs. Part 1: Router & Switch

Configuring Password Encryption

Lab 8.3.3b Configuring a Remote Router Using SSH

File Transfers. Contents

Using the Command Line Interface (CLI)

Using LiveAction with Cisco Secure ACS (TACACS+ Server)

Two Factor Authentication in SonicOS

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Configuring the Switch with the CLI-Based Setup Program

Managing Storage Services Modules

Volume SYSLOG JUNCTION. User s Guide. User s Guide

Configuration Manual English version

File Transfers. Contents

Router Lab Reference Guide

HOW TO CONFIGURE CISCO FIREWALL PART I

Configuring SSH and Telnet

Rebasoft Auditor Quick Start Guide

IP Routing Between VLANs

Configuring Secure Socket Layer HTTP

Configuring Voice over IP

ROM Monitor. Entering the ROM Monitor APPENDIX

CISCO CATALYST 3550 Series Switches

Lab Load Balancing Across Multiple Paths Instructor Version 2500


Sharp Remote Device Manager (SRDM) Server Software Setup Guide

Comware versus Cisco IOS Command Guide

Lab Creating a Logical Network Diagram

Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client

Lab 8.4.3a Managing Cisco IOS Images with TFTP

Table of Contents. Cisco Using the Cisco IOS Firewall to Allow Java Applets From Known Sites while Denying Others

Router Security Audit Logs

Lab: Basic Router Configuration

Lab Introductory Lab 1 - Getting Started and Building Start.txt

Clientless SSL VPN End User Set-up

Configuring Network Load Balancing for vethernet

Lab 5.5 Configuring Logging

Configuring Timeout, Retransmission, and Key Values Per RADIUS Server

ROLE-BASED COMMAND-LINE INTERFACE ACCESS

Router Recovery with ROM Monitor

shortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge

Transcription:

CHAPTER 3 Connecting to the Firewall Services Module and This chapter describes how to access the command-line interface and work with the configuration. This chapter includes the following sections: Connecting to the Firewall Services Module, page 3-1, page 3-3 Connecting to the Firewall Services Module This section describes how to connect or session to the FWSM from the switch command line. It also describes how to log out of the FWSM to access the switch CLI. This section includes the following topics: Logging in to the FWSM, page 3-1 Logging out of the FWSM, page 3-2 Logging in to the FWSM The FWSM does not have an external console port, you must session in to the FWSM for initial configuration. Later, when you configure interfaces and IP addresses on the FWSM itself, you can access the FWSM CLI remotely through an FWSM interface. See Chapter 21, Configuring Management Access, for more information. Without any additional configuration for user authentication, the login method consists of logging in as the default user: 1. The login password lets you access user EXEC mode. 2. To access configuration commands, you must enter privileged EXEC mode, which requires a second password. 3. From privileged EXEC mode, you can access global configuration mode, which does not require a password. Caution Management access to the FWSM causes a degradation in performance. We recommend that you avoid accessing the FWSM when high network performance is critical. 3-1

Connecting to the Firewall Services Module Chapter 3 To session in to the FWSM from the switch, log in, access privileged mode, and then configuration mode, perform the following steps: Step 1 Session in to the FWSM from the switch using the command appropriate for your switch operating system: Cisco IOS software Router# session slot number processor 1 Catalyst operating system software Console> (enable) session module_number Step 2 Step 3 For multiple context mode, when you session in to the FWSM, you access the system configuration. See Chapter 4, Configuring Security Contexts, for more information. Log in to the FWSM by entering the login password at the following prompt: hostname passwd: By default, the password is cisco. To change the password, see the Changing the Passwords section on page 7-1. To access privileged EXEC mode, enter the following command: hostname> enable This command accesses the highest privilege level. The following prompt appears: Password: Step 4 Step 5 Enter the enable password at the prompt. By default, the password is blank, and you can press the Enter key to continue. See the Changing the Passwords section on page 7-1 to change the enable password. The prompt changes to: hostname# To exit privileged mode, enter disable. You can also enter exit or quit to exit the current access mode (privileged EXEC mode, global configuration mode, and so on). To access configuration mode, enter the following command: hostname# configure terminal The prompt changes to the following: hostname(config)# Logging out of the FWSM To end the FWSM session and access the switch CLI, enter the following command: hostname# exit Logoff 3-2

Chapter 3 [Connection to 127.0.0.31 closed by foreign host] Router# You might need to enter the exit command multiple times if you are in a configuration mode. This section describes how to work with the configuration. The FWSM loads the configuration from a text file, called the startup configuration. When you enter a command, the change is made only to the running configuration in memory. You must manually save the running configuration to the startup configuration for your changes to remain after a reboot. The information in this section applies to both single and multiple security contexts, except where noted. Additional information about contexts is in Chapter 4, Configuring Security Contexts, This section includes the following topics: Saving Configuration Changes, page 3-3 Copying the Startup Configuration to the Running Configuration, page 3-5 Viewing the Configuration, page 3-5 Clearing and Removing Configuration Settings, page 3-5 Creating Text Configuration Files Offline, page 3-6 Saving Configuration Changes This section describes how to save your configuration, and includes the following topics: Saving Configuration Changes in Single Context Mode, page 3-3 Saving Configuration Changes in Multiple Context Mode, page 3-3 Saving Configuration Changes in Single Context Mode To save the running configuration to the startup configuration, enter the following command: hostname# write memory Note The copy running-config startup-config command is equivalent to the write memory command. Saving Configuration Changes in Multiple Context Mode You can save each context (and system) configuration separately, or you can save all context configurations at the same time. This section includes the following topics: Saving Each Context and System Separately, page 3-4 Saving All Context Configurations at the Same Time, page 3-4 3-3

Chapter 3 Saving Each Context and System Separately To save the system or context configuration, enter the following command within the system or context: hostname# write memory Note The copy running-config startup-config command is equivalent to the write memory command. For multiple context mode, context startup configurations can reside on external servers. In this case, the FWSM saves the configuration back to the server you identified in the context URL, except for an HTTP or HTTPS URL, which do not let you save the configuration to the server. Saving All Context Configurations at the Same Time To save all context configurations at the same time, as well as the system configuration, enter the following command in the system execution space: hostname# write memory all [/noconfirm] If you do not enter the /noconfirm keyword, you see the following prompt: Are you sure [Y/N]: After you enter Y, the FWSM saves the system configuration and each context. Context startup configurations can reside on external servers. In this case, the FWSM saves the configuration back to the server you identified in the context URL, except for an HTTP or HTTPS URL, which do not let you save the configuration to the server. After the FWSM saves each context, the following message appears: Saving context b... ( 1/3 contexts saved ) Sometimes, a context is not saved because of an error. See the following information for errors: For contexts that are not saved because of low memory, the following message appears: The context 'context a' could not be saved due to Unavailability of resources For contexts that are not saved because the remote destination is unreachable, the following message appears: The context 'context a' could not be saved due to non-reachability of destination For contexts that are not saved because the context is locked, the following message appears: Unable to save the configuration for the following contexts as these contexts are locked. context a, context x, context z. A context is only locked if another user is already saving the configuration or in the process of deleting the context. For contexts that are not saved because the startup configuration is read-only (for example, on an HTTP server), the following message report is printed at the end of all other messages: Unable to save the configuration for the following contexts as these contexts have read-only config-urls: context a, context b, context c. For contexts that are not saved because of bad sectors in the Flash memory, the following message appears: 3-4

Chapter 3 The context 'context a' could not be saved due to Unknown errors Copying the Startup Configuration to the Running Configuration Copy the new startup configuration to the running configuration using one of these options: To merge the startup configuration with the current running configuration, enter the following command: hostname(config)# copy startup-config running-config A merge adds any new commands from the new configuration to the running configuration. If the configurations are the same, no changes occur. If commands conflict or if commands affect the running of the context, then the effect of the merge depends on the command. You might get errors, or you might have unexpected results. To load the startup configuration and discard the running configuration, restart the FWSM by entering the following command: hostname# reload Alternatively, you can use the following commands to load the startup configuration and discard the running configuration without requiring a reboot: hostname(config)# clear configure all hostname(config)# copy startup-config running-config Viewing the Configuration The following commands let you view the running and startup configurations. To view the running configuration, enter the following command: hostname# show running-config To view the running configuration of a specific command, enter the following command: hostname# show running-config command To view the startup configuration, enter the following command: hostname# show startup-config Clearing and Removing Configuration Settings To erase settings, enter one of the following commands. To clear all the configuration for a specified command, enter the following command: hostname(config)# clear configure configurationcommand [level2configurationcommand] This command clears all the current configuration for the specified configuration command. If you only want to clear the configuration for a specific version of the command, you can enter a value for level2configurationcommand. For example, to clear the configuration for all aaa commands, enter the following command: 3-5

Chapter 3 hostname(config)# clear configure aaa To clear the configuration for only aaa authentication commands, enter the following command: hostname(config)# clear configure aaa authentication To disable the specific parameters or options of a command, enter the following command: hostname(config)# no configurationcommand [level2configurationcommand] qualifier In this case, you use the no command to remove the specific configuration identified by qualifier. For example, to remove a specific nat command, enter enough of the command to identify it uniquely as follows: hostname(config)# no nat (inside) 1 To erase the startup configuration, enter the following command: hostname(config)# write erase To erase the running configuration, enter the following command: hostname(config)# clear configure all Note In multiple context mode, if you enter clear configure all from the system configuration, you also remove all contexts and stop them from running. Creating Text Configuration Files Offline This guide describes how to use the CLI to configure the FWSM; when you save commands, the changes are written to a text file. Instead of using the CLI, however, you can edit a text file directly on your PC and paste a configuration at the configuration mode command-line prompt in its entirety, or line by line. Alternatively, you can download a text file to the FWSM internal Flash memory. See Chapter 23, Managing Software, Licenses, and Configurations, for information on downloading the configuration file to the FWSM. In most cases, commands described in this guide are preceded by a CLI prompt. The prompt in the following example is hostname(config)# : hostname(config)# context a In the text configuration file you are not prompted to enter commands, so the prompt is omitted as follows: context a For additional information about formatting the file, see Appendix C, Using the Command-Line Interface. 3-6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information