Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide, 2.2 - Index [Cisco Services Modules]

Table Of Contents

Symbols - A - B - C - D - E - F - G - H - I - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

Symbols

/bits subnet masksD-3

A

AAA

accounting12-25

authentication

CLI12-8

enable12-8

network access12-20

authorization

command12-10

downloadable ACLs12-23

network access12-22

clearing settings17-9

local database support12-4

maximum rulesA-5

overview12-1

performance12-2

server

adding12-6

types12-4

abbreviating commandsC-2

abbreviationsE-1

access control entries

See ACEs

access control lists

See ACLs

accounting12-25

ACEs

expanded10-7

logging10-26

maximum10-7

order10-6

ACLs

comments10-25

commitment10-6

compilation10-6

downloadable12-23

EtherType10-16

expanded10-7

guidelines10-6

inbound10-10

inserting lines10-25

IP address guidelines10-7

logging10-26

manual commit10-24

maximum rules10-7

memory10-7

NAT addresses10-7

network access10-13

object groups10-17to 10-24

order of ACEs10-6

OSPF, route map10-17

outbound10-10

policy NAT10-4

poolsA-5

remarks10-25

standard10-17

acronymsE-1

activation key5-10

Active Directory13-11

active state, failover15-2

adaptive security algorithm1-5

address range, subnetsD-4

admin context

changing5-20

overview5-1

alternate address, ICMP messageD-9

Apple QuickTime13-15

application inspection

See inspection engines

application partition passwords, clearing17-9

ARP inspection

enabling7-4

overview7-3

static entry7-4

ARP spoofing7-3

ARP test, failover15-13

ASA1-5

attacks, protection from1-6

audience profilexvii

authentication

CLI12-8

enable12-8

FTP12-21

HTTP12-21

network access12-20

overview12-2

Telnet12-21

timeout12-2

authorization

CLI12-10

command12-10

network access12-22

overview12-2

B

backing up configuration16-5

bandwidth

limiting5-12

maximumA-1

banners6-5

BGP10-3

bits subnet masksD-3

booting

from the module17-8

from the switch2-13

boot partitions2-13

BPDUs

ACL, EtherType10-16

forwarding on the switch2-12

bridge entry timeout7-2

bridge table

See MAC address table

Broadcast Ping test15-13

buffering URL replies14-3

bypassing the firewall2-7

C

caching URLs14-4

capturing packets17-10

Catalyst 6500

See switch

Catalyst OS versions1-2

CEFA-1

changing between contexts5-20

Cisco 7600

See switch

Cisco CallManager13-18

Cisco Firewall MC1-4

Cisco IOS versions1-2

Cisco IP/TV13-15

Cisco IP Phones

inspection engine13-18

with DHCP8-20

Cisco PDM1-4

Cisco VPN Client11-7

Class A, B, and C addressesD-1

classes

See resource management

classifier5-2

CLI

abbreviating commandsC-2

adding commentsC-4

authentication12-8

authorization12-10

command line editingC-3

command output pagingC-4

displayingC-4

helpC-6

pagingC-4

privilege levels12-11

syntax formattingC-2

command authorization

local user database12-10

TACACS+12-13

command-line interface

See CLI

command privilege levels12-11

command promptsC-1

comments

ACLs10-25

configurationC-4

Compact Flash2-13

configuration

backing up16-5

clearing3-4

commentsC-4

context files5-2

downloading16-5

examplesB-1

failover15-10

minimumxxiii

saving3-3

switch2-1

text file3-4

URL for a context5-18

viewing3-3

configuration mode

accessing3-2

promptC-2

connection limits6-9

console

authentication12-8

port3-1

contexts

See security contexts

control plane path1-5

conventionsxix

conversion error, ICMP messageD-9

crash dump17-11

D

data flow

routed firewall4-3

transparent firewall4-12

debug messages17-10

default class5-13

default route8-2

denial of service attacks, protection1-6

deny flows, logging10-28

DHCP

relay8-21

server

Cisco IP Phones8-20

configuring8-19

overview8-19

transparent firewall10-3

DMZ, definition1-1

DNS

inspection engine13-6

NAT effect on9-13

protection from attacks1-6

DNS Guard1-6

domain name6-5

dotted decimal subnet masksD-3

downloadable ACLs12-23

dynamic NAT

See NAT

E

echo reply, ICMP messageD-9

editing command linesC-3

EIGRP10-3

embryonic limit

routed firewall9-23

transparent firewall6-10

enable

accessing3-2

authentication12-8

password

changing6-2

default6-2

established command

maximum rulesA-5

security level requirements6-7

EtherChannel

backplane

load-balancing2-11

overview2-11

failover15-4

EtherType

ACL10-16

assigned numbers10-16

examplesB-1

extended ACL10-13

F

failover

actions15-12

active state15-2

bandwidth15-5

configuration file

Flash memory15-11

replication15-10

running memory15-11

terminal messages15-11

configuring15-14

contexts15-2

debugging15-23

disabling15-22

display15-19

EtherChannel15-4

examples15-26

FAQs15-23

forcing15-22

gratuitous ARPs15-2

inter-chassis15-4

interface monitoring15-13

interface policy15-15

interface tests15-13

intra-chassis15-4

IP addresses15-2

link communications15-3

MAC addresses15-10

monitoring15-12

network tests15-13

primary unit15-10

secondary unit15-10

standby state15-2

stateful failover

overview15-2

state information15-3

state link15-3

statistics15-21

switch configuration2-11

system messages15-23

testing15-22

threshold15-15

transparent firewall15-9

triggers15-11

trunk2-12, 15-4

unit health15-13

verifying15-18

VLANs15-3

fast path1-5

features1-3

filtering

adding a server14-2

buffering replies14-3

caching URLs14-4

FTP14-6

HTTP14-5

HTTPS14-6

long URL maximum14-4

maximum rulesA-5

overview14-1

security level requirements6-6

servers supported14-1

show command outputC-3

statistics14-6

Firewall MC1-4

firewall mode, setting4-16

fixups

See inspection engines.

Flash memory

overview2-13

partitions2-13

sizeA-1

Flood Defender1-6

Flood Guard1-6

Frag Guard1-6

fragment size1-6

FTP

authentication12-21

filtering14-6

inspection engine13-6

G

global addresses

recommendations9-12

specifying9-24

gratuitous ARPs, failover15-2

guest user, maintenance partition6-2

H

H.225, connection status13-8

H.323

inspection engine13-7

Skinny13-18

version13-7

help, command lineC-6

host name6-4

hosts, subnet masks forD-3

HSRP4-9

HTTP

authentication12-8

concurrent connections11-4

filtering14-5

inspection engine13-10

long URL maximum14-4

maximum rulesA-5

HTTPS

filtering14-6

management connection11-4

maximum connectionsA-4

RSA key11-4

I

ICMP

ACL10-15

denied access1-6

error inspection engine13-11

inspection engine13-10

management access11-10

maximum rulesA-5

object group10-21

testing connectivity17-4

type numbersD-9

IKE11-5

ILS inspection engine13-11

inbound ACLs10-10

information reply, ICMP messageD-9

information request, ICMP messageD-9

inside, definition1-1

inspection engines

configuring13-4

DNS13-6

FTP13-6

H.32313-7

HTTP13-10

ICMP13-10

ICMP error13-11

ILS13-11

LDAP13-11

limitations13-3

MGCP13-12

NAT and PAT support13-3

NetBIOS13-14

OraServ13-14

overview13-1

RealAudio13-14

RSH13-15

RTSP13-15

SCCP13-18

security level requirements6-6

SIP13-16

Skinny13-18

SMTP13-19

SQL*Net13-20

standards13-3

static PAT9-6

Sun RPC13-21

TFTP13-21

XDMCP13-22

installation

module verification2-2

software to any partition16-3

software to current partition16-2

interfaces

enabled status6-7

failover monitoring15-13

failover policy15-15

global addresses9-24

maximumA-2

naming6-8

overview1-7

security level

overview6-6

setting6-8

shared5-5

standby address15-16

turning off and on6-9

IOS versions1-2

IP addresses

classesD-1

configuring8-2

management, transparent firewall8-2

overlapping between contexts5-3

privateD-2

standby15-16

subnet maskD-4

VPN client11-7

IPSec

basic settings11-5

client11-7

management access11-5

transforms11-6

IP spoofing, protection from1-6

IPX2-7

ISAKMP11-5

L

Layer 2 firewall

See transparent firewall

Layer 2 forwarding table

See MAC address table

LDAP inspection engine13-11

level

See security level

link up/down test15-13

load-balancing, backplane EtherChannel2-11

local user database

adding a user12-6

command authorization12-10

logging in12-9

support12-4

lockout, recovering12-19

logging

ACLs10-26

system messages17-1

login

FTP12-21

local user12-9

session3-2

SSH3-2

Telnet3-2

viewing the user12-18

login banners6-5

login command12-9

login password

changing6-2

default6-2

M

MAC addresses, failover15-10

MAC address table

entry timeout7-2

MAC learning, disabling7-2

overview4-12

resource management5-16

static entry7-2

MAC learning, disabling7-2

Mail Guard1-6, 13-19

maintenance partition

guest user6-2

installing application software16-3

password

changing6-2

clearing17-10

default6-2

root user6-2

software installation16-5

management access authentication12-8

management IP address, transparent firewall8-2

management support1-4

man-in-the-middle attack7-3

manual commit10-24

mapped interface name5-18

mask reply, ICMP messageD-9

mask request, ICMP messageD-9

maximum connections9-23

memory

ACLs10-7

FlashA-1

RAMA-1

rules10-7

message-of-the-day banner6-5

MGCP inspection engine13-12

MIBs17-2

Microsoft Exchange13-19

minimum configurationxxiii

mobile redirection, ICMP messageD-9

mode

context5-11

firewall4-16

monitoring

failover15-12

OSPF8-16

resource management5-24

security contexts5-23

SNMP17-2

More promptC-4

MPLS

LDP10-16

router-id10-16

TDP10-16

MSFC

definition1-2

overview1-9

SVIs2-7

multicast traffic4-9

Multilayer Switch Feature Card

See MSFC

multiple mode, enabling5-11

multiple SVIs2-6

N

N2H2 Sentian filtering server14-1

naming an interface6-8

NAT

bypassing NAT

configuration9-28

overview9-7

DNS9-13

dynamic NAT

configuring9-22

implementation9-16

overview9-3

embryonic limit9-23

examples9-31

exemption from NAT

configuration9-30

overview9-7

identity NAT

configuration9-28

overview9-7

inspection engine support13-3

maximum connections9-23

NAT ID9-16

order of statements9-12

outside NAT9-10

overlapping addresses9-32

overview9-1, 9-2

PAT

configuring9-22

implementation9-16

overview9-4

policy NAT

maximum rulesA-5

overview9-8

port redirection9-33

same security level9-11

security level requirements6-6

static NAT

configuring9-25

overview9-5

static PAT

configuring9-26

overview9-5

transparent firewall4-11

types9-3

NetBIOS inspection engine13-14

NetMeeting13-11

Network Activity test15-13

Network Address Translation

See NAT

network processors1-5

NPs1-5

O

object groups

adding

ICMP10-21

network10-19

protocol10-19

service10-20

displaying10-24

expanded10-7

nesting10-22

overview10-18

removing10-24

operating system1-8

OraServ inspection engine13-14

OSPF

ACL for route map10-17

area authentication8-11

area MD5 authentication8-11

area parameters8-11

authentication key8-9

cost8-9

dead interval8-9

default route8-14

displaying update packet pacing8-16

enabling8-5

hello interval8-9

interface parameters8-9

link-state advertisment8-5

logging neighbor states8-15

MD5 authentication8-10

monitoring8-16

NSSA8-12

overview8-4

packet pacing8-16

processes8-5

redistributing routes8-6

route calculation timers8-15

route map8-6

route summarization8-13

stub area8-12

summary route cost8-12

outbound ACLs10-10

outside, definition1-1

outside NAT9-10

oversubscribing resources5-12

P

packet capture17-10

packet classifier5-2

packet flow

routed firewall4-3

transparent firewall4-12

paging screen displaysC-4

parameter problem, ICMP messageD-9

partitions

application2-13

boot2-13

crash dump2-13

Flash memory2-13

maintenance2-13

network configuration2-13

passwords

clearing

application17-9

maintenance17-10

enable

changing6-2

default6-2

login

changing6-2

default6-2

maintenance partition

changing6-2

default6-2

troubleshooting17-9

PAT

See NAT

PDM

allowing connections11-4

installation16-2

maximum connectionsA-4

version1-4

ping

See ICMP

PIX

implicit permit1-7

operating system1-8

security levels6-7

policy NAT

ACLs10-4

dynamic, configuring9-22

inspection engines9-6

maximum rulesA-5

overview9-8

static, configuring9-25

static PAT, configuring9-27

pools

address

DHCP8-19

global NAT9-24

addresses

VPN11-7

context rulesA-5

port redirection, NAT9-33

primary unit, failover

overview15-10

setting15-15

private networksD-2

privileged mode

accessing3-2

authentication12-8

promptC-2

privilege levels, for commands12-11

prompts

commandC-1

moreC-4

protocol numbers and literal valuesD-5

Q

quick startxxiii

R

RADIUS

adding a server12-6

CLI authentication12-8

downloadable ACLs12-23

enable command authentication12-9

network access authentication12-21

network access authorization12-23

support12-4

RealAudio

inspection engine13-14

RTSP13-15

RealNetworks13-15

RealPlayer13-15

rebooting

from the module17-8

from the switch2-13

redirect, ICMP messageD-9

redundancy

See failover

reloading

context5-22

module17-8

remarks10-25

requirements1-2

resetting

from the module17-8

from the switch2-13

resource management

assigning a context5-19

configuring5-14

default class5-13

monitoring5-24

oversubscribing5-12

overview5-12

resource types5-16

unlimited5-13

reverse route lookup

See Unicast RPF

RIP

default route updates8-18

enabling8-18

overview8-18

passive8-18

root user, maintenance partition6-2

routed firewall mode, setting4-16

route map ACL10-17

router advertisement, ICMP messageD-9

router solicitation, ICMP messageD-9

routing

default route8-2

OSPF8-4to 8-17

other protocols10-3

RIP8-18to 8-19

static8-3

RSA key11-3, 11-4

RSH, inspection engine13-15

RTSP, inspection engine13-15

RTSP restrictions13-15

rules

manually committing10-24

maximum10-7

pools for contextsA-5

S

same security level communication

embryonic connections6-9

enabling6-8

maximum connections6-9

NAT9-11

SCCP

fragmented packets13-19

H.32313-18

inspection engine13-18

secondary unit, failover15-10

security contexts

adding5-17

admin context

changing5-20

overview5-1

assigning to a resource class5-19

changing between5-20

classifier5-2

configuration

files5-2

URL, changing5-21

URL, setting5-18

IP address overlap5-3

logging in5-9

mapped interface name5-18

monitoring5-23

multiple mode, enabling5-11

name guidelines5-17

nesting or cascading5-9

overview5-1

promptC-1

reloading5-22

removing5-20

resource management5-12

VLAN allocation5-18

security level

allowing communication between the same level6-8

overview6-6

PIX comparison6-7

same security6-8

setting6-8

security policy1-7

Sentian filtering server14-1

serial number5-10

server

AAA12-6

filtering14-2

sessioning from the switch3-1

session management path1-5

shared VLANs5-5

show command, filtering outputC-3

shutting down an interface6-9

Simple Network Management Protocol

See SNMP

single mode

backing up configuration5-10

configuration5-11

enabling5-11

restoring5-11

SIP inspection engine13-16

SiteServer13-11

site-to-site tunnel11-8

Skinny

fragmented packets13-19

H.32313-18

inspection engine13-18

SMTP

inspection engine13-19

protection from attacks1-6

SNMP

MIBs17-2

overview17-2

traps17-2

software installation

any partition16-3

current partition16-2

maintenance16-5

source quench, ICMP messageD-9

SPAN session2-1

specificationsA-1

SQL*Net inspection engine13-20

SSH

authentication12-8

concurrent connections11-2

login11-3

management access11-2

maximum rulesA-5

RSA key11-3

username11-4

version11-2

standard ACL10-17

standby state, failover15-2

startup configuration5-2

stateful failover

See failover

stateful inspection1-5

state information15-3

state link15-3

static ARP entry7-4

static bridge entry7-2

static NAT

See NAT

static PAT

See NAT

static routes8-3

stealth firewall

See transparent firewall

subcommand mode promptC-2

subnet masks

/bitsD-3

address rangeD-4

dotted decimalD-3

number of hostsD-3

overviewD-2

Sun RPC, inspection engine13-21

supervisor engine versions1-2

supervisor IOS1-2

SVIs

configuring2-8

multiple2-6

overview2-6

switch

adding VLANs2-3

assigning VLANs to module2-2

assigning VLANs to ports2-3

BPDU forwarding2-12

configuration2-1

failover compatibility with transparent firewall2-12

failover configuration2-11

maximum modulesA-1

resetting the module2-13

sessioning to the module3-1

system requirements1-2

trunk for failover2-12

verifying module installation2-2

switched virtual interfaces

See SVIs

Switch Fabric ModuleA-1

SYN packet attack protection1-6

syntax formattingC-2

system configuration

network settings5-2

overview5-1

system requirements1-2

T

TACACS+

adding a server12-6

command authorization12-13

network access authorization12-22

support12-4

TCP intercept

overview1-6

security level requirements6-6

TCP ports and literal valuesD-5

TCP sequence number randomization

disabling

routed mode9-22

same security level6-10

transparent firewall6-10

security level requirements6-7

Telnet

authentication12-8

concurrent connections11-1

management access11-1

maximum rulesA-5

test15-13

testing configuration17-4

TFTP inspection engine13-21

time exceeded, ICMP messageD-9

timestamp reply, ICMP messageD-9

timestamp request, ICMP messageD-9

traffic flow

routed firewall4-3

transparent firewall4-12

transparent firewall

ARP inspection

enabling7-4

overview7-3

static entry7-4

data flow4-12

DHCP packets, allowing10-3

embryonic limit6-10

EtherType ACL10-16

examplesB-15

failover15-9

guidelines4-11

HSRP4-9

MAC address timeout7-2

MAC learning, disabling7-2

management IP address8-2

maximum connections6-10

mode, setting4-16

multicast traffic4-9

NAT4-11

overview4-9

packet handling10-3

static bridge entry7-2

TCP sequence number randomization, disabling6-10

VLANs4-9

VRRP4-9

traps, SNMP17-2

trunk, failover15-4

U

UDP

connection state information1-5

ports and literal valuesD-5

Unicast Reverse Path Forwarding1-6

Unicast RPF1-6

unprivileged mode

accesssing3-2

password6-2

promptC-1

unreachable, ICMP messageD-9

URL

context configuration, changing5-21

context configuration, setting5-18

filtering14-1

user, logged in12-18

V

virtual firewalls

See security contexts

Virtual Re-assembly1-6

VLANs

adding to switch2-3

allocating to a context5-18

assiging to switch ports2-3

assigning to FWSM2-2

failover interface15-3

interfaces2-2

mapped interface name5-18

maximumA-2

overview1-7

shared5-5

VoIP

gateways and gatekeepers13-7

H.32313-7

MGCP13-12

SCCP13-18

Skinny13-18

VPN

basic settings11-5

client tunnel11-7

management access11-5

site-to-site tunnel11-8

transforms11-6

VRRP4-9

W

WAN ports1-2

Websense Enterprise filtering server14-1

X

XDMCP, inspection engine13-22

	Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide, 2.2
	Index
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide, 2.2 About This Guide Quick Start Steps Introduction to the Firewall Services Module Configuring the Switch for the Firewall Services Module Connecting to the Firewall Services Module and Managing the Configuration Configuring the Firewall Mode Managing Security Contexts Configuring Basic Settings Configuring Bridging Parameters and ARP Inspection Configuring IP Addresses, Routing, and DHCP Configuring Network Address Translation Controlling Network Access with Access Control Lists Allowing Remote Management Configuring AAA Configuring Application and Protocol Inspection Filtering HTTP, HTTPS, or FTP Requests Using an External Server Using Failover Managing Software and Configuration Files Monitoring and Troubleshooting the Firewall Services Module Specifications Sample Configurations Understanding the Command-Line Interface Addresses, Protocols, and Ports Reference Acronyms and Abbreviations Index	Download this chapter Index Download the complete book Book-level PDF: Firewall Services Module Configuration Guide, 2.2 (PDF - 4 MB) Table Of Contents Symbols - A - B - C - D - E - F - G - H - I - L - M - N - O - P - Q - R - S - T - U - V - W - X - Index Symbols /bits subnet masksD-3 A AAA accounting12-25 authentication CLI12-8 enable12-8 network access12-20 authorization command12-10 downloadable ACLs12-23 network access12-22 clearing settings17-9 local database support12-4 maximum rulesA-5 overview12-1 performance12-2 server adding12-6 types12-4 abbreviating commandsC-2 abbreviationsE-1 access control entries See ACEs access control lists See ACLs accounting12-25 ACEs expanded10-7 logging10-26 maximum10-7 order10-6 ACLs comments10-25 commitment10-6 compilation10-6 downloadable12-23 EtherType10-16 expanded10-7 guidelines10-6 inbound10-10 inserting lines10-25 IP address guidelines10-7 logging10-26 manual commit10-24 maximum rules10-7 memory10-7 NAT addresses10-7 network access10-13 object groups10-17to 10-24 order of ACEs10-6 OSPF, route map10-17 outbound10-10 policy NAT10-4 poolsA-5 remarks10-25 standard10-17 acronymsE-1 activation key5-10 Active Directory13-11 active state, failover15-2 adaptive security algorithm1-5 address range, subnetsD-4 admin context changing5-20 overview5-1 alternate address, ICMP messageD-9 Apple QuickTime13-15 application inspection See inspection engines application partition passwords, clearing17-9 ARP inspection enabling7-4 overview7-3 static entry7-4 ARP spoofing7-3 ARP test, failover15-13 ASA1-5 attacks, protection from1-6 audience profilexvii authentication CLI12-8 enable12-8 FTP12-21 HTTP12-21 network access12-20 overview12-2 Telnet12-21 timeout12-2 authorization CLI12-10 command12-10 network access12-22 overview12-2 B backing up configuration16-5 bandwidth limiting5-12 maximumA-1 banners6-5 BGP10-3 bits subnet masksD-3 booting from the module17-8 from the switch2-13 boot partitions2-13 BPDUs ACL, EtherType10-16 forwarding on the switch2-12 bridge entry timeout7-2 bridge table See MAC address table Broadcast Ping test15-13 buffering URL replies14-3 bypassing the firewall2-7 C caching URLs14-4 capturing packets17-10 Catalyst 6500 See switch Catalyst OS versions1-2 CEFA-1 changing between contexts5-20 Cisco 7600 See switch Cisco CallManager13-18 Cisco Firewall MC1-4 Cisco IOS versions1-2 Cisco IP/TV13-15 Cisco IP Phones inspection engine13-18 with DHCP8-20 Cisco PDM1-4 Cisco VPN Client11-7 Class A, B, and C addressesD-1 classes See resource management classifier5-2 CLI abbreviating commandsC-2 adding commentsC-4 authentication12-8 authorization12-10 command line editingC-3 command output pagingC-4 displayingC-4 helpC-6 pagingC-4 privilege levels12-11 syntax formattingC-2 command authorization local user database12-10 TACACS+12-13 command-line interface See CLI command privilege levels12-11 command promptsC-1 comments ACLs10-25 configurationC-4 Compact Flash2-13 configuration backing up16-5 clearing3-4 commentsC-4 context files5-2 downloading16-5 examplesB-1 failover15-10 minimumxxiii saving3-3 switch2-1 text file3-4 URL for a context5-18 viewing3-3 configuration mode accessing3-2 promptC-2 connection limits6-9 console authentication12-8 port3-1 contexts See security contexts control plane path1-5 conventionsxix conversion error, ICMP messageD-9 crash dump17-11 D data flow routed firewall4-3 transparent firewall4-12 debug messages17-10 default class5-13 default route8-2 denial of service attacks, protection1-6 deny flows, logging10-28 DHCP relay8-21 server Cisco IP Phones8-20 configuring8-19 overview8-19 transparent firewall10-3 DMZ, definition1-1 DNS inspection engine13-6 NAT effect on9-13 protection from attacks1-6 DNS Guard1-6 domain name6-5 dotted decimal subnet masksD-3 downloadable ACLs12-23 dynamic NAT See NAT E echo reply, ICMP messageD-9 editing command linesC-3 EIGRP10-3 embryonic limit routed firewall9-23 transparent firewall6-10 enable accessing3-2 authentication12-8 password changing6-2 default6-2 established command maximum rulesA-5 security level requirements6-7 EtherChannel backplane load-balancing2-11 overview2-11 failover15-4 EtherType ACL10-16 assigned numbers10-16 examplesB-1 extended ACL10-13 F failover actions15-12 active state15-2 bandwidth15-5 configuration file Flash memory15-11 replication15-10 running memory15-11 terminal messages15-11 configuring15-14 contexts15-2 debugging15-23 disabling15-22 display15-19 EtherChannel15-4 examples15-26 FAQs15-23 forcing15-22 gratuitous ARPs15-2 inter-chassis15-4 interface monitoring15-13 interface policy15-15 interface tests15-13 intra-chassis15-4 IP addresses15-2 link communications15-3 MAC addresses15-10 monitoring15-12 network tests15-13 primary unit15-10 secondary unit15-10 standby state15-2 stateful failover overview15-2 state information15-3 state link15-3 statistics15-21 switch configuration2-11 system messages15-23 testing15-22 threshold15-15 transparent firewall15-9 triggers15-11 trunk2-12, 15-4 unit health15-13 verifying15-18 VLANs15-3 fast path1-5 features1-3 filtering adding a server14-2 buffering replies14-3 caching URLs14-4 FTP14-6 HTTP14-5 HTTPS14-6 long URL maximum14-4 maximum rulesA-5 overview14-1 security level requirements6-6 servers supported14-1 show command outputC-3 statistics14-6 Firewall MC1-4 firewall mode, setting4-16 fixups See inspection engines. Flash memory overview2-13 partitions2-13 sizeA-1 Flood Defender1-6 Flood Guard1-6 Frag Guard1-6 fragment size1-6 FTP authentication12-21 filtering14-6 inspection engine13-6 G global addresses recommendations9-12 specifying9-24 gratuitous ARPs, failover15-2 guest user, maintenance partition6-2 H H.225, connection status13-8 H.323 inspection engine13-7 Skinny13-18 version13-7 help, command lineC-6 host name6-4 hosts, subnet masks forD-3 HSRP4-9 HTTP authentication12-8 concurrent connections11-4 filtering14-5 inspection engine13-10 long URL maximum14-4 maximum rulesA-5 HTTPS filtering14-6 management connection11-4 maximum connectionsA-4 RSA key11-4 I ICMP ACL10-15 denied access1-6 error inspection engine13-11 inspection engine13-10 management access11-10 maximum rulesA-5 object group10-21 testing connectivity17-4 type numbersD-9 IKE11-5 ILS inspection engine13-11 inbound ACLs10-10 information reply, ICMP messageD-9 information request, ICMP messageD-9 inside, definition1-1 inspection engines configuring13-4 DNS13-6 FTP13-6 H.32313-7 HTTP13-10 ICMP13-10 ICMP error13-11 ILS13-11 LDAP13-11 limitations13-3 MGCP13-12 NAT and PAT support13-3 NetBIOS13-14 OraServ13-14 overview13-1 RealAudio13-14 RSH13-15 RTSP13-15 SCCP13-18 security level requirements6-6 SIP13-16 Skinny13-18 SMTP13-19 SQLNet13-20 standards13-3 static PAT9-6 Sun RPC13-21 TFTP13-21 XDMCP13-22 installation module verification2-2 software to any partition16-3 software to current partition16-2 interfaces enabled status6-7 failover monitoring15-13 failover policy15-15 global addresses9-24 maximumA-2 naming6-8 overview1-7 security level overview6-6 setting6-8 shared5-5 standby address15-16 turning off and on6-9 IOS versions1-2 IP addresses classesD-1 configuring8-2 management, transparent firewall8-2 overlapping between contexts5-3 privateD-2 standby15-16 subnet maskD-4 VPN client11-7 IPSec basic settings11-5 client11-7 management access11-5 transforms11-6 IP spoofing, protection from1-6 IPX2-7 ISAKMP11-5 L Layer 2 firewall See transparent firewall Layer 2 forwarding table See MAC address table LDAP inspection engine13-11 level See security level link up/down test15-13 load-balancing, backplane EtherChannel2-11 local user database adding a user12-6 command authorization12-10 logging in12-9 support12-4 lockout, recovering12-19 logging ACLs10-26 system messages17-1 login FTP12-21 local user12-9 session3-2 SSH3-2 Telnet3-2 viewing the user12-18 login banners6-5 login command12-9 login password changing6-2 default6-2 M MAC addresses, failover15-10 MAC address table entry timeout7-2 MAC learning, disabling7-2 overview4-12 resource management5-16 static entry7-2 MAC learning, disabling7-2 Mail Guard1-6, 13-19 maintenance partition guest user6-2 installing application software16-3 password changing6-2 clearing17-10 default6-2 root user6-2 software installation16-5 management access authentication12-8 management IP address, transparent firewall8-2 management support1-4 man-in-the-middle attack7-3 manual commit10-24 mapped interface name5-18 mask reply, ICMP messageD-9 mask request, ICMP messageD-9 maximum connections9-23 memory ACLs10-7 FlashA-1 RAMA-1 rules10-7 message-of-the-day banner6-5 MGCP inspection engine13-12 MIBs17-2 Microsoft Exchange13-19 minimum configurationxxiii mobile redirection, ICMP messageD-9 mode context5-11 firewall4-16 monitoring failover15-12 OSPF8-16 resource management5-24 security contexts5-23 SNMP17-2 More promptC-4 MPLS LDP10-16 router-id10-16 TDP10-16 MSFC definition1-2 overview1-9 SVIs2-7 multicast traffic4-9 Multilayer Switch Feature Card See MSFC multiple mode, enabling5-11 multiple SVIs2-6 N N2H2 Sentian filtering server14-1 naming an interface6-8 NAT bypassing NAT configuration9-28 overview9-7 DNS9-13 dynamic NAT configuring9-22 implementation9-16 overview9-3 embryonic limit9-23 examples9-31 exemption from NAT configuration9-30 overview9-7 identity NAT configuration9-28 overview9-7 inspection engine support13-3 maximum connections9-23 NAT ID9-16 order of statements9-12 outside NAT9-10 overlapping addresses9-32 overview9-1, 9-2 PAT configuring9-22 implementation9-16 overview9-4 policy NAT maximum rulesA-5 overview9-8 port redirection9-33 same security level9-11 security level requirements6-6 static NAT configuring9-25 overview9-5 static PAT configuring9-26 overview9-5 transparent firewall4-11 types9-3 NetBIOS inspection engine13-14 NetMeeting13-11 Network Activity test15-13 Network Address Translation See NAT network processors1-5 NPs1-5 O object groups adding ICMP10-21 network10-19 protocol10-19 service10-20 displaying10-24 expanded10-7 nesting10-22 overview10-18 removing10-24 operating system1-8 OraServ inspection engine13-14 OSPF ACL for route map10-17 area authentication8-11 area MD5 authentication8-11 area parameters8-11 authentication key8-9 cost8-9 dead interval8-9 default route8-14 displaying update packet pacing8-16 enabling8-5 hello interval8-9 interface parameters8-9 link-state advertisment8-5 logging neighbor states8-15 MD5 authentication8-10 monitoring8-16 NSSA8-12 overview8-4 packet pacing8-16 processes8-5 redistributing routes8-6 route calculation timers8-15 route map8-6 route summarization8-13 stub area8-12 summary route cost8-12 outbound ACLs10-10 outside, definition1-1 outside NAT9-10 oversubscribing resources5-12 P packet capture17-10 packet classifier5-2 packet flow routed firewall4-3 transparent firewall4-12 paging screen displaysC-4 parameter problem, ICMP messageD-9 partitions application2-13 boot2-13 crash dump2-13 Flash memory2-13 maintenance2-13 network configuration2-13 passwords clearing application17-9 maintenance17-10 enable changing6-2 default6-2 login changing6-2 default6-2 maintenance partition changing6-2 default6-2 troubleshooting17-9 PAT See NAT PDM allowing connections11-4 installation16-2 maximum connectionsA-4 version1-4 ping See ICMP PIX implicit permit1-7 operating system1-8 security levels6-7 policy NAT ACLs10-4 dynamic, configuring9-22 inspection engines9-6 maximum rulesA-5 overview9-8 static, configuring9-25 static PAT, configuring9-27 pools address DHCP8-19 global NAT9-24 addresses VPN11-7 context rulesA-5 port redirection, NAT9-33 primary unit, failover overview15-10 setting15-15 private networksD-2 privileged mode accessing3-2 authentication12-8 promptC-2 privilege levels, for commands12-11 prompts commandC-1 moreC-4 protocol numbers and literal valuesD-5 Q quick startxxiii R RADIUS adding a server12-6 CLI authentication12-8 downloadable ACLs12-23 enable command authentication12-9 network access authentication12-21 network access authorization12-23 support12-4 RealAudio inspection engine13-14 RTSP13-15 RealNetworks13-15 RealPlayer13-15 rebooting from the module17-8 from the switch2-13 redirect, ICMP messageD-9 redundancy See failover reloading context5-22 module17-8 remarks10-25 requirements1-2 resetting from the module17-8 from the switch2-13 resource management assigning a context5-19 configuring5-14 default class5-13 monitoring5-24 oversubscribing5-12 overview5-12 resource types5-16 unlimited5-13 reverse route lookup See Unicast RPF RIP default route updates8-18 enabling8-18 overview8-18 passive8-18 root user, maintenance partition6-2 routed firewall mode, setting4-16 route map ACL10-17 router advertisement, ICMP messageD-9 router solicitation, ICMP messageD-9 routing default route8-2 OSPF8-4to 8-17 other protocols10-3 RIP8-18to 8-19 static8-3 RSA key11-3, 11-4 RSH, inspection engine13-15 RTSP, inspection engine13-15 RTSP restrictions13-15 rules manually committing10-24 maximum10-7 pools for contextsA-5 S same security level communication embryonic connections6-9 enabling6-8 maximum connections6-9 NAT9-11 SCCP fragmented packets13-19 H.32313-18 inspection engine13-18 secondary unit, failover15-10 security contexts adding5-17 admin context changing5-20 overview5-1 assigning to a resource class5-19 changing between5-20 classifier5-2 configuration files5-2 URL, changing5-21 URL, setting5-18 IP address overlap5-3 logging in5-9 mapped interface name5-18 monitoring5-23 multiple mode, enabling5-11 name guidelines5-17 nesting or cascading5-9 overview5-1 promptC-1 reloading5-22 removing5-20 resource management5-12 VLAN allocation5-18 security level allowing communication between the same level6-8 overview6-6 PIX comparison6-7 same security6-8 setting6-8 security policy1-7 Sentian filtering server14-1 serial number5-10 server AAA12-6 filtering14-2 sessioning from the switch3-1 session management path1-5 shared VLANs5-5 show command, filtering outputC-3 shutting down an interface6-9 Simple Network Management Protocol See SNMP single mode backing up configuration5-10 configuration5-11 enabling5-11 restoring5-11 SIP inspection engine13-16 SiteServer13-11 site-to-site tunnel11-8 Skinny fragmented packets13-19 H.32313-18 inspection engine13-18 SMTP inspection engine13-19 protection from attacks1-6 SNMP MIBs17-2 overview17-2 traps17-2 software installation any partition16-3 current partition16-2 maintenance16-5 source quench, ICMP messageD-9 SPAN session2-1 specificationsA-1 SQLNet inspection engine13-20 SSH authentication12-8 concurrent connections11-2 login11-3 management access11-2 maximum rulesA-5 RSA key11-3 username11-4 version11-2 standard ACL10-17 standby state, failover15-2 startup configuration5-2 stateful failover See failover stateful inspection1-5 state information15-3 state link15-3 static ARP entry7-4 static bridge entry7-2 static NAT See NAT static PAT See NAT static routes8-3 stealth firewall See transparent firewall subcommand mode promptC-2 subnet masks /bitsD-3 address rangeD-4 dotted decimalD-3 number of hostsD-3 overviewD-2 Sun RPC, inspection engine13-21 supervisor engine versions1-2 supervisor IOS1-2 SVIs configuring2-8 multiple2-6 overview2-6 switch adding VLANs2-3 assigning VLANs to module2-2 assigning VLANs to ports2-3 BPDU forwarding2-12 configuration2-1 failover compatibility with transparent firewall2-12 failover configuration2-11 maximum modulesA-1 resetting the module2-13 sessioning to the module3-1 system requirements1-2 trunk for failover2-12 verifying module installation2-2 switched virtual interfaces See SVIs Switch Fabric ModuleA-1 SYN packet attack protection1-6 syntax formattingC-2 system configuration network settings5-2 overview5-1 system requirements1-2 T TACACS+ adding a server12-6 command authorization12-13 network access authorization12-22 support12-4 TCP intercept overview1-6 security level requirements6-6 TCP ports and literal valuesD-5 TCP sequence number randomization disabling routed mode9-22 same security level6-10 transparent firewall6-10 security level requirements6-7 Telnet authentication12-8 concurrent connections11-1 management access11-1 maximum rulesA-5 test15-13 testing configuration17-4 TFTP inspection engine13-21 time exceeded, ICMP messageD-9 timestamp reply, ICMP messageD-9 timestamp request, ICMP messageD-9 traffic flow routed firewall4-3 transparent firewall4-12 transparent firewall ARP inspection enabling7-4 overview7-3 static entry7-4 data flow4-12 DHCP packets, allowing10-3 embryonic limit6-10 EtherType ACL10-16 examplesB-15 failover15-9 guidelines4-11 HSRP4-9 MAC address timeout7-2 MAC learning, disabling7-2 management IP address8-2 maximum connections6-10 mode, setting4-16 multicast traffic4-9 NAT4-11 overview4-9 packet handling10-3 static bridge entry7-2 TCP sequence number randomization, disabling6-10 VLANs4-9 VRRP4-9 traps, SNMP17-2 trunk, failover15-4 U UDP connection state information1-5 ports and literal valuesD-5 Unicast Reverse Path Forwarding1-6 Unicast RPF1-6 unprivileged mode accesssing3-2 password6-2 promptC-1 unreachable, ICMP messageD-9 URL context configuration, changing5-21 context configuration, setting5-18 filtering14-1 user, logged in12-18 V virtual firewalls See security contexts Virtual Re-assembly1-6 VLANs adding to switch2-3 allocating to a context5-18 assiging to switch ports2-3 assigning to FWSM2-2 failover interface15-3 interfaces2-2 mapped interface name5-18 maximumA-2 overview1-7 shared5-5 VoIP gateways and gatekeepers13-7 H.32313-7 MGCP13-12 SCCP13-18 Skinny13-18 VPN basic settings11-5 client tunnel11-7 management access11-5 site-to-site tunnel11-8 transforms11-6 VRRP4-9 W WAN ports1-2 Websense Enterprise filtering server14-1 X XDMCP, inspection engine13-22
	© 1992-2008 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.