/bits subnet masksE-3

?

command stringC-4

helpC-4

AAA

accounting17-13

authentication

CLI access23-10

CLI access, system23-11

network access17-1

privileged EXEC mode23-13

authentication directly with the FWSM17-3

authorization

commands23-14

downloadable access lists17-10

network access17-9

clearing settings26-6

local database support11-6

maximum rulesA-7

overview11-1

password management17-6

performance17-1

prompts17-6

server

adding11-9

types11-3

support summary11-3

with web clients17-6

abbreviating commandsC-3

access lists

ACE logging, configuring13-26

ACE order13-2

comments13-18

commitment13-5

deny flows, managing13-27

downloadable17-10

EtherType, adding13-10

expanded13-6

extended, adding13-6

extended, overview13-6

implicit deny13-3

inbound15-1

interface, applying15-4

IP address guidelines with NAT13-3

logging13-25

maximum rules13-6

memory limits13-6

NAT addresses13-3

object grouping13-11

outbound15-1

overview13-1

remarks13-18

standard access lists, adding13-11

accounting17-13

ACEs

expanded13-6

logging13-25

maximum13-6

order13-2

Active/Active failover

about14-13

actions14-16

active state14-13

command replication14-14

configuration synchronization14-14

configuring

failover14-26

failover group preemption14-29

HTTP replication14-30

interface poll time14-30

unit poll time14-30

criteria for failover14-30

device initialization14-14

failover groups14-13

primary status14-13

saving the configuration14-15

secondary status14-13

standby state14-13

status14-35

synchronizing the configurations14-15

triggers14-15

Active/Standby failover

about14-9

actions14-12

active state14-9

command replication14-11

configuration synchronization14-9

configuring

failover14-21

HTTP replication14-25

interface poll time14-25

unit poll time14-25

criteria for failover14-25

device initializtion14-9

primary status14-9

saving the configuration14-10

secondary status14-9

standby state14-9

status14-32

synchronizing the configurations14-10

triggers14-11

Active Directory, password management17-6

adaptive security algorithm1-8

admin context

changing4-33

overview4-3

alternate-address (ICMP message)E-15

application inspection

about22-2

applying22-6

configuring22-1, 22-6

inspection class map20-10

inspection policy map20-7

security level requirements6-1

special actions20-6

application partition passwords, clearing26-6

ARP inspection

configuring19-1

enabling19-2

overview19-1

static entry19-2

ARP spoofing19-2

ARP table, static entry19-2

ASDM

allowing access23-4

installation24-8

maximum connectionsA-5

ASR8-30

asymmetric routing support8-30

AUS24-18

authentication

CLI access23-10

CLI access, system23-11

FTP17-3

HTTP17-2

network access17-1

overview11-2

privileged EXEC mode23-13

Telnet17-2

web clients17-6

authorization

commands23-14

downloadable access lists17-10

network access17-9

overview11-2

autostate messaging2-9

Auto Update

configuring24-18

status24-20

bandwidth

limiting4-21

maximumA-3

basic settings7-1

BGP

configuring8-7

limitations8-7

monitoring8-5, 8-8

restarting8-9

support for8-6

bits subnet masksE-3

booting

from the FWSM26-6

from the switch2-11

boot partitions2-10

BPDUs

access list, EtherType13-10

forwarding on the switch2-9

bridge groups

IP addresses, assigning6-6

overview1-7

bridge table

See MAC address table

bufferwraps

save to interal Flash25-10

send to FTP server25-11

bypassing firewall checks21-10

bypassing the firewall, in the switch2-6

CA

CRs and12-2

public key cryptography12-1

revoked certificates12-2

capturing packets26-8

Catalyst 6500

See switch

CEFA-3

Certificate Revocation Lists

See CRLs

certification authority

See CA

changing between contexts4-31

Cisco 7600

See switch

Cisco IP Phones

application inspection22-89

with DHCP8-38

Cisco VPN Client23-6

Class A, B, and C addressesE-2

class-default class map20-4

classes, logging

filtering messages by25-13

message class variables25-13

types25-13

classes, MPF

See class map

classes, resource

See resource management

class map

inspection20-10

Layer 3/4

match commands20-5

through traffic20-5

regular expression20-14

clearing configuration settings25-18

CLI

abbreviating commandsC-3

adding commentsC-5

authenticating access23-10

command line editingC-3

command output pagingC-5

displayingC-5

helpC-4

pagingC-5

syntax formattingC-3

command authorization

configuring23-14

multiple contexts23-15

overview23-10

command prompts

configuring7-4

overviewC-2

comments

access lists13-18

configurationC-5

Compact Flash2-10

configuration

clearing3-5

clearing settings25-18

commentsC-5

saving3-3

switch2-1

text file3-6

URL for a context4-29

viewing3-5

configuration mode

accessing3-2

promptC-2

configuring8-33

configuring RHI8-33

connection

advanced features21-1

blocking21-15

deletingA-5

limits21-1

rate-limiting21-2

timeouts21-1

connection limits

per context4-26

console port, external3-1

contexts

See security contexts

control plane path1-8

conversion-error (ICMP message)E-15

crash dump26-9

CTIQBE inspection

enabling22-11

limitations and restrictions22-10

monitoring22-12

overview22-10

cut-through proxy17-1

data flow

routed firewall5-2

transparent firewall5-12

debug messages

failover14-42

viewing26-7

default class4-23

default policy20-3

deny flows, logging13-27

device ID, including in messages25-16

DHCP

Cisco IP Phones8-38

configuring8-35

relay8-39

server8-38

transparent firewall13-7

disabling messages, specific message IDs25-17

DMZ, definition1-1

DNS and NAT16-16

DNS inspection

configuring22-24

managing22-18

rewrite22-19

domain name, setting7-4

DoS attack, preventing16-27

dotted decimal subnet masksE-3

downloadable access lists17-10

DSCP bits1-9

DUAL8-23

dual IP stack10-4

dynamic NAT

See NAT

eBGP8-7

echo (ICMP message)E-15

echo-reply (ICMP message)E-15

editing command linesC-3

EIGRP13-7

configuring8-23

DUAL algorithm8-23

hello interval8-27

hello packets8-22

hold time8-23, 8-27

neighbor discovery8-22

Overview8-22

stub routing8-24

stuck-in-active8-23

EMBLEM format, using in logs25-17

embryonic connection limits21-2

ESMTP inspection

configuring22-96

overview22-94

established command

maximum rulesA-7

security level requirements6-2

EtherChannel, backplane

load-balancing2-8

overview2-8

EtherType access list

adding13-10

applying in both directions13-9

compatibilty with extended access lists13-10

implicit deny13-9

MPLS, allowing13-10

supported EtherTypes13-9

EtherType assigned numbers13-10

facility, logging25-5

failover

about14-1

Active/Active

See Active/Active failover

Active/Standby

See Active/Standby failover

configuring

Active/Active14-26

Active/Standby14-21

debug messages14-42

disabling14-41

displaying the configuration14-39

forcing14-40

interface health monitoring14-19

link

about14-2

securing14-31

module placement

inter-chassis14-4

intra-chassis14-3

PISA21-6

requirements

license14-2

software14-2

restoring a failed unit14-41

SNMP traps14-42

Stateful

See Stateful Failover

switch configuration2-9

system log messages14-42

testing14-39

transparent firewall considerations14-7

trunk2-9

unit health monitoring14-19

upgrading software24-9

failover groups

assigning contexts to14-28

creating14-27

definition of14-13

preempt command14-29

restoring to an unfailed state14-41

filtering

ActiveX18-1

exempting18-8

FTP18-9

HTTP18-7

HTTPS18-8

Java applets18-3

long HTTP URLs

setting the size18-7

truncating18-8

maximum rulesA-7

overview18-1

security level requirements6-1

servers supported18-4

show command outputC-4

URLs18-4

firewall mode

configuring5-1

overview5-1

Flash memory

overview2-10

partitions2-10

sizeA-3

format of messages25-19

fragments1-4

limitationsA-4

fragment size, configuring21-15

FTP filtering18-9

FTP inspection

configuring22-32

overview22-30

generating RSA keys12-4

global addresses

guidelines16-15

specifying16-28

GRE tagging with PISA21-5

GTP inspection

configuring22-37

overview22-35

H.225, configuring22-50

H.245

monitoring22-54

troubleshooting22-54

H.323 inspection

configuring22-51

limitations22-49

overview22-48

troubleshooting22-54

half-closed connection limits21-3

help, command lineC-4

hostname, setting7-3

hosts, subnet masks forE-3

HSRP5-8

HTTP(S)

authentication23-12

filtering18-4

maximum connectionsA-5

maximum rulesA-7

HTTP replication

configuring in Active/Active failover14-30

configuring in Active/Standby failover14-25

iBGP8-7

ICMP

management access23-9

maximum rulesA-7

testing connectivity26-1

type numbersE-15

IGMP9-2

IKE23-5

ILS application inspection22-64

IM22-77

importing certificates12-5

inbound access lists15-1

information-reply (ICMP message)E-15

information-request (ICMP message)E-15

inside, definition1-1

inspection_default class-map20-4

installation

ASDM24-8

maintenance software24-12

module verification2-2

software, using the CLI24-3

software, using the maintenance partition24-5

Instant Messaging22-77

interfaces

configuring poll times14-25, 14-30

global addresses16-28

health monitoring14-19

maximumA-4

naming6-3, 6-6, 6-7

shared4-7

turning off6-12

turning on6-12

viewing monitored interface status14-39

IOS

upgrading2-1

IP addresses

classesE-2

interface6-3, 6-8

overlapping between contexts4-5

privateE-2

routed mode6-3, 6-8

subnet maskE-4

translating16-1

transparent mode6-4

VPN client23-7

IPSec

basic settings23-5

client23-6

management access23-4

transforms23-5

IP spoofing, preventing21-14

IPv6

access lists10-5

default and static routes10-5

dual IP stack, configuring10-4

duplicate address detection10-4

enabled commands10-1

neighbor discovery10-6

router advertisement messages10-8

static neighbor10-10

verifying configuration10-10

viewing routes10-11

IPX2-6

ISAKMP23-5

ISNs, randomizing

using Modular Policy Framework21-1

Java applet filtering18-2

Kerberos

configuring11-9

support11-6

Layer 2 firewall

See transparent firewall

Layer 2 forwarding table

See MAC address table

Layer 3/4

matching multiple policy maps20-18

LDAP

application inspection22-64

configuring11-9

support11-6

licenses24-1

load-balancing, backplane EtherChannel2-8

local user database

adding a user11-7

configuring11-7

logging in23-13

support11-6

system execution space23-13

lockout recovery23-23

log bufferwraps

save to internal Flash25-10

send to FTP server25-11

logging

access lists13-25

class

filtering messages by25-12

types25-13

device-id, including in system log messages25-16

email

configuring as output destination25-6

destination address25-6

source address25-6

EMBLEM format25-16

facility option25-5

filtering messages

by message class25-13

by message list25-14

logging queue, configuring25-15

multiple context mode25-2

output destinations

ASDM25-7

email address25-6

internal buffer25-9

SNMP25-34

SSH25-8

switch session25-8

syslog server25-5

Telnet25-8

queue

changing the size of25-15

configuring25-15

viewing queue statistics25-15

severity level

changing25-18

severity level, changing25-18

timestamp, including25-15

logging queue

configuring25-15

login

banner7-5

command23-13

FTP17-3

local user23-13

session3-2

SSH3-2

system execution space23-13

Telnet3-2

loops, avoiding2-9

MAC address table

adding an address19-3

entry timeout19-3

MAC learning, disabling19-4

overview5-12, 19-3

resource management4-26

static entry19-3

viewing19-4

MAC learning, disabling19-4

maintenance partition

installing application software from24-5

IP address24-7

password

clearing26-7

setting7-2

software installation24-12

management IP address, transparent firewall6-4

man-in-the-middle attack19-2

mapped interface name4-28

mapping

MIBs to CLIsD-1

mask-reply (ICMP message)E-15

mask-request (ICMP message)E-15

match commands

inspection class map20-8

Layer 3/4 class map20-5

memory

access list use of13-6

FlashA-3

RAMA-3

rules use of13-6

memory partitions4-12

reallocating rules4-19

setting the total number4-13

sizes4-14

message classes

about25-12

list of25-13

message list

creating25-14

filtering by25-14

message severity levels, list of25-20

metacharacters, regular expression20-11

MGCP inspection

configuring22-67

overview22-65

MIBs

supported25-20

mobile-redirect (ICMP message)E-15

mode

CLIC-2

context4-10

firewall5-1

Modular Policy Framework

See MPF

monitoring

OSPF8-20

resource management4-36

SNMP25-20

more prompt

disabling23-1

overviewC-5

MPF

about20-1

default policy20-3

features20-1

flows20-18

matching multiple policy maps20-18

service policy, applying20-20

MPLS

LDP13-10

router-id13-10

TDP13-10

MSFC

definitionA-1

overview1-6

SVIs2-6

multicast routing9-1

multicast traffic5-8

Multilayer Switch Feature Card

See MSFC

multiple context mode

See security contexts

multiple SVIs2-5

naming an interface6-3, 6-6, 6-7

NAT

bypassing NAT

configuration16-34

overview16-10

DNS16-16

dynamic NAT

configuring16-26

implementation16-20

overview16-6

examples16-37

exemption from NAT

configuration16-36

overview16-10

identity NAT

configuration16-34

overview16-10

NAT ID16-20

order of statements16-15

overlapping addresses16-38

overview16-1

PAT

configuring16-26

implementation16-20

overview16-8

static16-31

policy NAT

dynamic, configuring16-26

maximum rulesA-7

overview16-10

static, configuring16-30

static PAT, configuring16-32

port redirection16-39

RPC not supported with22-100

same security level16-14

security level requirements6-1

static identity, configuring16-34

static NAT

configuring16-29

overview16-8

static PAT

configuring16-31

overview16-9

transparent mode16-4

types16-6

xlate bypass

configuring16-19

overview16-13

network processors1-8

networks, overlapping16-38

NPs1-8

NTLM support11-5

NT server

configuring11-9

support11-5

object groups

expanded13-6

nesting13-15

removing13-17

open portsE-14

OSPF

area authentication8-14

area MD5 authentication8-14

area parameters8-14

authentication key8-12

cost8-12

dead interval8-12

default route8-18

displaying update packet pacing8-19

enabling8-10

hello interval8-12

interface parameters8-12

link-state advertisement8-10

logging neighbor states8-19

MD5 authentication8-12

monitoring8-20

NSSA8-15

overview8-9

packet pacing8-19

processes8-10

redistributing routes8-11

route calculation timers8-18

route map8-5

route summarization8-17

stub area8-14

summary route cost8-14

outbound access lists15-1

outside, definition1-1

oversubscribing resources4-22

packet

capture26-8

classifier4-3

flow

routed firewall5-2

transparent firewall5-12

paging screen displaysC-5

parameter-problem (ICMP message)E-15

parameter problem, ICMP messageE-15

partitions

application2-10

boot2-10

crash dump2-10

Flash memory2-10

maintenance2-10

network configuration2-10

password management, AAA17-6

passwords

changing7-1

clearing

application26-6

maintenance26-7

recovery26-6

troubleshooting26-6

PAT

See NAT

PIM features, configuring9-6

ping

See ICMP

PISA integration21-4

policy map

inspection20-7

Layer 3/4

about20-15

adding20-18

default policy20-18

flows20-18

policy NAT

about16-10

See NAT

pools, addresses

DHCP8-36

global NAT16-28

VPN23-7

PORT command, FTP22-31

ports

open on deviceE-14

redirection, NAT16-39

private networksE-2

privileged EXEC mode

accessing3-2

authentication23-13

promptC-2

prompts

commandC-2

moreC-5

setting7-4

protocol numbers and literal valuesE-11

proxy servers, SIP22-76

public key cryptography12-1

QoS compatibility1-9

question mark

command stringC-4

helpC-4

queue, logging

changing the size of25-15

viewing statistics25-15

RADIUS

configuring a server11-9

downloadable access lists17-10

network access authentication17-3

network access authorization17-10

password management17-6

support11-4

rapid link failure detection2-9

RAS H.323 troubleshooting22-55

rate-limiting connections21-2

RealPlayer22-73

rebooting

from the FWSM CLI26-6

from the switch2-11

redirect (ICMP message)E-15

redirect, ICMP messageE-15

Registration Authority description12-2

regular expression20-11

Related Documentation3-xxviii

reloading

contexts4-34

from the FWSM CLI26-6

from the switch2-11

remarks

access lists13-18

configurationC-5

remote management

ASDM23-4

SSH23-2

Telnet23-1

VPN23-4

requirementsA-1

resetting

from the FWSM CLI26-6

from the switch2-11

resource management

assigning a context to a class4-30

class4-24

configuring4-21

default class4-23

monitoring4-36

oversubscribing4-22

overview4-22

resource types4-26

unlimited4-22

resource usage4-39

revoked certificates12-2

RHI8-32, 8-33

RIP

default route updates8-21

enabling8-21

overview8-21

passive8-21

routed firewall

data flow5-2

interfaces, configuring6-3

setting5-17

route health injection8-32

router

advertisement, ICMP messageE-15

solicitation, ICMP messageE-15

router-advertisement (ICMP message)E-15

router-solicitation (ICMP message)E-15

routes

configuring8-2

generating a default8-18

logging neighbors8-19

monitoring OSPF8-20

summarization8-17

routing

BGP stub8-6

OSPF8-21

other protocols13-7

RIP8-22

RSA

keys, generating12-4

signatures, IKE authentication method12-2

RSA keys, generating23-3

RSH connectionsA-5

RTSP inspection

configuring22-74

overview22-73

rules

default allocationA-7

maximum13-6

memory partitions4-12

pools for contextsA-7

reallocating memoryA-8

reallocating memory per partition4-19

running configuration

backing up24-17

clearing3-5

downloading24-15

saving3-3

viewing3-5

same security level communication

configuring6-10

NAT16-14

SCCP (Skinny) inspection

Cisco IP Phones, supporting22-90

configuration22-89

SDI

configuring11-9

support11-5

secure computing smartfilter18-4

security contexts

adding4-28

admin context

changing4-33

overview4-3

assigning to a resource class4-30

changing between4-31

classifier4-3

command authorization23-15

configuration

URL, changing4-33

URL, setting4-29

logging25-2

logging in4-9

managing4-32

mapped interface name4-28

memory partitions4-12

monitoring4-35

MSFC compatibility1-7

multiple mode, enabling4-10

overview4-1

promptC-2

reloading4-34

removing4-32

resource management4-22

resource usage4-39

saving all configurations3-4

unsupported features4-2

VLAN allocation4-28

security level

configuring6-3, 6-7

overview6-1

service policy

applying20-20

default20-20

global20-20

interface20-20

sessioning from the switch3-1

session management path1-8

severity levels of system log messages

definition25-20

list of25-20

shared interfaces4-7

shared VLANs4-7

show command, filtering outputC-4

shunning21-15

single mode

backing up configuration4-10

configuration4-11

enabling4-10

restoring4-11

SIP inspection

instant messaging22-77

overview22-77

timeout values, configuring22-82

troubleshooting22-86

site-to-site tunnel23-8

SMTP inspection

configuring22-96

overview22-94

SNMP

MIBs25-20

overview25-20

traps25-32

software installation

any partition24-5

current partition24-3

maintenance24-12

source-quench (ICMP message)E-15

source quench, ICMP messageE-15

SPAN session2-2

specificationsA-1

SSH

authentication23-12

concurrent connections23-2

login23-3

maximum rulesA-7

username23-3

startup configuration

backing up24-17

copying to the running configuration3-5

downloading24-15

saving3-3

viewing3-5

Stateful Failover

overview14-18

state information passed14-18

state link14-3

stateful inspection

bypassing21-10

overview1-8

state link

See Stateful Failover

static ARP entry19-2

static MAC address entry19-3

static NAT

See NAT

static PAT

See NAT

stealth firewall

See transparent firewall

Stub Multicast Routing9-5

stuck-in-active8-23

subnet masks

/bitsE-3

address rangeE-4

dotted decimalE-3

number of hostsE-3

overviewE-2

Sun RPC inspection

configuring22-100

overview22-100

SVIs

configuring2-7

multiple2-5

overview2-5

switch

assigning VLANs to module2-2

autostate messaging2-9

BPDU forwarding2-9

configuration2-1

failover compatibility with transparent firewall2-9

failover configuration2-9

maximum modulesA-3

resetting the module2-11

sessioning to the module3-1

system requirementsA-1

trunk for failover2-9

verifying module installation2-2

switched virtual interfaces

See SVIs

Switch Fabric ModuleA-3

SYN attacks, monitoring4-40

SYN cookies4-40

syntax formattingC-3

syslog server

as output destination25-4

designating25-5

designating more than one25-5

EMBLEM format

configuring25-17

enabling25-5

system execution space

configuration4-2

local user database11-7

login command23-13

session authentication23-11

username command11-7

system log messages

classes25-13

classes of

list of classes25-13

configuring in groups

by message list25-14

creating lists of25-12

device ID, including25-16

failover14-42

filtering

by list25-14

by message class25-12

format of25-19

managing in groups

by message class25-13

creating a message list25-12

multiple context mode25-2

severity levels25-20

timestamp, including25-15

variables used in25-19

system requirementsA-1

TACACS+

command authorization23-18

configuring a server11-9

network access authorization17-9

support11-4

TCP

back-to-back connectionsA-5

connection, deletingA-5

connection limits21-2

connection limits per context4-26

ports and literal valuesE-11

sequence number randomization

disabling using Modular Policy Framework21-2

sequence randomization21-2

TCP Intercept

configuring for transparent mode16-27

monitoring4-40

TCP normalization, disabling21-14

TCP state bypass21-10

Telnet

authentication

enabling23-12

session from switch23-11

system execution space23-11

concurrent connections23-1

maximum rulesA-7

testing configuration26-1

time-exceeded (ICMP message)E-15

time exceeded, ICMP messageE-15

time ranges, access lists13-24

timestamp

reply, ICMP messageE-15

timestamp, including in system log messages25-15

timestamp-reply (ICMP message)E-15

traffic flow

routed firewall5-2

transparent firewall5-12

transparent firewall

ARP inspection

enabling19-2

overview19-1

static entry19-2

data flow5-12

DHCP packets, allowing13-7

failover considerations14-7

guidelines5-10

HSRP5-8

interfaces, configuring6-4

MAC address timeout19-3

MAC learning, disabling19-4

management IP address6-4

multicast traffic5-8

overview5-7

packet handling13-7

setting5-17

static MAC address entry19-3

unsupported features5-11

VRRP5-8

transparent mode

NAT16-4

traps, SNMP25-32

troubleshooting

capturing packets26-8

common problems26-10

configuration26-1

crash dump26-9

debug messages26-7

H.32322-54

H.323 RAS22-55

password recovery26-6

SIP22-86

trustpoint12-3

tunnels

basic settings, configuring23-5

site-to-site, configuring23-8

VPN client access, configuring23-6

UDP

connection limits21-2

connection limits per context4-26

connection state information1-9

ports and literal valuesE-11

Unicast Reverse Path Forwarding21-14

unit health monitoring14-19

unit poll time, configuring

Active/Active14-30

Active/Standby14-25

unprivileged mode

accessing3-2

promptC-2

unreachable (ICMP message)E-15

upgrading

IOS2-1

URLs

context configuration, changing4-33

context configuration, setting4-29

filtering18-4

viewing logs25-4

virtual firewalls

See security contexts

virtual HTTP17-3

virtual reassembly1-4

virtual SSH17-3

virtual Telnet17-3

VLANs

allocating to a context4-28

assigning to FWSM2-2

interfaces2-2

mapped interface name4-28

maximumA-4

shared4-7

VoIP

proxy servers22-76

troubleshooting22-54

VPN

basic settings23-5

client tunnel23-6

management access23-4

site-to-site tunnel23-8

transforms23-5

VRRP5-8

WAN portsA-1

web clients, secure authentication17-6

xlate bypass

configuring16-19

overview16-13