Supported Devices, OS Versions, and Commands for Management Center for Firewalls 1.2.1 [CiscoWorks Management Center for Firewalls]

Supported Devices, OS Versions and Commands for Management Center for
Firewalls 1.2.1
Supported Devices
Support for PIX Firewall and Firewall Services Module CLI Commands

Supported Devices, OS Versions and Commands for Management Center for
Firewalls 1.2.1

Revised: August 28, 2003

Management Center for Firewalls (Firewall MC) Version 1.2.1 provides support for PIX OS Versions 6.1.5, 6.2.3 and 6.3.3, and FWSM OS Version 1.1.3.

This document includes:

Supported Devices
Support for PIX Firewall and Firewall Services Module CLI Commands

Supported Devices

Table 1 lists the devices supported by Management Center for Firewalls 1.2.1.

Table 1 Devices

Series

Devices Supported

Software

Cisco PIX Firewall Series

PIX 501, PIX 506, PIX 506E, PIX 515, PIX 515E, PIX 525, PIX 535

PIX OS Version:

6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.2, 6.2.1, 6.2.2, 6.2.3, 6.3, 6.3.1, 6.3.2, 6.3.3

FWSM

N/A

FWSM OS Version:

1.1.1, 1.1.2, 1.1.3

Support for PIX Firewall and Firewall Services Module CLI Commands

PIX Firewall and Firewall Services Module (FWSM) CLI commands receive different levels of support from Firewall MC 1.2.1. You should fully understand the level of support that each command receives from Firewall MC; this understanding will enable you to use commands or command combinations in PIX Firewall and FWSM configuration files so that import operations and deployment jobs succeed.

The levels of support provided by Firewall MC are:

Supported—Firewall MC fully supports this command. It can import and deploy a configuration with this command.
Unsupported—Firewall MC does not support the command. Based on the value of the Action on Unknown commands setting (Configuration > MC Settings > Management), Firewall MC generates an error or places the command as an ending command.
Error—Commands in this category can interact unpredictably with Firewall MC features that may be configured in the user interface. If a command in this category appears in a configuration during import or during deploy to device, Firewall MC generates an error and the import fails.
Ignored—Commands in this category do not interact with features configured in the Firewall MC user interface. These commands are copied verbatim during import as an ending command.
Discarded—Commands in this category are discarded upon import.
Deprecated—Commands in this category are supported in beginning and ending commands, but can result in overlapping commands with unexpected results. These commands have been outdated by newer CLI constructs and might become obsolete in future versions of CLI. We recommend that you not use deprecated commands.

Note To access ending commands, select Configuration > Device Settings > Configuring Additions > Ending Commands.

Command descriptions show in the table use these conventions:

Braces ({ }) indicate a required choice.
Square brackets ([ ]) indicate optional elements.
Vertical bars ( | ) separate alternative, mutually exclusive elements.

Table 2 PIX Firewall Version 1.1.2 CLI Commands Support Status

Command Reference	CLI Commands	Supported	Unsupported	Error	Ignored	Discarded	Not Used
aaa accounting	aaa accounting include \| exclude acctg_service inbound \| outbound \| if_name local_ip local_mask foreign_ip foreign_mask group_tag Note Include and exclude are not supported, but can be manually converted to an ACL.
	PIX Firewall			X
	FWSM			X
	aaa accounting match acl_name inbound \| outbound \| if_name group_tag
	PIX Firewall	X
	FWSM	X
aaa authentication	aaa authentication include \| exclude authen_service inbound \| outbound \| if _name local_ip local_mask foreign_ip foreign_mask group_tag Note Include and exclude are not supported, but can be manually converted to an ACL.
	PIX Firewall			X
	FWSM			X
	aaa authentication match acl_name inbound \| outbound \| if_name group_tag
	PIX Firewall	X
	FWSM	X
	aaa authentication [enable \| telnet \| ssh \| http] console group_tag
	PIX Firewall	X
	FWSM	X
	aaa authentication [serial \| enable \| telnet \| ssh \| http] console group_tag
	PIX Firewall	X
	FWSM						X
	aaa authentication secure-http-client
	PIX Firewall		X
	FWSM						X
aaa authorization	aaa authorization command {LOCAL \| tacacs_server_tag}
	PIX Firewall		X
	FWSM		X
	aaa authorization include \| exclude author_service inbound \| outbound \| if_name local_ip local_mask foreign_ip foreign_mask Note Include and exclude are not supported, but can be manually converted to an ACL.
	PIX Firewall			X
	FWSM			X
	aaa authorization match acl_name inbound \| outbound \| if_name group_tag
	PIX Firewall	X
	FWSM	X
aaa mac-exempt	aaa mac-exempt match id
	PIX Firewall		X
	FWSM						X
aaa proxy-limit	aaa proxy-limit proxy limit \| disable
	PIX Firewall		X
	FWSM		X
aaa-server	aaa-server group_tag (if_name) host server_ip key timeout seconds
	PIX Firewall	X
	FWSM	X
	aaa-server group_tag protocol auth_protocol
	PIX Firewall	X
	FWSM	X
	aaa-server radius-acctport port
	PIX Firewall		X
	FWSM		X
	aaa-server radius-authport port
	PIX Firewall		X
	FWSM		X
	debug radius session
	PIX Firewall					X
	FWSM					X
access-group	access-group acl_ID in interface interface_name
	PIX Firewall	X
	FWSM	X
access-list	access-list [acl_ID] compiled
	PIX Firewall	X
	FWSM						X
	access-list deny-flow-max n
	PIX Firewall	X
	FWSM						X
	access-list alert-interval secs
	PIX Firewall	X
	FWSM						X
	access-list id [deny \| permit] icmp {source_addr \| local_addr} {source_mask \| local_mask} {destination_addr \| remote_addr} {destination_mask \| remote_mask} icmp_type
	PIX Firewall	X
	FWSM	X
	access-list id {deny \| permit} icmp {source_addr \| local_addr} {source_mask \| local_mask} \| interface if_name \| object-group network_obj_grp_id {destination_addr \| remote_addr} {destination_mask \| remote_mask} \| interface if_name \| object-group network_obj_grp_id [icmp_type \| object-group icmp_type_obj_grp_id] [log [[disable \| default] \| [level]]] [interval secs]]
	PIX	X
	FWSM	X
	access-list id {deny \| permit} icmp {source_addr \| local_addr} {source_mask \| local_mask} \| object-group network_obj_grp_id {destination_addr \| remote_addr} {destination_mask \| remote_mask} \| object-group network_obj_grp_id [icmp_type \| object-group icmp_type_obj_grp_id]
	PIX Firewall	X
	FWSM	X
	access-list id {deny \| permit}{protocol \| object-group protocol_obj_grp_id {source_addr \| local_addr} {source_mask \| local_mask} \| object-group network_obj_grp_id [operator port [port] \| interface if_name \| object-group service_obj_grp_id] {destination_addr \| remote_addr} {destination_mask \| remote_mask} \| object-group network_obj_grp_id [operator port [port] \| object-group service_obj_grp_id]} [log [[disable \| default] \| [level]]] [interval secs]]
	PIX Firewall	X
	FWSM	X
	access-list id deny\|permit {any \| <ip> <mask>}
	PIX Firewall						X
	FWSM		X
	access-list id remark text
	PIX Firewall				X
	FWSM						X
	debug access-list all \| standard
	PIX Firewall					X
	FWSM					X
	debug access-list all \| standard \| turbo
	PIX Firewall					X
	FWSM						X
activation-key	activation-key activation-key-four-tuple
	PIX Firewall					X
	FWSM						X
alias	alias [(if_name)] dnat_ip foreign_ip [netmask]
	PIX Firewall		X
	FWSM		X
arp	arp if_name ip_address mac_address [ alias ]
	PIX Firewall				X
	FWSM				X
	arp timeout seconds
	PIX Firewall				X
	FWSM				X
auth-prompt	auth-prompt [ accept \| reject \| prompt ] string
	PIX Firewall	X
	FWSM	X
auto-update	auto-update device-id harware-serial \| hostname \| ipaddress [if_name] \| mac-address [if_name] string text
	PIX Firewall	X
	FWSM						X
	auto-update poll-period poll_period [retry_count [retry_period]]
	PIX Firewall	X
	FWSM						X
	auto-update server url [verify_certificate]
	PIX Firewall	X
	FWSM						X
	auto-update timeout period
	PIX Firewall	X
	FWSM						X
banner	banner {exec \| login \| motd} text
	PIX Firewall		X
	FWSM						X
ca	ca authenticate ca_nickname [fingerprint]
	PIX Firewall		X
	FWSM		X
	ca configure ca_nickname ca \| ra retry_period retry_count [crloptional]
	PIX Firewall		X
	FWSM		X
	ca crl request ca_nickname
	PIX Firewall		X
	FWSM		X
	ca enroll ca_nickname challenge_password [serial] [ipaddress]
	PIX Firewall		X
	FWSM		X
	ca generate rsa {key \| specialkey} key_modulus_size
	PIX Firewall		X
	FWSM		X
	ca identity ca_nickname ca_ipaddress[:ca_script_location] [ldap_ip address]
	PIX Firewall		X
	FWSM		X
	ca save all
	PIX Firewall		X
	FWSM		X
	ca subject-name ca_nickname X.500_string
	PIX Firewall		X
	FWSM						X
	ca verifycertdn X.500_string
	PIX Firewall		X
	FWSM						X
	ca zeroize rsa [keypair_name]
	PIX Firewall		X
	FWSM		X
ca generate rsa key	ca generate rsa key modulus
	PIX Firewall		X
	FWSM		X
capture	capture capture_name [access-list acl_name][buffer bytes] [ethernet-type type][interface name] [packet-length bytes] [circular-buffer]
	PIX Firewall					X
	FWSM						X
clear	clear file configuration \| pdm \| pki
	PIX Firewall					X
	FWSM						X
clock	clock set hh:mm:ss {day month \| month day} year
	PIX Firewall		X
	FWSM						X
	clock summer-time zone recurring [week weekday month hh:mm week weekday month hh:mm] [offset]
	PIX Firewall		X
	FWSM						X
	clock summer-time zone date {day month \| month day} year hh:mm {day month \| month day} year hh:mm [offset]
	PIX Firewall		X
	FWSM						X
	clock timezone zone hours [minutes]
	PIX Firewall		X
	FWSM						X
conduit	Note Conduits rely on the converter tool to translate conduits and outbounds to access-list commands.
	conduit permit \| deny protocol global_ip global_mask [operator port [port]] foreign_ip foreign_mask [operator port [port]]
	PIX Firewall			X
	FWSM						X
	conduit permit \| deny icmp global_ip global_mask foreign_ip foreign_mask [icmp_type]
	PIX Firewall			X
	FWSM						X
	conduit deny \| permit protocol \| object-group protocol_obj_grp_id global_ip global_mask \| object-group network_obj_grp_id [operator port [port] \| object-group service_obj_grp_id] foreign_ip foreign_mask \| object-group network_obj_grp_id [operator port [port] \| object-group service_obj_grp_id]
	PIX Firewall			X
	FWSM						X
	conduit deny \| permit icmp global_ip global_mask \| object-group network_obj_grp_id foreign_ip foreign_mask \| object-group network_obj_grp_id [icmp_type \| object-group icmp_type_obj_grp_id]
	PIX Firewall			X
	FWSM						X
configure	configure factory-default [inside_ip_address [address_mask]] Note Applies to PIX 501 and PIX 506/506E only.
	PIX Firewall					X
	FWSM						X
	configure floppy Note Applies only to older PIX Firewalls that have a floppy drive.
	PIX Firewall					X
	FWSM						X
	configure http[s] :// [user:password@] location [ :port ] / http_pathname
	PIX Firewall					X
	FWSM						X
	configure memory
	PIX Firewall					X
	FWSM					X
	configure net [[server_ip]:[filename]]
	PIX Firewall					X
	FWSM					X
	configure terminal
	PIX Firewall					X
	FWSM					X
console	console timeout number
	PIX Firewall					X
	FWSM						X
copy	copy capture: capture_name tftp://location/path [pcap]
	PIX Firewall					X
	FWSM						X
	copy http[s]://[user:password@] location [:port ] / http_pathname flash [: [image \| pdm] ]
	PIX Firewall					X
	FWSM						X
	copy tftp[:[[//location] [/tftp_pathname]]] flash[:[image \| pdm]]
	PIX Firewall					X
	FWSM					X
crashinfo	crashinfo test
	PIX Firewall					X
	FWSM						X
	crashinfo force [page-fault \| watchdog]
	PIX Firewall					X
	FWSM						X
	crashinfo save [enable \| disable]
	PIX Firewall				X
	FWSM						X
crypto dynamic-map	crypto dynamic-map dynamic-map-name dynamic-seq-num match address acl_name
	PIX Firewall		X
	FWSM		X
	crypto dynamic-map dynamic-map-name dynamic-seq-num set peer hostname \| ip-address
	PIX Firewall		X
	FWSM		X
	crypto dynamic-map dynamic-map-name dynamic-seq-num set pfs [group1 \| group2]
	PIX Firewall		X
	FWSM		X
	crypto dynamic-map dynamic-map-name dynamic-seq-num set security-association lifetime seconds seconds \| kilobytes kilobytes
	PIX Firewall		X
	FWSM		X
	crypto dynamic-map dynamic-map-name dynamic-seq-num set transform-set transform-set-name1 [ transform-set-name9]
	PIX Firewall		X
	FWSM		X
crypto ipsec	crypto ipsec security-association lifetime seconds seconds \| kilobytes kilobytes
	PIX Firewall		X
	FWSM		X
	crypto ipsec transform-set transform-set-name transform1 [transform2 [transform3]]
	PIX Firewall		X
	FWSM		X
	crypto ipsec transform-set transform-set-name mode transport
	PIX Firewall		X
	FWSM		X
crypto map	crypto map map-name client [token] authentication aaa-server-name
	PIX Firewall		X
	FWSM		X
	crypto map map-name client configuration address initiate \| respond
	PIX Firewall		X
	FWSM		X
	crypto map map-name interface interface-name
	PIX Firewall		X
	FWSM		X
	crypto map map-name seq-num ipsec-isakmp \| ipsec-manual [dynamic dynamic-map-name]
	PIX Firewall		X
	FWSM		X
	crypto map map-name seq-num match address acl_name
	PIX Firewall		X
	FWSM		X
	crypto map map-name seq-num set peer hostname \| ip-address
	PIX Firewall		X
	FWSM		X
	crypto map map-name seq-num set pfs [group1 \| group2]
	PIX Firewall		X
	FWSM		X
	crypto map map-name seq-num set security-association lifetime seconds seconds \| kilobytes kilobytes
	PIX Firewall		X
	FWSM		X
	crypto map map-name seq-num set session-key inbound \| outbound ah spi hex-key-string
	PIX Firewall		X
	FWSM		X
	crypto map map-name seq-num set session-key inbound \| outbound esp spi cipher hex-key-string [authenticator hex-key-string]
	PIX Firewall		X
	FWSM		X
	crypto map map-name seq-num set transform-set transform-set-name1 [transform-set-name6]
	PIX Firewall		X
	FWSM		X
debug	debug
	PIX Firewall					X
	FWSM					X
dhcpd	dhcpd address ip1[-ip2] [if_name]
	PIX Firewall	X
	FWSM	X
	dhcpd auto_config [client_ifx_name]
	PIX Firewall	X
	FWSM	X
	dhcpd dns dns1 [dns2]
	PIX Firewall	X
	FWSM	X
	dhcpd domain domain_name
	PIX Firewall	X
	FWSM	X
	dhcpd enable [if_name]
	PIX Firewall	X
	FWSM						X
	dhcpd lease lease_length
	PIX Firewall	X
	FWSM	X
	dhcpd option 66 ascii {server_name \| server_ip_str}
	PIX Firewall	X
	FWSM						X
	dhcpd option 150 ip server_ip1 [server_ip2]
	PIX Firewall	X
	FWSM						X
	dhcpd ping timeout timeout
	PIX Firewall	X
	FWSM	X
	dhcpd wins wins1 [wins2]
	PIX Firewall	X
	FWSM	X
dhcprelay	dhcprelay enable client_ifc
	PIX Firewall	X
	FWSM	X
	dhcprelay server dhcp_server_ip server_ifc
	PIX Firewall	X
	FWSM	X
	dhcprelay setroute client_ifc
	PIX Firewall	X
	FWSM	X
	dhcprelay timeout seconds
	PIX Firewall	X
	FWSM	X
disable	disable
	PIX Firewall					X
	FWSM					X
domain-name	domain-name name
	PIX Firewall				X
	FWSM						X
eeprom	eeprom update
	PIX Firewall					X
	FWSM						X
enable	enable [priv_1evel]
	PIX Firewall					X
	FWSM						X
	enable password [pw] [encrypted]
	PIX Firewall	X
	FWSM	X
	enable password [pw] [level priv_level] [encrypted]
	PIX Firewall					X
	FWSM						X
established	established dest_protocol [src_port] [permitto protocol port [-port]] [permitfrom protocol port [-port]]
	PIX Firewall		X
	FWSM			X
exit	exit
	PIX Firewall					X
	FWSM					X
failover	failover
	PIX Firewall	X
	FWSM	X
	failover active
	PIX Firewall					X
	FWSM					X
	failover ip address if_name ip_address
	PIX Firewall	X
	FWSM	X
	failover lan enable
	PIX Firewall	X
	FWSM	X
	failover lan interface if_name
	PIX Firewall	X
	FWSM						X
	failover lan key key_secret
	PIX Firewall	X
	FWSM						X
	failover lan unit primary \| secondary
	PIX Firewall					X
	FWSM						X
	failover link [stateful_if_name]
	PIX Firewall	X
	FWSM	X
	failover mac address mif_name act_mac stn_mac
	PIX Firewall		X
	FWSM						X
	failover poll seconds
	PIX Firewall	X
	FWSM	X
	failover replicate http
	PIX Firewall	X
	FWSM	X
	failover reset
	PIX Firewall					X
	FWSM					X
	failover timeout seconds
	PIX Firewall				X
	FWSM						X
filter	filter activex port local_ip mask foreign_ip mask
	PIX Firewall		X
	FWSM		X
	filter ftp dest-port local_ip local_mask foreign_ip foreign_mask [allow] [interact-block]
	PIX Firewall		X
	FWSM		X
	filter https dest-port local_ip local_mask foreign_ip foreign_mask [allow]
	PIX Firewall		X
	FWSM
	filter java port[-port] local_ip mask foreign_ip mask
	PIX Firewall		X
	FWSM		X
	filter url [port[-port]] local_ip local_mask foreign_ip foreign_mask [allow]
	PIX Firewall	X
	FWSM	X
	filter url [http \| port[-port]] local_ip local_mask foreign_ip foreign_mask [allow]
	PIX Firewall	X
	FWSM						X
	filter url [http \| port[-port]] local_ip local_mask foreign_ip foreign_mask [allow] [proxy-block] [longurl-truncate \| longurl-deny] [cgi-truncate] Note Syntax errors are generated on [proxy-block] [longurl-truncate \| longurl-deny] [cgi-truncate]
	PIX Firewall			X
	FWSM						X
	filter url except local_ip local_mask foreign_ip foreign_mask
	PIX Firewall		X
	FWSM			X
fixup protocol	fixup protocol ctiqbe 2748
	PIX Firewall	X
	FWSM						X
	fixup protocol esp-ike
	PIX Firewall	X
	FWSM						X
	fixup protocol ftp [strict] [port]
	PIX Firewall	X
	FWSM	X
	fixup protocol http [port[-port]]
	PIX Firewall	X
	FWSM	X
	fixup protocol h323 {h225 \| ras} port [-port]
	PIX Firewall	X
	FWSM	X
	fixup protocol icmp error
	PIX Firewall	X
	FWSM						X
	fixup protocol ils [port[-port]]
	PIX Firewall	X
	FWSM						X
	fixup protocol mgcp [port [-port]
	PIX Firewall	X
	FWSM						X
	fixup protocol pptp 1723
	PIX Firewall	X
	FWSM						X
	fixup protocol rsh [514]
	PIX Firewall	X
	FWSM	X
	fixup protocol rtsp [port]
	PIX Firewall	X
	FWSM	X
	fixup protocol sip [port[-port]
	PIX Firewall	X
	FWSM	X
	fixup protocol sip udp [5060]
	PIX Firewall	X
	FWSM	X
	fixup protocol skinny [port[-port]
	PIX Firewall	X
	FWSM	X
	fixup protocol smtp [port[-port]]
	PIX Firewall	X
	FWSM	X
	fixup protocol sqlnet [port[-port]]
	PIX Firewall	X
	FWSM	X
flashfs	flashfs downgrade {4.x \| 5.0 \| 5.1}
	PIX Firewall					X
	FWSM						X
floodguard	floodguard enable
	PIX Firewall	X
	FWSM	X
	floodguard disable
	PIX Firewall	X
	FWSM	X
fragment	Note Fragments can be imported correctly, but will generate commands per interface only.
	fragment size database-limit [interface]
	PIX Firewall	X
	FWSM	X
	fragment chain chain-limit [interface]
	PIX Firewall	X
	FWSM	X
	fragment timeout seconds [interface]
	PIX Firewall	X
	FWSM	X
global	global [(if_name)] nat_id {global_ip [-global_ip] [netmask global_mask]} \| interface
	PIX Firewall	X
	FWSM	X
help	help
	PIX Firewall					X
	FWSM					X
hostname	hostname newname
	PIX Firewall	X
	FWSM	X
http	http ip_address [netmask] [if_name]
	PIX Firewall	X
	FWSM	X
	http server enable
	PIX Firewall	X
	FWSM	X
icmp	icmp permit \| deny [host] src_addr [src_mask] [type] int_name
	PIX Firewall	X
	FWSM	X
igmp	Note See the multicast command for igmp subcommands.
interface	Note See also router interface command reference for ospf subcommand support.
	interface interface_name
	PIX Firewall						X
	FWSM		X
	interface hardware_id [hardware_speed] [shutdown]
	PIX Firewall OS	X
	FWSM						X
	interface hardware_id vlan_id [logical \| physical] [shutdown]
	PIX Firewall	X
	FWSM						X
	interface hardware_id change-vlan old_vlan_id new_vlan_id
	PIX Firewall			X
	FWSM						X
	ospf authentication [message-digest \| null]
	PIX Firewall						X
	FWSM		X
	ospf authentication-key password
	PIX Firewall						X
	FWSM		X
	ospf cost interface_cost
	PIX Firewall						X
	FWSM		X
	ospf database-filter all out
	PIX Firewall						X
	FWSM		X
	ospf dead-interval seconds
	PIX Firewall						X
	FWSM		X
	ospf hello-interval seconds
	PIX Firewall						X
	FWSM		X
	ospf message-digest-key key-id md5 key
	PIX Firewall						X
	FWSM		X
	ospf mtu-ignore
	PIX Firewall						X
	FWSM		X
	ospf priority number
	PIX Firewall						X
	FWSM		X
	ospf retransmit-interval seconds
	PIX Firewall						X
	FWSM		X
	ospf transmit-delay seconds
	PIX Firewall						X
	FWSM		X
ip address	ip address if_name ip_address [netmask]
	PIX Firewall	X
	FWSM	X
	ip address outside dhcp [setroute] [retry retry_cnt]
	PIX Firewall	X
	FWSM	X
	ip address if_name pppoe [setroute]
	PIX Firewall	X
	FWSM						X
	ip address if_name ip_address netmask pppoe [setroute]
	PIX Firewall	X
	FWSM						X
ip audit	ip audit attack [action [alarm] [drop] [reset]]
	PIX Firewall	X
	FWSM						X
	ip audit info [action [alarm] [drop] [reset]]
	PIX Firewall	X
	FWSM						X
	ip audit interface if_name audit_name
	PIX Firewall	X
	FWSM						X
	ip audit name audit_name attack [action [alarm] [drop] [reset]]
	PIX Firewall	X
	FWSM						X
	ip audit name audit_name info [action [alarm] [drop] [reset]]
	PIX Firewall	X
	FWSM						X
	ip audit signature signature_number disable
	PIX Firewall	X
	FWSM						X
ip local pool	ip local pool pool_name pool_start-address[-pool_end-address]
	PIX Firewall		X
	FWSM						X
ip prefix-list	Note See also prefix-list commands.
	ip prefix-list list-name [seq seq-value] {deny \| permit network/length}[ge ge-value] [le le-value]
	PIX Firewall						X
	FWSM		X
	ip prefix-list sequence-number
	PIX Firewall						X
	FWSM		X
ip verify reverse-path	ip verify reverse-path interface int_name
	PIX Firewall	X
	FWSM	X
isakmp	isakmp client configuration address-pool local pool-name [interface-name]
	PIX Firewall		X
	FWSM		X
	isakmp enable interface-name
	PIX Firewall		X
	FWSM		X
	isakmp identity {address \| hostname}
	PIX Firewall						X
	FWSM		X
	isakmp identity {address \| hostname \| [key-id key_id_string]}
	PIX Firewall		X
	FWSM						X
	isakmp keepalive seconds [retry_seconds]
	PIX Firewall		X
	FWSM		X
	isakmp key keystring address peer-address [netmask mask] [no-xauth] [no-config-mode]
	PIX Firewall		X
	FWSM		X
	isakmp nat-traversal [natkeepalive]
	PIX Firewall		X
	FWSM						X
	isakmp peer fqdn fqdn no-xauth no-config-mode
	PIX Firewall		X
	FWSM		X
isakmp policy	isakmp policy priority authentication pre-share \| rsa-sig
	PIX Firewall		X
	FWSM		X
	isakmp policy priority encryption aes \| aes-192\| aes-256 \| des \| 3des
	PIX Firewall		X
	FWSM		X
	isakmp policy priority group1 \| 5
	PIX Firewall		X
	FWSM		X
	isakmp policy priority group1 \| 2 \| 5
	PIX Firewall		X
	FWSM						X
	isakmp policy priority hash md5 \| sha
	PIX Firewall		X
	FWSM		X
	isakmp policy priority lifetime seconds
	PIX Firewall		X
	FWSM		X
kill	kill
	PIX Firewall					X
	FWSM					X
logging	logging on
	PIX Firewall	X
	FWSM	X
	logging buffered level
	PIX Firewall	X
	FWSM	X
	logging console level
	PIX Firewall	X
	FWSM	X
	logging device-id {hostname \| ipaddress if_name \| string text}
	PIX Firewall	X
	FWSM						X
	logging facility facility
	PIX Firewall	X
	FWSM	X
	logging history level
	PIX Firewall	X
	FWSM	X
	logging host [in_if_name] ip_address [protocol/port]
	PIX Firewall	X
	FWSM	X
	logging host [in_if_name] ip_address [protocol/port] format emblem
	PIX Firewall		X
	FWSM						X
	logging message syslog_id
	PIX Firewall						X
	FWSM	X
	logging message syslog_id [level level]
	PIX Firewall	X
	FWSM						X
	logging monitor level
	PIX Firewall	X
	FWSM	X
	logging queue queue_size
	PIX Firewall	X
	FWSM	X
	logging standby
	PIX Firewall	X
	FWSM	X
	logging timestamp
	PIX Firewall	X
	FWSM	X
	logging trap level
	PIX Firewall	X
	FWSM	X
login	login
	PIX Firewall					X
	FWSM						X
mac-list	mac-list id deny \| permit mac macmask
	PIX Firewall		X
	FWSM						X
management- access	management-access mgmt_if
	PIX Firewall		X
	FWSM						X
mgcp	mgcp call-agent ip_address group_id
	PIX Firewall		X
	FWSM						X
	mgcp command-queue limit
	PIX Firewall		X
	FWSM						X
	mgcp gateway ip_address group_id
	PIX Firewall		X
	FWSM						X
mroute	mroute src smask in-if-name dst dmask out-if-name
	PIX Firewall		X
	FWSM						X
multicast	multicast interface interface_name [max-groups number]
	PIX Firewall		X
	FWSM						X
	igmp forward interface interface_name
	PIX Firewall		X
	FWSM						X
	igmp access-group acl_id
	PIX Firewall		X
	FWSM						X
	igmp join-group group
	PIX Firewall		X
	FWSM						X
	igmp max-groups number
	PIX Firewall		X
	FWSM						X
	igmp query-interval seconds
	PIX Firewall		X
	FWSM						X
	igmp query-max-response-time seconds
	PIX Firewall		X
	FWSM						X
	igmp version {1 \| 2}
	PIX Firewall		X
	FWSM						X
mtu	mtu if_name bytes
	PIX Firewall	X
	FWSM	X
name/names	name ip_address name
	PIX Firewall				X
	FWSM				X
	names
	PIX Firewall				X
	FWSM				X
nameif	nameif vlan_id if_name security_level
	PIX Firewall	X
	FWSM	X
	nameif {hardware_id \| vlan_id} if_name security_level
	PIX Firewall	X
	FWSM						X
nat	nat [(if_name)] id address [netmask][norandomseq] [timeout hh:mm:ss] [conn_limit [em_limit]]]
	PIX Firewall	X
	FWSM						X
	nat [(if_name)] nat_id local_ip [netmask [max_conns [em_limit]]] [norandomseq]
	PIX Firewall	X
	FWSM	X
	nat [(if_name)] id address [netmask [outside] [dns] [norandomseq] [timeout hh:mm:ss] [conn_limit [em_limit]]]
	PIX Firewall	X
	FWSM						X
	nat [(if_name)] 0 access-list acl_name
	PIX Firewall	X
	FWSM	X
ntp	ntp authenticate
	PIX Firewall		X
	FWSM						X
	ntp authentication-key number md5 value
	PIX Firewall		X
	FWSM						X
	ntp server ip_address [key number] source if_name [prefer]
	PIX Firewall		X
	FWSM						X
	ntp trusted-key number
	PIX Firewall		X
	FWSM						X
object-group	Note Support for service groups within object grouping is limited. Service groups are successfully parsed, but flatten immediately. This affects commands with keywords icmp-type, protocol, and service.
	object-group grp_id
	PIX Firewall	X
	FWSM	X
	object-group icmp-type grp_iddescription description_text icmp-group icmp_type
	PIX Firewall	X
	FWSM	X
	object-group network grp_id description description_text network-object host host_addr network-object host_addr netmask
	PIX Firewall	X
	FWSM	X
	object-group protocol grp_id description description_text protocol-object protocol
	PIX Firewall	X
	FWSM	X
	object-group service grp_id {tcp \| udp \| tcp-udp} description description_text port-object eq service port-object range begin_service end_service
	PIX Firewall	X
	FWSM	X
outbound / apply	Note Outbounds rely on the converter tool to translate outbounds and conduits to access-list commands.
	apply [(if_name)] list_ID outgoing_src \| outgoing_dest
	PIX Firewall			X
	FWSM						X
	outbound list_ID permit \| deny ip_address [netmask [port[-port]] [protocol]
	PIX Firewall			X
	FWSM						X
	outbound list_ID except ip_address [netmask [port[-port]] [protocol]
	PIX Firewall			X
	FWSM						X
pager	pager [lines number]
	PIX Firewall				X
	FWSM				X
password	{password \| passwd} password [encrypted]
	PIX Firewall	X
	FWSM	X
pdm	pdm history enable
	PIX Firewall				X
	FWSM				X
	pdm history [view {all \| 12h \| 5d \| 60m \| 10m}] [snapshot] [feature {all \| blocks \| cpu \| failover \| ids \| interface if_name \| memory \| perfmon \| xlates}] [pdmclient]
	PIX Firewall				X
	FWSM				X
	pdm location ip_address netmask if_name
	PIX Firewall				X
	FWSM				X
	pdm logging [level [messages]]
	PIX Firewall				X
	FWSM				X
perfmon	perfmon verbose
	PIX Firewall					X
	FWSM					X
	perfmon interval seconds
	PIX Firewall					X
	FWSM					X
	perfmon quiet
	PIX Firewall					X
	FWSM					X
	perfmon settings
	PIX Firewall					X
	FWSM					X
ping	ping [if_name] ip_address
	PIX Firewall					X
	FWSM					X
prefix-list	Note See also ip prefix-list commands.
	prefix-list list_name [seq seq_value] {permit \| deny prefix / len} [ge min_value] [le max_value]
	PIX Firewall		X
	FWSM						X
	prefix-list sequence-number
	PIX Firewall		X
	FWSM						X
privilege	privilege [show \| clear \| configure] level level [mode enable \| configure] command command
	PIX Firewall		X
	FWSM						X
quit	quit
	PIX Firewall					X
	FWSM					X
reload	reload
	PIX Firewall					X
	FWSM					X
	reload noconfirm
	PIX Firewall					X
	FWSM					X
rip	rip if_name default \| passive [version [1 \| 2]] [authentication [text \| md5 key (key_id)]]
	PIX Firewall	X
	FWSM	X
route	route if_name ip_address netmask gateway_ip [metric]
	PIX Firewall	X
	FWSM	X
route-map	route-map map_tag [permit \| deny] [seq_num]
	PIX Firewall		X
	FWSM		X
	match [interface \| route-type \| metric \| ip address \| ip next-hop \| ip route-source]
	PIX Firewall						X
	FWSM		X
	set metric [+ \| -] metric_value
	PIX Firewall						X
	FWSM		X
	set metric-type type-1 \| type-2 \| internal \| external
	PIX Firewall						X
	FWSM		X
	set ip next-hop ip-address [ip-address...]
	PIX Firewall						X
	FWSM		X
router ospf	router ospf pid
	PIX Firewall		X
	FWSM	X
	area area_id
	PIX Firewall		X
	FWSM	X
	area area_id authentication [message-digest]
	PIX Firewall		X
	FWSM	X

Hierarchical Navigation

CiscoWorks Management Center for Firewalls

Supported Devices, OS Versions, and Commands for Management Center for Firewalls 1.2.1

Downloads

Table of Contents

Supported Devices, OS Versions and Commands for Management Center for
Firewalls 1.2.1

Supported Devices

Support for PIX Firewall and Firewall Services Module CLI Commands

Hierarchical Navigation

CiscoWorks Management Center for Firewalls

Supported Devices, OS Versions, and Commands for Management Center for Firewalls 1.2.1

Downloads

Table of Contents

Supported Devices, OS Versions and Commands for Management Center for Firewalls 1.2.1

Supported Devices

Support for PIX Firewall and Firewall Services Module CLI Commands

Supported Devices, OS Versions and Commands for Management Center for
Firewalls 1.2.1