Table of Contents
Index
A
B
C
D
E
F
G
H
I
J
L
M
N
O
P
R
S
T
U
V
W
Index
A
AAA (authentication, authorization, or accounting)
access rules 11-2
server groups
AAA Admin Authentication, configuring 8-47
elements and descriptions (table) 8-49
AAA authentication
AAA services
access rules 11-1
AAA rules 11-2
ACL mode, and 11-4
applet
ASA (Adaptive Security Algorithm), and 11-4
configuring 11-1
copying 11-29
cutting 11-29
deleting 11-31
filter rules (see web filter rules) 11-3
firewall rules 11-2
FWSM, and 11-13
hierarchy of 6-8
Mandatory and Default Settings (figure) 6-9
important information about 11-12
pasting 11-29
PIX Firewall, and 11-13
web filter rules 11-3
ACEs (Access Control Entries), definition 11-4
ACLs (Access Control Lists)
action buttons 1-15, 4-11
action buttons (table) 1-16
activities 15-16
activities, approving 3-10
activities, managing 4-1
action buttons 4-11
activity bar, using 4-6
activity states 4-13
approving or rejecting activities 4-22
closing an activity 4-24
creating activities 4-14
error and warning messages 4-26
activity transition warning messages 4-30
locking 4-2
opening an existing activity 4-23
Process Flow (table) 4-8
rejecting or approving activities 4-22
submitting activities for review 4-19
tasks in 4-9
activity actions and states, understanding 4-10
Activity Management Table (figure) 4-11
important notes about 4-9
undoing an activity 4-25
workflow
when disabled (default) 4-5
when enabled 4-7
activities, understanding 3-8
activity bar, using 4-6
activity bar icons (table) 1-9
activity states 4-13
adding
adding a fragment to the Fragments feature 8-63
additions for this release of Firewall MC, configuring 13-1
address translation pools
administrative activity reports, viewing 16-29
activity page columns and descriptions (table) 16-31
XML files, saving as 16-30
administrative events, retaining audit records of 16-27
administrative model, selecting 3-2
Cisco Secure ACS roles and privileges 3-3
CiscoWorks Server roles, and Firewall MC privileges 3-3
Admin tab
advanced device-level settings, configuring 8-54
Anti-Spoofing feature, configuring 8-61
approval for firewall policies, requiring 3-10
Approve button, when approval is disabled 3-2
Approved activity state 4-13
approving activities 3-10
approving or rejecting activities 4-22
ARP (Address Resolution Protocol)
audience for this document xxiii
audit records of administrative events, retaining 16-27
AUS
AUS (Auto Update Server)
applying 7-37
configuring 7-35
configuring PIX Firewall to use 5-10
contact information 7-35
authentication mode, selecting 3-2
Cisco Secure ACS roles and privileges 3-3
CiscoWorks Server roles, and Firewall MC privileges 3-3
authentication prompts, configuring 8-52
elements and descriptions (table) 8-53
enabling prompts 8-52
B
backing up the database 19-6
basic device-level settings, configuring 8-1
Beginning Commands feature, configuring 13-2
bootstrapping
configurations, checking
FWSM, existing 5-13
PIX Firewall, existing 5-2
configurations, verifying
FWSM
FWSM (firewall services module), LAN-based failover pair 18-17
overview 5-1
PIX Firewall, LAN-based failover pair 18-11
PIX Firewall for LAN-based failover 18-8
PIX Firewalls, existing 5-4
PIX Firewall to use AUS 5-10
required information
when to bootstrap
building blocks
AAA server groups
address translation pools
important information about 10-3
network objects 10-9
service definitions
service groups
buttons (see action buttons) 1-16
C
cautions
regarding
configuration files, unauthorized access 3-27
configuration files, unauthorized access to 3-26
deployment directories 3-28
import directories 3-29
security and internal DNS servers 12-9
static NAT rule and internal DNS servers 12-9
significance of xxiv
changing
AAA authentication A-14
authentication, AAA A-14
checklists
deployment phase 2-22
implementation phase 2-13
operations phase 2-25
planning phase 2-2
verification phase 2-20
checkpoints
Cisco.com, accessing xxviii
Cisco Secure Access Control Server
permissions to use
ACS Permission Types (table) B-9
Firewall MC roles and privileges using ACS (table) B-9
roles and descriptions using ACS (table) B-8
roles and privileges, and Firewall MC 3-3
shared profile components 3-3, B-6
share profile components B-6
CiscoWorks Server
logging in to 1-1
login window (figure) 1-2
CiscoWorks Server roles, and Firewall MC privileges 3-3, B-2
closing an activity 4-24
compacting
concepts in Firewall MC
configuration hierarchy 6-10
Sample Group Hierarchy (figure) 6-11
conduits and outbound list conversion tool
conduits, conversion notes 7-6
outbound lists, conversion notes 7-6
process 7-7
configuration files
additions 13-1
earlier version, returning to (rollback) 15-29
generating 14-2
importing
for devices 7-8
for multiple devices 7-8
from devices 7-16
previous, returning to (rollback) 15-29
configuration hierarchy (scope)
concept 6-10
Configuration Hierarchy and Settings Attributes (figure) 6-3
configurations, viewing 14-1
Configuration tab
Device Settings option
Routing suboption (see routing) 9-1
Settings option
Config Additions suboption (see configuration files, additions) 13-1
Failover page (see failover) 18-23
View Config option 14-1
Configuring 17-1
configuring
AAA server groups 10-30
access rules 11-1
additions for this release of Firewall MC 13-1
address translation pools 10-34
AUS 7-35
Beginning Commands feature 13-2
DHCP Servers 7-27
Ending Commands feature 13-3
failover 18-23
FWSM (Firewall Services Module) failover pairs 18-15
PIX Firewall to use AUS 5-10
proxy ARPs 9-14
RIPs 9-9
routing 9-1
service definitions 10-23
service groups 10-27
settings 6-1
static routes 9-4
TFTP servers 7-34
translation rules 12-1
unique identity 7-40
URL filtering servers 7-22
VPN client 17-1, 17-5
controls, global 3-15
creating
creating activities 4-14
CSV file, setting up A-16
D
databases
default
default settings
inherited
by children, changing A-23
defining rules
deleting
device groups 6-15
devices 7-20
fragment from the Fragments feature 8-65
HTTPS (SSL) rules 8-29
ICMP rules 8-47
interface 8-16
network objects 10-23
rules
service definitions 10-27
service groups 10-29
SNMP client information 8-43
SSH 8-36
static routes 9-6
Telnet rule 8-32
URL filter server 7-26
deploying
individual devices A-25
troubleshooting
workflow
deployment
configurations
deploying 15-3
Deployment tab, deploying from 15-13
Generate and Deploy icon, deploying from 15-4
generating 15-3
viewing 15-9
deployment, important notes on 15-2
deployment error messages, understanding 15-16
deployment methods 15-1
deployment states, understanding 15-8
Deployment Summary page, viewing 15-14
Deployment table
managing 15-1
summary icons, understanding 15-8
deployment controls 3-25
deploying to AUS, usage notes on 3-26
deployment type, setting 3-25
elements and descriptions (table) 3-27
device administration, configuring
passwords 8-20
elements and descriptions (table) 8-22
notes, restrictions 8-20
setting 8-21
device groups 6-11
adding or editing 6-12
defining group information 6-13
deleting 6-15
device groups, moving 6-13
device-level settings, configuring 8-1
AAA admin authentication 8-47
advanced settings 8-54
Anti-Spoofing feature 8-61
Basic Fixups feature 8-72
Flood Guard feature 8-80
Fragments 8-63
IDS Policy 8-55
IDS signatures 8-58
Multimedia Fixups feature 8-75
TCP options 8-65
Timeouts 8-69
authentication prompts, configuring 8-52
elements and descriptions (table) 8-53
enabling prompts 8-52
basic settings 8-1
device administration 8-19
passwords, configuring 8-20
firewall device contact info 8-23
applying info 8-24
elements and descriptions (table) 8-25
Firewall OS version 8-2
elements and descriptions (table) 8-3
HTTPS (SSL) 8-26
deleting a rule 8-29
elements and descriptions (table) 8-28
rules, adding or editing 8-27
ICMP interface rules 8-43
deleting an ICMP rule 8-47
elements and descriptions (table) 8-45
inserting or editing 8-44
interfaces 8-4
adding or editing an interface 8-4
deleting 8-16
elements and descriptions (table) 8-10
importing 8-16
polling a FWSM for VLAN information 8-19
interfacesPPPoE configuration, deploying 8-10
Secure Shell 8-33
adding or editing SSH 8-33
applying SSH 8-33
deleting SSH 8-36
elements and descriptions (table) 8-35
SNMP 8-36
adding or editing an SNMP rule 8-38
configuring MIBs 8-36
configuring OIDs 8-37
configuring traps 8-37
elements and descriptions (table) 8-40
SNMP client information, deleting 8-43
SNMP management Station, applying settings to 8-38
Telnet, configuring 8-29
adding or editing a rule 8-30
applying a rule 8-29
deleting a rule 8-32
elements and descriptions (table) 8-31
devices
configuration files, importing for devices 7-1
creating 7-13
groups (see device groups) 6-11
importing 7-1
important information about 7-3
managing 7-19
moving 7-20
renaming 7-19
devices, setting up
configuration files, importing for multiple devices
import status information, viewing 7-18
devices and groups, setting up
configuration files, importing for multiple devices 7-8
multiple firewall configurations, importing from a CSV file 7-10
Sample CSV Format Table 7-12
DHCP Servers
Discarded activity state 4-14
discarding an activity 4-25
documentation xxiv
audience for this xxiii
feedback, submitting electronically xxix
obtaining xxviii
other Cisco publications and information xxxi
related to this product xxvi
typographical conventions in xxiii
dynamic translation rules, configuring 12-21
adding or editing 12-21
dynamic NAT, understanding 12-10
Dynamic NAT IP Address Conversion (figure) 12-11
dynamic PAT, understanding 12-13
PAT IP Address Conversion (figure) 12-14
E
Easy VPN Mangement 17-5
Easy VPN Remote 17-1
Edit_Open activity state 4-13
Edit activity state 4-13
editing
fragment in the Fragments feature 8-63
ICMP interface rule 8-44
network interface 8-4
SNMP rule 8-38
SSH 8-33
Telnet rule 8-30
Ending Commands feature, configuring 13-3
environment, preparing 3-1
administrative model, selecting 3-2
Cisco Secure ACS roles and privileges 3-3
authentication mode, selecting 3-2
Cisco Secure ACS roles and privileges 3-3
CiscoWorks Server roles, and Firewall MC privileges 3-3
global Firewall MC controls, configuring 3-15
deployment controls 3-25
feature tracking controls 3-30
import controls 3-29
management controls 3-16
object grouping controls 3-33
workflow mode, selecting 3-6
workflow elements and descriptions (table) 3-14
workflow process, understanding 3-6
error messages
activity 4-26
deployment, understanding 15-16
device or device group is locked by activity 4-28
error 404 Page not found A-22
failed to contact host A-22
invalid activity action 4-29
no changes can be made within the open activity... 4-28
operation failed... 4-29
you must approve or discard all existing activities... 4-29
F
failover
about PIX Firewall failover 18-2
configuring settings 18-23
dual-chassis configuration (figure) 18-17
failover interface, inserting or editing 18-23
LAN-based 18-23
overview 18-23
PIX Firewall
migrating from serial to LAN-based 18-9
PIX Firewalls, configuring 18-4
single chassis configuration (figure) 18-16
stateful
configuring PIX Firewall failover pairs 18-2
definition 18-23
stateless, configuring PIX Firewall failover pairs 18-2
feature tracking 3-30
feature tracking controls, configuring 3-30
elements and descriptions (table) 3-31
firewall
firewall device administration
firewall device contact info, configuring 8-23
applying info 8-24
elements and descriptions (table) 8-25
Firewall MC
authentication with AUS A-12
changing, enable password A-13
communicating
Control feature
starting (see getting started with Firewall MC) 1-1
wizards
Firewall MC Wizard Elements (figure) 1-14
using 1-13
firewall mc software requirements A-6
Fixups feature, configuring
basic Fixups 8-72
applying fixups 8-72
elements and descriptions (table) 8-73
multimedia Fixups 8-75
applying fixups 8-76
elements and descriptions (table) 8-77
Flood Guard feature, configuring 8-80
elements and descriptions (table) 8-81
enabling Flood Guard 8-80
Fragments, configuring 8-63
adding or editing a fragment 8-63
deleting a fragment from the Fragments feature 8-65
elements and descriptions (table) 8-64
FSWM (Firewall Services Module)
polling for VLAN information 8-19
FWSM (Firewall Services Module)
configuring failover pairs 18-11
failover pairs, configuring 18-15
FWSM (Firewall Services Modules)
bootstrapping 5-13
existing configurations
G
General_Open activity state 4-13
generating a configuration file 14-2
getting started with Firewall MC 1-1
CiscoWorks Server desktop, logging in to 1-1
CiscoWorks Server Login Window (figure) 1-2
concepts
configuration hierarchy 6-10
Sample Group Hierarchy (figure) 6-11
Desktop with Firewall MC Drawer Displayed (figure) 1-3
home page (figure) 1-4
starting 1-3
user interface, understanding 1-5
Firewall MC Basic GUI Elements (figure) 1-6
Firewall MC Object Selector Elements (figure) 1-11
Firewall MC Table Elements (figure) 1-12
Firewall MC wizards 1-13
GUI 1-6
object selector 1-11
global Firewall MC controls, configuring 3-15
deployment controls 3-25
feature tracking 3-30
import 3-29
management controls 3-16
object grouping 3-33
groups (see device groups) 6-11
GUI (graphic user interface)
H
help xxix
(see also troubleshooting) A-1
supported operating systems A-5
Support feature, using A-7
TAC xxx
Windows 2000 and Windows 2000 Advanced Server support A-5
HTTPS (SSL), configuring 8-26
deleting a rule 8-29
elements and descriptions (table) 8-28
rules, adding or editing 8-27
I
ICMP interface rules, configuring 8-43
deleting an ICMP rule 8-47
elements and descriptions (table) 8-45
inserting or editing 8-44
icons
generate summary (table) 15-8
in activity bar (table) 1-9
padlocks,understanding 4-4
IDS policy, configuring 8-55
applying a policy 8-55
elements and descriptions (table) 8-56
IDS signatures
applying signatures 8-59
elements and descriptions (table) 8-60
IDS signatures, configuring 8-58
import controls, configuring 3-29
elements and descriptions (table) 3-30
import directory, setting up 3-29
importing an interface 8-16
importing configuration files
for devices 7-8
for multiple devices 7-8
from devices 7-16
importing devices 7-1
devices, creating 7-13
import type, selecting 7-2
Import Types (table) 7-2
important information about 7-3
importing multiple firewall configurations from a CSV file 7-10
inheritance 6-1
inherited settings (default settings) 6-3
installing
application server, terminal services A-6
remote administrator, terminal services A-6
interface, user
interfaces
adding 8-4
configuring 8-4
deleting 8-16
editing 8-4
importing 8-16
VLAN information, polling a FWSM for 8-19
J
jobs 15-17
jobs, approving 3-11
jobs, understanding 3-9
L
LOCAL AAA group, note on 10-30
locking, understanding 4-2
logging level for device-level monitoring, configuring 16-24
log settings for firewall devices, specifying 16-6
elements and descriptions (table) 16-7
Syslog Facility settings 16-8
syslog traffic 16-6
M
management controls, configuring 3-16
elements and descriptions (table) 3-19
setting 3-16
mandatory
mapping
MDCSupport command A-8
monitoring and reporting 16-1, 16-4
administrative activity reports, viewing 16-29
activity page columns and descriptions (table) 16-31
saving as XML files 16-30
audit records of administrative events, retaining 16-27
device monitoring checklist 16-2
logging level for device-level monitoring, configuring 16-24
log settings for firewall devices, specifying 16-6
elements and descriptions (table) 16-7
Syslog Facility settings 16-8
syslog traffic, enabling 16-6
syslog message list, refining 16-15
ACL syslog setting elements and descriptions (table) 16-19
enabling or disabling a message by ID 16-16
enhanced audit data for firewall rules, generating 16-17
leve, reassinging 16-15
rate limit elements and descriptions (table) 16-23
rate limit for a message, deleting 16-23
rate limit level elements and descriptions (table) 16-21
rate limit level for a FSWM, configuring 16-20
rate limit of individual messages, configuring 16-21
multiple firewall configurations, importing from a CSV file
Sample CSV Format (table) 7-12
N
NAT (Network Address Translation)
dual, understanding 12-12
dynamic, understanding 12-10
Dynamic NAT IP Address Conversion (figure) 12-11
static, understanding 12-8
network objects 10-9
adding or editing 10-20
deleting 10-23
service definitions
O
object grouping controls, configuring 3-33
elements and descriptions (table) 3-33
object grouping information, setting 3-33
Object Selector 1-11
opening
opening an existing activity 4-23
outbound list, converting (see conduits and outbound list conversion tool) 7-6
overview of Firewall MC
key concepts
configuration hierarchy 6-10
Sample Group Hierarchy (figure) 6-11
P
padlock icons, understanding 4-4
password
passwords, configuring 8-20
elements and descriptions (table) 8-22
notes, restrictions 8-20
setting 8-21
PAT (Port Address Translation), dynamic, understanding 12-13
permissions for users (see user roles and permissions) B-1
PIX Firewall
PIX Firewalls
bootstrapping 5-2
failover, configuring 18-4
multiple, bootstrapping (scenario)
configuration, verifying 5-12
procedure 5-2
when to bootstrap 5-2
PPPoE configuration, deploying 8-10
proxy ARPs (Address Resolution Protocols)
R
Rejected activity state 4-14
rejecting or approving activities 4-22
reporting (see monitoring and reporting) 16-1
restoring
ReverseGenerate_Open activity state 4-13
review, submitting activities for 4-19
RIPs (Routing Information Protocols)
configuring 9-9
field-level elements 9-12
rules
Version 2 notes 9-9
rollback 15-29
routing
configuring 9-1
proxy ARPs
RIPs
adding or editing a rule 9-10
configuring 9-9
deleting a RIP rule 9-12
Version 2 notes 9-9
static routes
adding 9-4
configuring 9-4
deleting 9-6
editing 9-4
summary information for, verifying 9-6
routing rules
rules
concepts of
default 6-8
dynamic (see dynamic translation rules) 12-21
mandatory 6-8
order, how A-23
RIP 9-10
routing 9-1
static (see static translation rules) 12-8
translation, configuring 12-1
troubleshooting
S
scope (see configuration hierarchy) 6-10
Secure Shell, configuring 8-33
adding or editing SSH 8-33
applying SSH 8-33
deleting SSH 8-36
elements and descriptions (table) 8-35
Security Monitor
device monitoring checklist 16-2
log traffic, directing to 16-8
security policies
servers and services
AUS
DCHP servers
TFTP servers
URL filtering servers
VPN client
service definitions
service groups, configuring 10-27
services
settings
settings, configuring
additions for this release, configuring 13-1
Beginning Commands feature 13-2
Ending Commands feature 13-3
Configuration Hierarchy and Settings Attributes (figure) 6-3
default 6-3
Default Settings Diagram (figure) 6-5
failover (see failover) 18-23
mandatory settings 6-5
Mandatory Settings Diagram (figure) 6-6
routing (see routing) 9-1
settings,configuring
SNMP, configuring 8-36
adding or editing an SNMP rule 8-38
configuring MIBs 8-36
configuring OIDs 8-37
configuring traps 8-37
elements and descriptions (table) 8-40
SNMP client information, deleting 8-43
SNMP Management Station, applying settings to 8-38
SSH (see Secure Shell) 8-33
SSL certificate
starting Firewall MC 1-3
stateful failover 18-2
stateless failover 18-2
states of activity 4-13
static routes
configuring 9-4
defined 9-1
deleting 9-6
editing 9-4
field-level elements 9-7
static route summary information, verifying 9-6
static translation rules, configuring 12-8
adding or editing 12-16
static NAT, understanding 12-8
static PAT, understanding 12-13
static translation rule, entering 12-21
Submitted_Open activity state 4-13
Submitted activity state 4-13
supported operating systems A-5
Support tool
Syslog Facility settings, specifying 16-8
elements and descriptions (table) 16-10
syslog traffic 16-6
syslog message list, refining 16-15
ACL syslog setting elements and descriptions (table) 16-19
enabling or disabling a message by ID 16-16
enhanced audit data for firewall rules, generating 16-17
level, reassinging 16-15
rate limit
elements and descriptions (table) 16-23
for a message, deleting 16-23
level, elements and descriptions (table) 16-21
level, for a FWSM, configuring 16-20
of individual messages, configuring 16-21
system requirement
T
table elements
TAC (Technical Assistance Center) xxx
TCP Options feature, configuring 8-65
applying TCP options 8-65
elements and descriptions (table) 8-67
technical support xxix
technical support, obtaining
(see also troubleshooting) A-1
Support feature, using A-7
Telnet, configuring 8-29
adding or editing a rule 8-30
deleting a rule 8-32
elements and descriptions (table) 8-31
rule, applying 8-29
terminal services
installing in application server mode A-6
installing in remote administrator mode A-6
TFTP servers
Timeout feature, configuring 8-69
applying a timeout 8-69
elements and descriptions (table) 8-70
translation rules
configuring
general guidelines 12-1
important information about 12-3
dynamic, configuring 12-21
adding or editing 12-21
dynamic NAT, understanding 12-10
Dynamic NAT IP Address Conversion (figure) 12-11
dynamic PAT, understanding 12-13
PAT IP Address Conversion (figure) 12-14
NAT 12-1
PAT 12-1
static, configuring 12-8
rule data, entering 12-21
rules, adding or editing 12-16
static NAT, understanding 12-8
static PAT, understanding 12-13
troubleshooting
AAA services
access rules
activity transition warning messages 4-30
anti-spoofing and stopping traffic 8-61
authenticating
Firewall MC/AUS with a PIX A-13
Firewall MC and AUS A-12
commands sets
conduits and outbound list conversion tool use 7-7
error messages 4-26
device or device group is locked by activity 4-28
error 404 Page not found A-22
failed to contact host A-22
invalid activity action 4-29
logout error message number 500 A-21
No activity is open 4-26
no changes can be made within the open activity... 4-28
Operation failed... 4-29
You must approve or discard all existing activities... 4-29
Firewall MC A-1
activities, unlocking A-16
activity bar and Activity Management table showing different status A-17
communicating with AUS A-19
configuration files, and rules for PIX Firewalls A-18
configuration files, importing A-15
configuration files that use conduits, deploying A-18
control when a checkpoint occurs A-20
credential errors A-18
CSV file, setting up A-16
deployment, stopping a job A-17
deployment failure A-18
determine deployment status to AUS A-22
device not updated in deployment to AUS A-19
failed to contact host A-22
Firewall MC server not responding A-11
Firewall MC unavailable during a checkpoint A-20
jobs, stopping deployment of A-17
PDM and encryption support messages A-20
removing activities A-21
scope locked but activity is in Edit_Open state A-17
trouble switching between CiscoWorks and TACACS+ A-22
verifying login role privileges A-15
Firewall MC/AUS with a PIX
Firewall MC 1.2, AAA rules, upgrading to A-10
firewall mc software requirements A-6
installing with Microsoft IIS, issues A-7
locks, unlocking A-16
password information, user A-10
privileges
username and password A-12
rules
security and internal DNS servers 12-9
services
SSL certificate
supported operating systems A-5
switching between CiscoWorks and TACACS+ A-22
to firewall MC 1.2, upgrading A-9
upgrade to Firewall MC 1.2, AAA rules A-10
username and password
user password information A-10
valid DNS entry A-5
Windows 2000 and Windows 2000 Advanced Server support A-5
Turbo ACLs
Turbo ACLs elements and descriptions 11-36
typographical conventions in this document xxiii
U
undoing an activity 4-25
unique identity
upgrade
URL filtering servers
user environments (see environment, preparing) 3-1
user roles and permissions B-1
ACS Permission Types (table) B-9
Cisco Secure Access Control Server, and B-6
CiscoWorks Server roles, and Firewall MC privileges B-2
Example of Firewall MC Roles and Descriptions Using ACS (table) B-8
Firewall MC roles and privileges using ACS (table) B-9
V
valid DNS entry
versioning (see feature tracking) 3-30
viewing
VLAN information, polling a FWSM for 8-19
VPN client
W
warnings, significance of xxiv
web filter rules 11-3
Websense, important information on 7-22
Windows 2000 and Windows 2000 Advanced Server support A-5
wizards (see Firewall MC wizards) 1-13
workflow
deploying
disabled (default), important note about 4-5
enabled, managing activities with 4-7
workflow mode
approval phase 3-10
selecting 3-6
workflow elements and descriptions (table) 3-14
understanding 3-6
workflow disabled 3-7
workflow enabled 3-8
workflow options, setting 3-12
worksheets
FWSM bootstrapping information 5-15
PIX Firewall bootstrapping information 5-3
