Firewall CLI Commands
2/1553-ZAT 759 94 Uen B – December 2005
221
10.3 firewall
set
securitylevel
10.3.1 Syntax
firewall set securitylevel
{none|high|medium|low|userdefined <slevel>}
10.3.2 Description
This command allows you to set which security level is used by the Firewall.
There are four default security levels (none, high, medium and low) that
contain different security configuration information for each interface
connection.
Selecting a security level deletes the previous security level and any portfilters
set, and replaces them with the newly selected level.
The factory default setting
none
is not a security level. It is a blank firewall
configuration that allows you to add your own portfilters to policies, using the
command
firewall add portfilter
. These manually configured
portfilters are stored in the
im.conf
file.
Explicitly setting the security level to
none
sets a security level that does not
contain any policies or portfilters. Note that if you create portfilters and store
them in the
im.conf
file, then select
none
(or any other security level), all of
your manually configured portfilters will be deleted and replaced with this level.
The user-defined option allows you to select a security configuration that you
have previously created.
There are three types of interface connections:
•
Between the external interface and internal interface.
•
Between the external interface and the de-militarized zone (DMZ).
•
Between the DMZ and the internal interface.
You can add your own firewall portfilters to a security level by using the firewall
add portfilter command. If you then save your configuration using the
system
config save
command, these additional filters are saved with the default
level and are restored on reboot.