03 思科防火墙基本配置.pptVIP

* * * * * * * * * * * * * * * * * * * * Customize Syslog Output fw1(config)# logging trap warnings fw1(config)# logging message 302013 level 4 fw1(config)# logging message 302014 level 4 logging message syslog_id level level firewall(config)# Enables you to change the level of specific syslog messages fw1(config)# no logging message 710005 no logging message syslog_id firewall(config)# Disallows unwanted syslog messages show logging Command Syslog Server 1 Syslog Messages fw1 Internal Buffer fw1(config)# show logging Syslog logging: enabled Facility: 20 Timestamp logging: enabled Standby logging: disabled Ambiguous interface parameters: 97 Console logging: disabled Monitor logging: disabled Buffer logging: level warnings, 0 messages logged Trap logging: level warnings, facility 20, 0 messages logged Logging to inside 1 History logging: disabled Device ID: fw1 Mail logging: disabled PDM logging: disabled Internet Summary Cisco security appliances have four administrative access modes: unprivileged, privileged, configuration, and monitor. Interfaces with a higher security level can access interfaces with a lower security level, but interfaces with a lower security level cannot access interfaces with a higher security level unless given permission. The security appliance show commands help you manage the security appliance. Summary (Cont.) The basic commands that are necessary to configure Cisco security appliances are the following: interface, nameif, nat, global, and route. The nat and global commands work together to translate IP addresses. The security appliance can send syslog messages to a syslog server. The security appliance can function as a DHCP client. 192.168.Q.0 192.168.P.0 Lab Visual Objective Student PC .2 .1 .1 Student PC Security Appliance Web or FTP,Cisco Secure ACS, and Syslog .1 .2 .1 Security Appliance .1 Local: 10.0.P.11 Local: 10.0.Q.11 10.0.P.0 10.0.Q.0 RTS .100 RTS .100 Pod