The security level designates whether an interface is trusted, and more
protected, or untrusted, and less protected, relative to another interface. An
interface is considered trusted in relation to another interface if its
security level is higher than the security level of the other interface, and is
considered in relation to another interface if its security level is lower than
the security level of the other interface.
The primary rule for security
levels is that an interface with a higher security level can access an
interface with a lower security level. Conversely, an interface with a lower
security level cannot access an interface with a higher security level without
an access control list (ACL). Security levels range from 0 to 100. The rollover
text in Figure
documents the
specific rules for these security levels.
The following are examples of
different interface connections between the PIX Security Appliance and other
perimeter devices:
- Higher security level interface to a lower security level interface – For
traffic originating from the inside interface of the PIX with a security level
of 100 to the outside interface of the PIX with a security level of 0, all
IP-based traffic is allowed unless it is restricted by ACLs, authentication, or
authorization.
- Lower security level interface to a higher security level interface – For
traffic originating from the outside interface of the PIX with a security level
of 0 to the inside interface of the PIX with a security level of 100,all
packets are dropped unless specifically allowed by an
access-list command. The traffic can be restricted further
if authentication and authorization is used.
- Same secure interface to a same secure interface – No traffic flows between
two Interfaces with the same security level.
 |
NOTE:
The PIX Security Appliance can support up to fourteen interfaces
depending on the model and license.
|