|
|
Not all PIX Firewall commands are supported by Cisco Secure Policy Manager. This section describes the current command support, identifying any limitations, and explains how you can use unsupported commands in conjunction with the GUI client. The following table lists the PIX Firewall commands and the level of support within Cisco Secure Policy Manager.
Enables or disables TACACS+ or RADIUS user authentication, authorization, and accounting. Cisco Secure Policy Manager does not generate the command, but the command can be supported using the Command panel on the PIX Firewall node.
Allows to personalize the AAA challenge text. Cisco Secure Policy Manager does not generate the command, but the command can be supported using the Command panel on the PIX Firewall node.
Implements dual NAT for overlapping addresses. Current status: supported for mapping the external addresses to alias addresses. Not supported for DNS lookup fixup.
Updates PIX Firewall address resolution protocol (ARP) cache and sets the timeout value for ARP sessions.
Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Creates conduits through the firewall for incoming connections. Current status: supported including selective ICMP.
Clears or merges current configuration with the configuration on a floppy disk or in Flash memory. This command starts a PIX Firewall configuration session.
Supported for configuration over a Telnet session (terminal).
Shows debug packets or ICMP tracings. Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Exits the privileged mode. Not applicable. Cisco Secure Policy Manager uses the PIX Firewall Manager (PFM) port for control connection.
Starts the privileged (administrative) mode. It also is used as a back door for the aaa authentication serial console command in the event that the authentication server is off line.
Cisco Secure Policy Manager uses the PFM port for control connection and uses the enable password to engage the privileged mode.
Changes the privileged mode password. Cisco Secure Policy Manager does not generate this command; however, you can use the Command panel on the associated PIX Firewall to change the password.
Allows return connections based on an established connection. This command is intended to support nonstandard applications. Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Exits PIX Firewall access mode. Not applicable. Cisco Secure Policy Manager uses the PFM port for control connection.
Establishes the PIX Firewall failover feature. Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Enables URL filtering for use with WebSENSE servers. Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Enables and disables a PIX Firewall application protocol feature. An option new in PIX Firewall version 4.2 enables you to distinguish between plugs and application protocol filters that listen on the same port.
Fully supported. Automatically enabled by the control agent on devices that support this feature.
Lets you reclaim PIX Firewall resources if the user authentication (uauth) subsystem runs out of resources. If an inbound or outbound uauth connection is being attacked or overused, the PIX Firewall will actively reclaim TCP user resources.
When the resources deplete, the PIX Firewall lists messages about it being out of resources or out of TCP users. Fully supported. Use the Settings 1 panel on the PIX Firewall node.
Creates entries in the pool of global addresses. Fully supported. Defined in the Mapping panel.
Refreshes the Flash memory card. Prevents Flash memory overflow when new configurations are appended. Requires that 2 MB of Flash memory be installed.
Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Displays help information about the PIX Firewall commands when used at the CLI prompt. Cisco Secure Policy Manager does not generate this command.
Changes the hostname in the PIX Firewall command line prompt. Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Identifies network interface speed and duplex. This is a mandatory item in PIX Firewall configurations. PIX Firewall allocates more internal buffers based on higher line speeds.
Fully supported. Defined in the Interfaces panel of the PIX Firewall node.
Defines IP address of the PIX Firewall. Fully supported. Defined in the Interfaces panel of the PIX Firewall node.
Terminates another Telnet session to PIX Firewall. Irrelevant for firewall policy management. Current status: N/A.
Creates Private Link connection to a remote PIX Firewall. Private Link is a proprietary secure protocol between PIX Firewalls (versions 4.2 and later).
Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Sets PIX Firewall logging parameters. Fully supported. Use the Settings 1 panel on the PIX Firewall node.
Sets maximum transmission unit (MTU) for an interface. Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Associates text names with IP addresses. These names have no connection with DNS names. The PIX Firewall manual suggests to exercise caution when using this feature.
Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Names the PIX Firewall interfaces. Fully supported. Defined in the Interfaces panel of the PIX Firewall node.
Associates a network with a pool of global IP addresses. Current status: supported except for the randomization flag.
Creates access control lists for outbound traffic. Fully supported. Defined in security policies.
Enables PIX Firewall console screen paging. Irrelevant for firewall policy management. Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Sets password for Telnet and PIX Firewall Manager access to the firewall console. Cisco Secure Policy Manager does not generate this command; however, you can use the Command panel on the associated PIX Firewall to change the password.
Pings a specified IP address. This command is used for configuration testing. Irrelevant for firewall policy management.
Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Specifies a RADIUS server for use with the aaa command. Cisco Secure Policy Manager does not generate the command, but the command can be supported using the Command panel on the PIX Firewall node.
Reboots and reloads the configuration. This command is not applicable to Cisco Secure Policy Manager because it performs a sequence of clear commands (such as clear nat and clear route) to clear the existing command sets.
Enables routing table updates from RIP broadcasts. Fully supported. Use the Settings button in the Interfaces panel for a selected interface object.
Specifies a static or a default route for the interface. Fully supported. Use the Routes panel on a selected PIX Firewall node.
Allows the PIX Firewall to include the RST (reset) header in the packets returned to the source. Used to reset IDENT connections. Without this option, the PIX Firewall drops the packets and does not return any information to the source.
Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Allows you to specify IOS commands on the AccessPro router console when the router is installed on the PIX Firewall.
Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Allows you to view PIX Firewall configuration information. Utilized by the PIX Firewall configuration loader. Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Provides SNMP event information for the logging command. Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Maps a local IP address to a global IP address. Current status: supported except for the randomization flag.
Replaced by the logging command. Current status: supported using the Settings 1 panel on a PIX Firewall node.
Specifies a TACACS+ server for use with the aaa command. Cisco Secure Policy Manager does not generate the command, but the command can be supported using the Command panel on the PIX Firewall node.
Allows an inside IP address to access a PIX Firewall over Telnet. Fully supported. To define additional hosts, you must place the host node in the Security Policy Enforcement branch and apply a security policy to that node that permits Telnet to the firewall interface or IP address.
Changes console terminal state. Allows you to enable or disable displaying syslog messages in the current session for either Telnet or the serial console. You can regulate your environment without affecting other console users. The logging monitor command regulates all console users. Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Specifies the IP address of the TFTP configuration server for the configure net command. Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Sets timeout interval for various protocols and PIX Firewall connection slots. Fully supported.
Deletes all authorization caches for authenticated users. Authentication and authorization services are established using the aaa command.
Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Specifies a WebSENSE server for use with the filter command. Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Sets WebSENSE URL caching mode and cache size. Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Specifies a fictitious address to which web user authentication is redirected. Used in conjunction with the aaa command. Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Shows active administrative Telnet sessions on the PIX Firewall. Cisco Secure Policy Manager does not generate this command, but the command can be supported using the Command panel on the PIX Firewall node.
Stores a PIX Firewall configuration. Fully supported.
Clears translation slot information. Removes address translation information after changing or removing alias, static, and global commands when merging two PIX Firewall configurations. Fully supported.
Posted: Mon Jun 5 19:57:16 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.