Interfaces and Security Levels

Each interface in an ASA firewall must have a physical name, a logical name, a security level, and an IP address. Interfaces may also be configured for features such as speed and duplex mode.


All model ASAs can be configured to run in transparent mode. In this mode, the ASA becomes a bridge and a bump on the wire, which is, in my opinion, about the dumbest description ever. Transparent mode is available so that you can drop your firewall into an existing network without renumbering any part of it. With only an IP address for management, a transparent firewall seems like the perfect solution.

I’m sure I’ll get heat for this, but I recommend that you don’t use transparent mode. Every installation I’ve ever seen where transparent mode ASAs or PIXes were involved has been a disaster. Why? Because the proper solution involved redesigning the network, and no one was willing to spend the time and/or money to do so. Transparent firewalls allow a solution to be shoe-horned into a network that wasn’t designed for a firewall. Do yourself a favor and insist that the network be redesigned to support the traditional Layer-3 firewall model instead of using transparent mode.

On the ASA 5540, the standard physical interfaces are G0/0 through G0/3. An expansion card can be installed to add interfaces, which are numbered incrementally starting at G1/0. Each interface must be assigned a logical name. There are no default names for interfaces on an ASA, but inside and ...

Get Network Warrior, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.