PIX Commands

PIX Firewall Commands
pixfirewall(config)# ?
At the end of show <command>, use the pipe character '\|' followed by: begin\|include\|exclude\|grep [-v] <regular_exp>, to filter show output.
aaa	Enable, disable, or view TACACS+, RADIUS or LOCAL user authentication, authorization and account
aaa-server	Define AAA Server group
access-group	Bind an access-list to an interface to filter inbound traffic
access-list	Add an access list
activation-key	Modify activation-key.
age	This command is deprecated. See ipsec, isakmp, map, ca commands
alias	Administer overlapping addresses with dual NAT.
apply	Apply outbound lists to source or destination IP addresses
arp	Change or view arp table, set arp timeout value, view statistics
auth-prompt	Customize authentication challenge, reject or acceptance prompt
auto-update	Configure auto update support
banner	Configure login/session banners
ca	CEP (Certificate Enrollment Protocol) Create and enroll RSA key pairs into a PKI (Public Key Infrastructure).
capture	Capture inbound and outbound packets on one or more interfaces
clock	Show and set the date and time of PIX
conduit	Add conduit access to higher securi
configure	Configure from terminal, floppy, memory, network, or factory-default. The configuration will be merged with the active configuration except for factory-default in which case the active configuration is cleared first.
copy	Copy image or PDM file from TFTP server into flash.
console	Set idle timeout for the serial console of the PIX
cpu	Display cpu usage and cpu profiling operations
Crashinfo	Read, write and configure crash write to flash. Force a crash.
crypto	Configure IPsec, IKE, and CA
debug	Debug packets or ICMP tracings through the PIX Firewall.
dhcpd	Configure DHCP Server
dhcprelay	Configure DHCP Relay Agent
disable	Exit from privileged mode
domain-name	Change domain name
dynamic-map	Specify a dynamic crypto map template
eeprom	show or reprogram the 525 onboard i82559 devices
enable	Configure enable passwords
established	Allow inbound connections based on established connections
failover	Enable/disable PIX failover feature to a standby PIX
filter	Enable, disable, or view URL, FTP, HTTPS, Java, and ActiveX filtering
fixup	Add or delete PIX service and feature defaults
flashfs	Show, destroy, or preserve filesystem information
fragment	Configure the IP fragment database
global	Specify, delete or view global address pools, or designate a PAT(Port Add
help	Help list
hostname	Change host name
http	Configure HTTP server
icmp	Configure access for ICMP traffic that terminates at an interface
interface	Set network interface paremeters and configure VLANs
ip	Set the ip address and mask for an interface Define a local address pool Configure Unicast RPF on an interface Configure the Intrusion Detection System
ipsec	Configure IPSEC policy
isakmp	Configure ISAKMP policy
kill	Terminate a telnet session
logout	Exit from current user profile, and to unprivileged mode
logging	Enable logging facility
mac-list	Add a list of mac addresses using first match search
map	Configure IPsec crypto map
memory	System memory utilization
mgcp	Configure the Media Gateway Control Protocol fixup
management-access	Enable access to internal management interface
mroute	Configure a m
mtu	Specify MTU(Maximum Transmission Unit) for an interface
multicast	Configure multicast on an interface
name	Associate a name with an IP address
nameif	Assign a name to an interface
names	Enable, disable or display IP address to name conversion
nat	Associate a network with a pool of global IP addresses
ntp	Configure Network Time Protocol
object-group	Create an object group for use in 'access-list', 'conduit', etc
outbound	Create an outbound access list
pager	Control page length for pagination
passwd	Change Telnet console access password
pdm	Configure PIX Device Manager
ping	Test connectivity from specified interface to <ip>
prefix-list	Configure a prefix-list
privilege	Configure/Display privilege levels for commands
quit	Quit from the current mode, end configuration or logout
reload	Halt and reload system
rip	Broadcast default rout
route	Enter a static route for an interface
route-map	Create a route-map.
router	Create/configure OSPF routing process
routing	Configure interface specific unicast routing parameters.
service	Enable system services
setup	Pre-configure PIX
shun	Manages the filtering of packets from undesired hosts
sip	Configure IP Address Privacy, show the current data stored for each SIP session.
snmp-server	Provide SNMP and event information
snmp	Configure the SNMP fixup
ssh	Add SSH access to PIX console, set idle timeout, display list of active SSH sessions & terminate a SSH session
static	Configure one-to-one address translation rule
sysopt	Set system functional option
telnet	Add telnet access to PIX console and set idle timeout
terminal	Set terminal line parameters
tftp-server	Specify default TFTP server address and directory
timeout	Set the maximum idle times
url-cache	Enable URL caching
url-block	Enable URL pending block buffer and long URL support
url-server	Specify a URL filter server
username	Configure user authentication local database
virtual	Set address for authentication virtual servers
vpdn	Configure VPDN (PPTP, L2TP, PPPoE) Policy
vpnclient	Configure Easy VPN Remote
vpngroup	Configure group settings for Cisco VPN Clients and Cisco Easy VPN Remote products
who	Show active administration sessions on PIX
write	Write config to net, flash, floppy, or terminal, or erase flash
pixfirewall(config)#

PIX Firewall Commands

pixfirewall(config)# ?

At the end of show <command>, use the pipe character '|' followed by:
begin|include|exclude|grep [-v] <regular_exp>, to filter show output.

aaa

Enable, disable, or view TACACS+, RADIUS or LOCAL
user authentication, authorization and account

aaa-server

Define AAA Server group

access-group

Bind an access-list to an interface to filter inbound traffic

access-list

Add an access list

activation-key

Modify activation-key.

age

This command is deprecated. See ipsec, isakmp, map, ca commands

alias

Administer overlapping addresses with dual NAT.

apply

Apply outbound lists to source or destination IP addresses

arp

Change or view arp table, set arp timeout value, view statistics

auth-prompt

Customize authentication challenge, reject or acceptance prompt

auto-update

Configure auto update support

banner

Configure login/session banners

CEP (Certificate Enrollment Protocol)
Create and enroll RSA key pairs into a PKI
(Public Key Infrastructure).

capture

Capture inbound and outbound packets on one or more interfaces

clock

Show and set the date and time of PIX

conduit

Add conduit access to higher securi

configure

Configure from terminal, floppy, memory, network, or
factory-default. The configuration will be merged with the
active configuration except for factory-default in which case
the active configuration is cleared first.

copy

Copy image or PDM file from TFTP server into flash.

console

Set idle timeout for the serial console of the PIX

cpu

Display cpu usage and cpu profiling operations

Crashinfo

Read, write and configure crash write to flash. Force a crash.

crypto

Configure IPsec, IKE, and CA

debug

Debug packets or ICMP tracings through the PIX Firewall.

dhcpd

Configure DHCP Server

dhcprelay

Configure DHCP Relay Agent

disable

Exit from privileged mode

domain-name

Change domain name

dynamic-map

Specify a dynamic crypto map template

eeprom

show or reprogram the 525 onboard i82559 devices

enable

Configure enable passwords

established

Allow inbound connections based on established connections

failover

Enable/disable PIX failover feature to a standby PIX

filter

Enable, disable, or view URL, FTP, HTTPS, Java, and ActiveX filtering

fixup

Add or delete PIX service and feature defaults

flashfs

Show, destroy, or preserve filesystem information

fragment

Configure the IP fragment database

global

Specify, delete or view global address pools,
or designate a PAT(Port Add

help

Help list

hostname

Change host name

http

Configure HTTP server

icmp

Configure access for ICMP traffic that terminates at an interface

interface

Set network interface paremeters and configure VLANs

Set the ip address and mask for an interface
Define a local address pool
Configure Unicast RPF on an interface
Configure the Intrusion Detection System

ipsec

Configure IPSEC policy

isakmp

Configure ISAKMP policy

kill

Terminate a telnet session

logout

Exit from current user profile, and to unprivileged mode

logging

Enable logging facility

mac-list

Add a list of mac addresses using first match search

map

Configure IPsec crypto map

memory

System memory utilization

mgcp

Configure the Media Gateway Control Protocol fixup

management-access

Enable access to internal management interface

mroute

Configure a m

mtu

Specify MTU(Maximum Transmission Unit) for an interface

multicast

Configure multicast on an interface

name

Associate a name with an IP address

nameif

Assign a name to an interface

names

Enable, disable or display IP address to name conversion

nat

Associate a network with a pool of global IP addresses

ntp

Configure Network Time Protocol

object-group

Create an object group for use in 'access-list', 'conduit', etc

outbound

Create an outbound access list

pager

Control page length for pagination

passwd

Change Telnet console access password

pdm

Configure PIX Device Manager

ping

Test connectivity from specified interface to <ip>

prefix-list

Configure a prefix-list

privilege

Configure/Display privilege levels for commands

quit

Quit from the current mode, end configuration or logout

reload

Halt and reload system

rip

Broadcast default rout

route

Enter a static route for an interface

route-map

Create a route-map.

router

Create/configure OSPF routing process

routing

Configure interface specific unicast routing parameters.

service

Enable system services

setup

Pre-configure PIX

shun

Manages the filtering of packets from undesired hosts

sip

Configure IP Address Privacy, show the current data stored for
each SIP session.

snmp-server

Provide SNMP and event information

snmp

Configure the SNMP fixup

ssh

Add SSH access to PIX console, set idle timeout, display
list of active SSH sessions & terminate a SSH session

static

Configure one-to-one address translation rule

sysopt

Set system functional option

telnet

Add telnet access to PIX console and set idle timeout

terminal

Set terminal line parameters

tftp-server

Specify default TFTP server address and directory

timeout

Set the maximum idle times

url-cache

Enable URL caching

url-block

Enable URL pending block buffer and long URL support

url-server

Specify a URL filter server

username

Configure user authentication local database

virtual

Set address for authentication virtual servers

vpdn

Configure VPDN (PPTP, L2TP, PPPoE) Policy

vpnclient

Configure Easy VPN Remote

vpngroup

Configure group settings for Cisco VPN Clients and
Cisco Easy VPN Remote products

who

Show active administration sessions on PIX

write

Write config to net, flash, floppy, or terminal, or erase flash

pixfirewall(config)#