The ability to view and save the PIX firewall configuration is a vital part of setup and troubleshooting. The following section covers several of the most common commands. Here's a preview of them:
The show startup CommandThe show startup and show configure commands both display configurations saved in flash memory. These configurations are loaded into RAM during bootup . The following displays only the first eight lines of the output from the show startup command: pixfirewall# show startup : Saved : Written by enable_15 at 04:55:12.917 UTC Wed Apr 2 2003 PIX Version 6.2(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password W5TSthJO5zEtPi9F encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall The write terminal CommandYou use the write terminal command to display the configuration currently running in RAM to the console. This configuration is also known as the running config and can be displayed using the show running-config command, as in other Cisco devices. This code displays the command's output: pixfirewall# write terminal : Saved : PIX Version 6.2(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password W5TSthJO5zEtPi9F encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall The show interface CommandThe show interface command displays information such as the IP address, line status, protocol status, and interface counter information. To display only one interface, add the hardware ID to the end of the command. Listing 4.4 displays the show interface output for interface Ethernet 1. Listing 4.4 The show interface Outputpixfirewall(config)# show int e1 interface ethernet1 "inside" is up, line protocol is up Hardware is i82559 ethernet, address is 000c.3085.5641 IP address 192.168.1.1, subnet mask 255.255.255.0 MTU 1500 bytes, BW 10000 Kbit full duplex 261 packets input, 32294 bytes, 0 no buffer Received 249 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 27 packets output, 3802 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier input queue (curr/max blocks): hardware (128/128) software (0/1) output queue (curr/max blocks): hardware (0/2) software (0/1) pixfirewall(config)# The show IP address CommandYou use the show IP address to display the address information assigned to each of the device's interfaces. The following command displays all the IP addresses assigned to the PIX firewall: pixfirewall# show IP address System IP Addresses: IP address outside 169.254.8.1 255.255.255.0 IP address inside 192.168.1.1 255.255.255.0 Current IP Addresses: IP address outside 169.254.8.1 255.255.255.0 IP address inside 192.168.1.1 255.255.255.0 pixfirewall# The show version CommandThe show version command enables you to view the firewall's software version, processor type, operating time since last reboot, flash memory type, interface boards , serial number, and activation keys. Listing 4.5 displays the output from the show version command. Listing 4.5 The show version Commandpixfirewall# show version Cisco PIX Firewall Version 6.2(2) Cisco PIX Device Manager Version 2.1(1) Compiled on Fri 07-Jun-02 17:49 by morlee pixfirewall up 8 hours 31 mins Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz Flash E28F640J3 @ 0x3000000, 8MB BIOS Flash E28F640J3 @ 0xfffd8000, 128KB 0: ethernet0: address is 000c.3085.5640, irq 9 1: ethernet1: address is 000c.3085.5641, irq 10 Licensed Features: Failover: Disabled VPN-DES: Enabled VPN-3DES: Disabled Maximum Interfaces: 2 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: 10 Throughput: Limited IKE peers: 5 Serial Number: 807082785 (0x301b1b21) Running Activation Key: 0x2d284af1 0xd032aa26 0x38b7db1f 0x70cfa8ee Configuration last modified by enable_15 at 10:45:05.183 UTC Tue Apr 1 2003 pixfirewall# The write memory CommandThe write memory command saves the current running configuration to flash memory. When the system is reloaded, this configuration is loaded into RAM and executed as the running configuration. The following displays the command's syntax: pixfirewall# write memory Building configuration... Cryptochecksum: 827c289b 6a6d8181 829b5b98 d3f1c82a [OK] pixfirewall# Similarly, the write standby command saves the running configuration from the active PIX firewall to the standby PIX firewall when you are working with failover configurations. You can also think of this as writing from active RAM to standby RAM. Following is an example of the write standby command: pixfirewall# write standby |