Firewalls - configure

configure

Clear or merge the current configuration with that on floppy or Flash memory, start configuration mode, or view current configuration. (Privileged mode.)
The PIX 506, PIX 515, and PIX 525 do not support use of the configure floppy command.

clear configure primary | secondary | all
configure net [[server_ip]:[filename]]
configure floppy
configure memory
configure terminal
show configure

Syntax

clear Clears aspects of the current configuration in RAM. Use the write erase command to clear the complete configuration.

primary Sets the interface, ip, mtu, nameif, and route commands to their default values. In addition, interface names are removed from all commands in the configuration.

secondary Removes the aaa-server, alias, access-list, apply, conduit, global, outbound, static, telnet, and url-server command statements from the configuration.

net Loads the configuration from a TFTP server and the path you specify.

all Combines the primary and secondary options.

floppy Merges the current configuration with that on diskette.

memory Merges the current configuration with that in Flash memory.

terminal Starts configuration mode to enter configuration commands from a terminal. Exit configuration mode by entering the quit command.

server_ip Merges the current configuration with that available across the network at another location, which is defined with the tftp-server command.

filename A filename you specify to qualify the location of the configuration file on the TFTP server named in server_ip. If you set a filename with the tftp-server command, do not specify it in the configure command; instead just use a colon (:) without a filename.

Usage Guidelines

The clear configure command resets a configuration to its default values. Use this command to create a template configuration or when you want to clear all values. The clear configure primary command resets the default values for the interface, ip, mtu, nameif, and route commands. This command also deletes interface names in the configuration.
The clear configure secondary command removes the aaa-server, alias, access-list, apply, conduit, global, outbound, static, telnet, and url-server command statements from the configuration. However, the clear configure secondary command does not remove tftp-server command statements. Save the configuration before using the clear configure command. The clear configure secondary command does not prompt you before deleting lines from the configuration.
The configure net command merges the current running configuration with a TFTP configuration stored at the IP address you specify and from the file you name. If you specify both the IP address and path name in the tftp-server command, you can specify:filename as simply a colon (:).
For example:
configure net :

Use the write net command to store the configuration in the file.
If you have an existing firewall configuration on a TFTP server and store a shorter configuration with the same filename on the TFTP server, some TFTP servers will leave some of the original configuration after the first ":end" mark. This does not affect the firewall because the configure net command stops reading when it reaches the first ":end" mark. However, this may cause confusion if you view the configuration and see extra text at the end of the configuration.
Many TFTP servers require the configuration file to be world-readable to be accessible.
The configure floppy command merges the current running configuration with the configuration stored on diskette. This command assumes that the diskette was previously created by the write floppy command.
The configure memory command merges the configuration in Flash memory into the current configuration in RAM.
The configure terminal command starts configuration mode. Exit configuration mode with the quit command. After exiting configuration mode, use the write memory command to store the changes in Flash memory or write floppy to store the configuration on diskette. Use the write terminal command to display the current configuration.
The show configure command lists the contents of the configuration in Flash memory.
Each command statement from diskette (with configure floppy), Flash memory (with configure memory), or TFTP transfer (with configure net) is read into the current configuration and evaluated in the same way as commands entered from a keyboard with the following rules:

If the command on diskette or Flash memory is identical to an existing command in the current configuration, it is ignored.
If the command on diskette or Flash memory is an additional instance of an existing command, such as if you already have one telnet command for IP address 10.2.3.4 and the diskette configuration has a telnet command for 10.7.8.9, then both commands appear in the current configuration.
If the command redefines an existing command, the command on diskette or Flash memory overwrites the command in the current configuration in RAM. For example, if you have the hostname ram command in the current configuration and the hostname floppy command on diskette, the command in the configuration becomes hostname floppy and the command line prompt changes to match the new host name when that command is read from diskette.

Examples

The following example shows how to configure the firewall using a configuration retrieved with TFTP:
configure net 10.1.1.1:/tftp/config/pixconfig

The pixconfig file is stored on the TFTP server at 10.1.1.1 in the tftp/config folder.
The following example shows how to configure the firewall from a diskette:
configure floppy

The following example shows how to configure the firewall from the configuration stored in Flash memory:
configure memory

The following example shows the commands you enter to access configuration mode, view the configuration, and save it in Flash memory.
Access privileged mode with the enable command and configuration mode with the configure terminal command. View the current configuration with the write terminal command and save the configuration to Flash memory using the write memory command.
pixfirewall> enable
password:
pixfirewall# configure terminal
pixfirewall(config)# write terminal
:Saved
current configuration
:End
write memory

clear	Clears aspects of the current configuration in RAM. Use the write erase command to clear the complete configuration.
primary	Sets the interface, ip, mtu, nameif, and route commands to their default values. In addition, interface names are removed from all commands in the configuration.
secondary	Removes the aaa-server, alias, access-list, apply, conduit, global, outbound, static, telnet, and url-server command statements from the configuration.
net	Loads the configuration from a TFTP server and the path you specify.
all	Combines the primary and secondary options.
floppy	Merges the current configuration with that on diskette.
memory	Merges the current configuration with that in Flash memory.
terminal	Starts configuration mode to enter configuration commands from a terminal. Exit configuration mode by entering the quit command.
server_ip	Merges the current configuration with that available across the network at another location, which is defined with the tftp-server command.
filename	A filename you specify to qualify the location of the configuration file on the TFTP server named in server_ip. If you set a filename with the tftp-server command, do not specify it in the configure command; instead just use a colon (:) without a filename.