Configuring the PIX to pass inbound or outbound traffic requires multiple steps. Basic connectivity allows users on a higher security-level interface of the PIX to transmit the traffic to a lower security-level interface using NAT or PAT. This is accomplished using the NAT command in conjunction with a global command. Because the PIX allows higher security-level interfaces to transmit the traffic to lower security-level interfaces, and because the PIX is stateful, users on the inside of the PIX should be able to run almost any application without extra configuration on the PIX. With PIX version 7.0, controlling outbound traffic can be accomplished by only using the access-list and access-group commands. The outbound command is no longer supported. Once outbound access is secure, moving on to allowing inbound access is relatively easy. By default, all inbound access is denied. With PIX version 7.0, only access lists can be used to allow inbound traffic. For inbound traffic, configuring a static translation is required for each publicly accessible server in addition to access-list or conduit. The time-based ACL feature allows it to specify a time period during which an access control list entry is active. Version 7.0 also simplifies the deployment of the PIX by eliminating the requirement for address translation policies to be in place before allowing the network traffic to flow from a host on an inside network to outside networks via a new command, NAT control. Object grouping makes complex access lists much simpler to configure.