11-6
Catalyst 6500 Series Content Switching Module Configuration Note
OL-4612-01
Chapter 11 Configuring Firewall Load Balancing
Understanding How Firewalls Work
Figure 11-4 Mixed Firewall Configuration for Stealth and Regular Firewalls (Dual CSMs Only)
Fault-Tolerant CSM Firewall Configurations
The CSM supports fault tolerance for these configurations:
• Stealth firewalls in a fault-tolerant dual CSM configuration
• Regular firewalls in a fault-tolerant dual CSM configuration
• Regular firewalls in a fault-tolerant single CSM configuration
• Mixed firewalls (stealth and regular) in a fault-tolerant dual CSM configuration
In Figure 11-5, the traffic moves through the firewalls and is filtered in both directions. The figure only
shows the flow from the Internet to the intranet through the primary CSMs, and VLANs 11 and 111 are
on the same subnet. VLANs 12 and 112 are on the same subnet.
VLAN 100
100.0.0.2
VLAN 2
10.5.0.2
Catalyst 6500
CSM-A
IP address
201.20.0.10
IP address
201.0.0.4
Alias
IP address
10.5.0.100
Alias
IP address
10.6.0.100
Alias
IP address
10.7.0.100
IP address
100.0.0.3
IP address
25.0.11.20
IP address
25.0.12.20
Catalyst 6500
CSM-A
Alias
IP address
10.5.0.200
Alias
IP address
10.6.0.200
Alias
IP address
10.7.0.200
IP address
200.0.0.3
IP address
201.0.0.3
Internet
Intranet-B
201.20.0.1
Intranet-A
200.20.0.1
VLAN 3
10.6.0.2
VLAN 4
10.7.0.2
VLAN 5
10.5.1.2
VLAN 6
10.6.1.2
VLAN 200
201.0.0.2
VLAN 200
200.0.0.2
Router
Stealth Firewalls
63907
VLAN 7
10.7.1.2
IP address
200.0.0.4
IP address
200.20.0.10
VLAN 111
25.0.11.2
IP address
25.0.11.50
IP address
25.0.11.51
IP address
25.0.11.52
IP address
25.0.12.50
IP address
25.0.12.51
IP address
25.0.12.52
Regular Firewalls
VLAN 112
25.0.12.2
Router
To Next Page
Loading...
Need help?
General