EasyManuals Logo

Cisco Catalyst 6500 Series User Manual

Cisco Catalyst 6500 Series
392 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #29 background imageLoading...
Page #29 background image
1-3
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 1 Introduction to the Firewall Services Module
Features
Features
This section describes the FWSM features, and includes the following topics:
Features, page 1-3
Stateful Inspection Feature, page 1-5
Other Protection Features, page 1-6
General Features
Table 1-2 lists the features of the FWSM.
3. Supports transparent firewall mode when you use failover. Failover requires BPDU forwarding to the FWSM, or else you can
have a loop. Other releases that do not support BPDU forwarding only support transparent mode without failover.
4. When you use Catalyst OS on the supervisor, you can use any of the supported Cisco IOS releases above on the MSFC. (When
you use Cisco IOS software on the supervisor, you use the same release on the MSFC.) The supervisor software determines
the FWSM feature support. For example, if you use Catalyst OS Release 7.6(1) on the supervisor and Cisco IOS 12.1(13)E
on the MSFC, then the switch does support multiple SVIs, because Catalyst OS Release 7.6(1) supports multiple SVIs.
Table 1-2 General FWSM Features
Feature Description
Transparent firewall or routed
firewall mode
The firewall can run in one of the following modes:
Routed—The FWSM is considered to be a router hop in the network. It performs NAT
1
between connected networks. In single context mode, you can use OSPF
2
or passive
RIP
3
.
Transparent—The FWSM acts like a “bump in the wire,” and is not a router hop. The
FWSM connects the same network on its inside and outside interfaces, but each interface
must be on a different VLAN. No dynamic routing protocols or NAT are required.
Multiple security contexts In multiple context mode, you can create up to 100 separate security contexts (depending on
your software license). A security context is a virtual firewall that has its own security policy
and interfaces. Multiple contexts are similar to having multiple stand-alone firewalls.
Contexts are conveniently contained within a single module.
You can run all security contexts in routed mode or in transparent mode; you cannot run some
contexts in one mode and others in another.
With the default software license, you can run up to two security contexts in addition to an
admin context. For more contexts, you must purchase a license.
Resource management for
security contexts
You can limit resources per context so one context does not use up too many resources. You
create classes that define resource limitations as an absolute value or as a percentage, and then
assign a context to one of these classes.
Communication between
same security level
You can configure interfaces on the same security level to communicate with each other. This
feature is off by default, and you can enable or disable this feature on a per context basis. In
earlier releases, no communication between interfaces with the same security level was
possible.
Bidirectional NAT and policy
NAT
You can perform NAT on inside and outside addresses. For policy NAT, you can identify
addresses to be translated using an extended ACL
4
, which allows you more control in
determining which addresses to translate.

Table of Contents

Other manuals for Cisco Catalyst 6500 Series

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 6500 Series and is the answer not in the manual?

Cisco Catalyst 6500 Series Specifications

General IconGeneral
BrandCisco
ModelCatalyst 6500 Series
CategorySwitch
LanguageEnglish

Related product manuals