4-13
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 4 Configuring the Firewall Mode
Firewall Mode Overview
An Inside User Visits a Website
Figure 4-2 shows an inside user accessing an outside website.
Figure 4-9 Inside to Outside
The steps below describe how data moves through the FWSM (see Figure 4-2):
1. The user on the inside network requests a web page from www.cisco.com.
2. The FWSM receives the packet on VLAN 200 and, because it is a new session, it verifies that the
packet is allowed according to the terms of the security policy (ACLs, filters, AAA).
For multiple context mode, the FWSM first classifies the packet according to either a unique VLAN
or a unique destination address. In this case, the VLAN would be unique. For transparent firewall
mode, each context has a unique VLAN on the inside and outside, so the IP address would not be
considered.
3. The FWSM records that a session is established.
4. If the destination MAC address is in its table, the FWSM forwards the packet out of the outside
interface on VLAN 100.
If the destination MAC address is not in the FWSM table, the FWSM attempts to discover the MAC
address by sending an ARP request and a ping. The first packet is dropped.
5. When the web server responds to the request, the packet goes through the FWSM, and because the
session is already established, the packet bypasses the many lookups associated with a new
connection.
6. The FWSM forwards the packet to the inside user.
Switch
FWSM
209.165.201.6
www.cisco.com
VLAN 100
VLAN 200
209.165.201.2
Internet
Host
209.165.201.3
104693
To Next Page
Loading...
Need help?
General