Firewall Services Module (FWSM) is a firewall module integrated by Cisco into its Catalyst 6500 Switches and 7600 Series Routers. The FWSM is based on Cisco PIX technology and uses the same time-tested Cisco PIX Operating System, a secure, real-time operating system. The Cisco FWSM enables organizations to manage multiple firewalls from the same management platform.
Installed inside a Cisco Catalyst 6500 Series Switch or Cisco 7600 Internet Router, the FWSM allows any VLAN on the switch to be passed through to the device to operate as a firewall port and integrates firewall security inside the network infrastructure.
FWSM- Security Level
Each Firewall interface is assigned a security level, a security level of 0 is the lowest and 100 is the highest. VLAN interfaces with the same security level cannot talk to one another. Data from high to low security interfaces AND low to high security interfaces both need ACL’s to allow traffic to pass
FWSM Failover Steps
Create VLAN interface for failover protocol
Assign IP Address to VLAN interface
Associate VLAN interface to failover
Define firewall role (Primary/Secondary)
Define IP address for backup firewall
Define failover link (if remote chassis)
Eg: FWSM(config)# show fail Failover On Failover unit Primary Failover LAN Interface bkup-link Reconnect timeout 0:00:00 Poll frequency 15 seconds This host: Primary - Active Active time: 29925 (sec) Interface outside (10.11.1.2): Normal Interface inside (10.2.1.1): Normal Other host: Secondary - Standby Active time: 285 (sec) Interface outside (10.11.1.3): Normal Interface inside (10.2.1.2): Normal Stateful Failover Logical Update Statistics Link : Unconfigured.
FWSM Configuration Steps:
Create two VLAN in the switches, one VLAN for LAN connection and another for Context.
Login in to the FWSM and add the exiting VLAN to FWSM.
Create new context
Create the new host name for the context
Allocate the VLAN in the context.
Configure URL disk, need to be add.
Login to the context
Configure the inside interface VLAN and assign the IP address and security level.
Configure the outside interface VLAN and assign the IP address and security level.