Home | Windows | Network | Interview Questions | Database | Virtualization | Knowledge Base | Contact Us

Home Links

Windows Home

Network Home

Database Home

KB Home

Interview Ques.

Network Int. Q&A

Windows Int. Q&A

SQL Int. Q&A

Knowledge Base.

Cisco VOIP

Cisco FWSM

Checkpoint

Windows 2003 KB

Windows 2008 KB

Win 2003 - IIS 6.0

SQL Failover Cluster

RAID Levels

RPC Guide

CCNA - Topics

CCNA - SWITCHING

VLAN

VTP

STP

Etherchannel

Port Security

ACL


Cisco FWSM

FWSM – Firewall Service Module

Firewall Services Module (FWSM) is a firewall module integrated by Cisco into its Catalyst 6500 Switches and 7600 Series Routers. The FWSM is based on Cisco PIX technology and uses the same time-tested Cisco PIX Operating System, a secure, real-time operating system. The Cisco FWSM enables organizations to manage multiple firewalls from the same management platform.

Installed inside a Cisco Catalyst 6500 Series Switch or Cisco 7600 Internet Router, the FWSM allows any VLAN on the switch to be passed through to the device to operate as a firewall port and integrates firewall security inside the network infrastructure.

FWSM- Security Level

Each Firewall interface is assigned a security level, a security level of 0 is the lowest and 100 is the highest. VLAN interfaces with the same security level cannot talk to one another. Data from high to low security interfaces AND low to high security interfaces both need ACL’s to allow traffic to pass

FWSM Failover Steps

  1. Create VLAN interface for failover protocol
  2. Assign IP Address to VLAN interface
  3. Associate VLAN interface to failover
  4. Define firewall role (Primary/Secondary)
  5. Define IP address for backup firewall
  6. Define failover link (if remote chassis)
  7. Force failover

Eg: FWSM(config)# show fail
Failover On
Failover unit Primary
Failover LAN Interface bkup-link
Reconnect timeout 0:00:00
Poll frequency 15 seconds
                This host: Primary - Active
                                Active time: 29925 (sec)
                                Interface outside (10.11.1.2): Normal
                                Interface inside (10.2.1.1): Normal
                Other host: Secondary - Standby
                                Active time: 285 (sec)
                                Interface outside (10.11.1.3): Normal
                                Interface inside (10.2.1.2): Normal
Stateful Failover Logical Update Statistics
                Link : Unconfigured.


FWSM Configuration Steps:

    • Create two VLAN in the switches, one VLAN for LAN connection and another for Context.
    • Login in to the FWSM and add the exiting VLAN to FWSM.
    • Create new context
      1. Create the new host name for the context
      2. Allocate the VLAN in the context.
      3. Configure URL disk, need to be add.
    • Login to the context
      1. Configure the inside interface VLAN and assign the IP address and security level.
      2. Configure the outside interface VLAN and assign the IP address and security level.
    • Apply the access-list rules to the interface.

    Cisco FWSM Q & A | Checkpoint

     

    HTML Comment Box is loading comments...

    Home | Windows | Network | Post Ur Issues | Database| Knowledge Base | Contact Us

Designed by TechieBird