FWSM question on design

Unanswered Question

Thanks everyone, I have dual 6509's with dual FWSM's, basically I need to be able to create FW rules to permit/deny traffic to/from user vlans to several server vlans and between other networks, etc. These VLANs are present in the 6509, can I do this by running transparent mode on the FWSM? First time setting up FWSM, any hints, recommendations are appreciated.

Thanks again.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hoffa2000 Tue, 03/13/2007 - 07:29
User Badges:

I assume you have the network set up as I had, the 6509 acting as a L3 switch between the different VLANs and their subnets.

What you can do in this case is to remove all SVIs you want to firewall from the 6509 and add them to the FWSM instead. If you then give the same IP to the FWSM interfaces as you had on the 6509 SVIs, and leave all rules wide open, you should have the same functionality as you had with the 6509 doing the routing.


This Discussion