FWSM multiple VLAN

Answered Question
Nov 18th, 2007

The network inside has multiple VLANs. Need to configure the FWSM for all the VLAN's with just 2 context in Active/Active mode.

How to do this.

I have this problem too.
0 votes
Correct Answer by Fernando_Meza about 9 years 2 weeks ago

Hi,

The points below are the ones you need to follow. I suggest you to refer to the Configuration guide under the chapter "Transparent Firewal minimum configuration steps"

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/quick_f.html#wp1013477

Step 1 Assigning VLANs to the Firewall Services Module, page 2-2 On the switch, you need to assign VLANs to the

FWSM so that the FWSM can send and receive traffic

on the switch.

Step 2 (Might be required) Adding Switched Virtual Interfaces to

the MSFC, page 2-5

If you want the MSFC to route between VLANs that

are assigned to the FWSM, complete this procedure.

Step 3 Connecting to the Firewall Services Module, page 3-1 From the switch CLI, you can session into the FWSM

to access the FWSM CLI.

Step 4 (Might be required; multiple context mode only) Enabling or

Disabling Multiple Context Mode, page 4-10

If you want to use multiple context mode and your

FWSM is not already configured for it, or if you want

to change back to single mode, follow this procedure.

Step 5 (Multiple context mode only) Configuring a Security

Context, page 4-18

Add a security context.

Step 6 (Multiple context mode only) Changing Between Contexts

and the System Execution Space, page 4-22

Because you must configure some settings in the

system execution space and some settings within the

context, you need to know how to switch between

contexts and the system execution space.

Step 7 Setting Transparent or Routed Firewall Mode, page 5-17 Before you configure any settings, you must set the

firewall mode to transparent mode. Changing the

mode clears your configuration. In multiple context

mode, set the mode in each context.

Step 8 Configuring Transparent Firewall Interface Parameters,

page 6-3

For each VLAN interface, you must set a name (such

as inside or outside), a security level, and a bridge

group.

Step 9 Assigning an IP Address to a Bridge Group, page 6-5 Assign an IP address to each bridge group.

Step 10 Configuring a Default Route, page 8-3 Create a default route to an upstream router for

returning management traffic.

Step 11 Adding an Extended ACE, page 10-7 Before any traffic can go through the FWSM, you

must create an access list that permits traffic.

Step 12 Applying an Access List to an Interface, page 11-4 Apply the access list to an interface.

I hope it helps .. please rate it if it does !!!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.5 (2 ratings)
Loading.
Fernando_Meza Mon, 11/19/2007 - 02:40

Hi,

Are you planning to control the inter-VLAN routing of those VLANs by the FWSM ..?

Are you able to post a draft topology diagram of the current setup and what is that you would like to achieve.

MAZakirhussain Mon, 11/19/2007 - 04:17

Hi,

The network has about 10 VLAN's with HSRP configured for each VLAN on the redundant 6509 switches. Each switch has a FWSM. Now traffic for each VLAN should pass through the Firewall. Need to configure the FWSM in Active/Active mode with 5 VLAN's in the one context and the other 5 VLAN's in the other context.Also FWSM needs to be configured in Transparent mode.

Correct Answer
Fernando_Meza Mon, 11/19/2007 - 14:22

Hi,

The points below are the ones you need to follow. I suggest you to refer to the Configuration guide under the chapter "Transparent Firewal minimum configuration steps"

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/quick_f.html#wp1013477

Step 1 Assigning VLANs to the Firewall Services Module, page 2-2 On the switch, you need to assign VLANs to the

FWSM so that the FWSM can send and receive traffic

on the switch.

Step 2 (Might be required) Adding Switched Virtual Interfaces to

the MSFC, page 2-5

If you want the MSFC to route between VLANs that

are assigned to the FWSM, complete this procedure.

Step 3 Connecting to the Firewall Services Module, page 3-1 From the switch CLI, you can session into the FWSM

to access the FWSM CLI.

Step 4 (Might be required; multiple context mode only) Enabling or

Disabling Multiple Context Mode, page 4-10

If you want to use multiple context mode and your

FWSM is not already configured for it, or if you want

to change back to single mode, follow this procedure.

Step 5 (Multiple context mode only) Configuring a Security

Context, page 4-18

Add a security context.

Step 6 (Multiple context mode only) Changing Between Contexts

and the System Execution Space, page 4-22

Because you must configure some settings in the

system execution space and some settings within the

context, you need to know how to switch between

contexts and the system execution space.

Step 7 Setting Transparent or Routed Firewall Mode, page 5-17 Before you configure any settings, you must set the

firewall mode to transparent mode. Changing the

mode clears your configuration. In multiple context

mode, set the mode in each context.

Step 8 Configuring Transparent Firewall Interface Parameters,

page 6-3

For each VLAN interface, you must set a name (such

as inside or outside), a security level, and a bridge

group.

Step 9 Assigning an IP Address to a Bridge Group, page 6-5 Assign an IP address to each bridge group.

Step 10 Configuring a Default Route, page 8-3 Create a default route to an upstream router for

returning management traffic.

Step 11 Adding an Extended ACE, page 10-7 Before any traffic can go through the FWSM, you

must create an access list that permits traffic.

Step 12 Applying an Access List to an Interface, page 11-4 Apply the access list to an interface.

I hope it helps .. please rate it if it does !!!

Actions

This Discussion