FWSM with inline content filter

Unanswered Question
Dec 19th, 2007

I have a 6513 with a FWSM. The next device is a 6503 that is owned by my ISP. I have placed a inline content filter in between these 2 devices so that we can filter our Internet access. Because it is inline, all traffic flows through this device. The bad thing is that this filter sits on the outside of the firewall. I am trying to figure out how I can place the filter on the inside of my firewall. But the only device I have is a 6513 and my FWSM. So I am unable to physically place a inline filter in between a chassis and a blade. I have 5 vlans that are functioning as different interfaces for my FWSM. I need the inline filter to filter all of these vlans except vlan2, which is the vlan that the outside interface of the FWSM sits in.

Any ideas would be appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
amritpatek Wed, 12/26/2007 - 14:27

You can create a new vlan say 500 and place the inside interface of the filter device on vlan 500 and the outside interface of filter device on the inside interface of FWSM. Obviously in this case the users will need to be in the proper vlan as well, but the concept here is to build a vlan and place the filter device between that vlan an the inside vlan so that it must traverse the FWSM so we avoid routing around it.

jlhainy Thu, 12/27/2007 - 18:39

I thought of doing that, but I have a DMZ interface that is a vlan for my guest wireless users that also needs to go through the filter, so if I put it between a vlan and the inside interface, then the dmz doesn't get filtered because it logicallly sits after the location of the inside vlan and inside FWSM interface. This is the reason that the filter sits on the outside interface and the vlan that is on the outside. I almost need a vlan that is in between the inside interface and the outside interface. Is that even possible?


This Discussion