cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
443
Views
4
Helpful
7
Replies

msfc infront fwsm

cfajardo1_2
Level 1
Level 1

HELLO,

LAN---FWSM---MSFC---ROUTER---INTERNET

arent we violating any security rule in this scenario if we put the msfc infront of the FWSM?

thanks

1 Accepted Solution

Accepted Solutions

Hi

You can have as many vlans as you like behind the FWSM and as many vlan as you like on the MSFC.

The key thing in this is that any vlan that you want to firewall must not have an SVI (Layer 3 vlan interface) on the MSFC. So in your description above as long as the 7 vlans behind the FWSM are different from the 8 vlans that are on the MSFC you will be fine.

HTH

Jon

View solution in original post

7 Replies 7

hoffa2000
Level 3
Level 3

Looks ok to me. As long as the MSFC doesn't have ANY SVIs on the LAN.

/Fredrik

do you mean like this?

(inside,dmz, etc)-----FWSM---lan----MSFC---ROUTER---INTERNET

Actually there are multiple vlans on the msfc which are users vlans. correction below;

DMZs----FWSM---MSFC(8vlans)---router---inet

is it possible to modify this scenario to something like below

(DMZs,7VLANs)----FWSM---MSFC(8vlans)---router---inet

Hi

You can have as many vlans as you like behind the FWSM and as many vlan as you like on the MSFC.

The key thing in this is that any vlan that you want to firewall must not have an SVI (Layer 3 vlan interface) on the MSFC. So in your description above as long as the 7 vlans behind the FWSM are different from the 8 vlans that are on the MSFC you will be fine.

HTH

Jon

hi jon,

thanks a lot. any url you can paste here showing config on 2x6500 both having fwsm on it..

thanks

hi jon,

again many thanks...another thing, can i do glbp on fwsm between 2 6500 chassis?

thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: