Catalyst 4500 FSM support ?

Unanswered Question
Sep 19th, 2008


all i need to have information about 4500 series does it support firewall modules or do i need to have 6500 at least to do it ?

thank you

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Jon Marshall Fri, 09/19/2008 - 05:17

The 4500 does not support any of the service modules such as the FWSM (Firewall Service Module), ACE (Application Control Engine) etc..

To run these type modules you need a 6500 switch.


yann.boulet Fri, 09/19/2008 - 05:39

thank you for your quick replies.

Another question, at the moment, we have old equipments so 2 Catalyst 4006 and 2 PIX 525, I need to replace this, and i want to know if it's better to buy 2 C4500 with 2 ASA or 2 6500 with FSM modules. can you give some help to choose ?


Jon Marshall Fri, 09/19/2008 - 05:51

There is no definitive answer to that. Things to think of when you are making the decision

1) Cost - nearly always an issue. 6500 solution with FWSM will very probably be more expensive. Can you justify the extra cost.

2) Throughput needed now and in the near to mid future. The 6500/FWSM solution has the capability for much greater throughput but you may not need it. How much traffic do you need to firewall and how important is latency to you in your network.

3) Other requirements in addition to firewalling ie. do you need to terminate a lot of VPN's - be aware that ASA's will do this whereas the FWSM will not - for that on a 6500 you would need separate module/port adaptor.

4) Overall design requirements - are you looking to intergrate everything into a dual chassis setup ie. firewalling, load-balancing etc. This can be a very good solution for a data centre but can be overkill for a small to medium campus setup.

Is this solution for just one customer or multiple, if multiple then contexts become very useful and the 6500/FWSM/ACE solution becomes more attractive.

5) Future scalability. Already touched on in other points but where do you see the network going and what services are you going to need in future. The 6500 provides maximum flexibility/scalabilty/features but at a cost.

Also without wishing to make your decision harder bear in mind there is nothing wrong with going with 6500 chassis & modules for switching throughput, future options and still using standalone ASA devices. Choosing the 6500 does not mean you have to use the FWSM.



This Discussion