FWSM in multi context mode

Unanswered Question
Oct 8th, 2008
User Badges:

Can anyone explain what the purpose of the admin context is? The other user contexts seem pretty self explanatory.

What is the purpose of admin context?

How is different from the other contexts?

What would it be used for?

We are going to manage the FWSM with Cisco Security Manager and are curious about how to implement the multiple contexts.

Any insight or info would be appreciated.

Thanks....

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 10/08/2008 - 09:36
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

George


If a user can log in to the admin context then from there they can access the system execution space and the other contexts.


However if you gave a user the ability to log in to one of the other contexts ie. contextA they would not be able to move from contextA to system execution space or any of the other contexts.


So giving access to the admin context gives system administrator access to all contexts.


Jon

ajagadee Wed, 10/08/2008 - 10:18
User Badges:
  • Cisco Employee,

George,


Admin Context Configuration


The admin context is just like any other context, except that when a user logs in to the admin context, then that user has system administrator rights and can access the system and all other contexts. The admin context is not restricted in any way, and can be used as a regular context. However, because logging into the admin context grants you administrator privileges over all contexts, you might need to restrict access to the admin context to appropriate users. The admin context must reside on Flash memory, and not remotely.


If your system is already in multiple context mode, or if you convert from single mode, the admin context is created automatically as a file on the internal Flash memory called admin.cfg. This context is named "admin." If you do not want to use admin.cfg as the admin context, you can change the admin context.


Please refer the below URL for details:


http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/contxt_f.html#wp1149689


Regards,

Arul


** Please rate all helpful posts **

Actions

This Discussion