FWSM multi context clarifications

Answered Question
Mar 5th, 2009
User Badges:

Dear friends,


Two questions on FWSM in multi context and routed mode


1. For me to do a FWSM upgrade, is it a mandatory step to define vlans on the admin context? IS it not possible for the system context to use the vlans off another working context (other than admin context) to connect the tftp server and upload the image?


2. On a production FWSM with inter-chassis failover, is there any harm in adding vlans to the firewall vlan-group in 1 chassis and then going to the other chassis and adding it as well. What i mean is will it disturb the failover relationship when i am doing this? If so, i may have to do it during a test window. Just a FYI that the new vlan to be added to the vlan-group is not in production.


Requesting for your kind inputs on this

Correct Answer by Jon Marshall about 8 years 1 month ago

1) As far as i know the system context can only use the admin context for network connectivity. So your admin context needs to be able to connect to the tftp server.


2) Should be fine, just don't forget to update the other chassis or that will break failover. I haven't checked the latest releases but when will Cisco automatically propogate this information between chassis - seems an obvious thing to do to me.


Jon

Correct Answer by Syed Iftekhar Ahmed about 8 years 1 month ago

1. You cannot configure any IP addresses in system context (FT links are the only exception). Its not possible to upgrade using system context only.


2.I dont see any harm.


Syed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Syed Iftekhar Ahmed Fri, 03/06/2009 - 02:56
User Badges:
  • Blue, 1500 points or more

1. You cannot configure any IP addresses in system context (FT links are the only exception). Its not possible to upgrade using system context only.


2.I dont see any harm.


Syed

Correct Answer
Jon Marshall Fri, 03/06/2009 - 03:03
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

1) As far as i know the system context can only use the admin context for network connectivity. So your admin context needs to be able to connect to the tftp server.


2) Should be fine, just don't forget to update the other chassis or that will break failover. I haven't checked the latest releases but when will Cisco automatically propogate this information between chassis - seems an obvious thing to do to me.


Jon

Actions

This Discussion