How 2 IDSM Combines Thoroughput & Integration with FWSM

Unanswered Question
Jun 7th, 2009
User Badges:

Hi;

We have planned to place the two IDSM module in 6509 chassis with FWSM. IDSM will in inline mode.

1- I understand that combine throughput will be 1GB but through which feature i can achieve it.

2- How it will integrate with FWSM. I mean what are the minimal steps that FWSM forward all request to IDSM.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Loading.
omair.siddiqui Wed, 06/10/2009 - 05:41
User Badges:

Thanks A lot;


Found these links much useful. Our scenario include switch for core network. sup 720-3B, FWSM for segregation of application servers in different zones , IDSM and ACE for load balancing of some important application servers. Along with that 67XX gig ehternet with DFC card is also the part of the solution.


What would be the best design in your opinion. Other than that I have another query.


The management is looking to cut down the cost for DR and remove drop one IDSM and FWSM and leave only chassis with 1 IDSM. Mu concerns are


I believe FSWM is more imp than IDSM coz as per my understanding IDSM can't replace IDSM. How do you see it





Farrukh Haroon Wed, 06/10/2009 - 05:58
User Badges:
  • Red, 2250 points or more

I would recommend dropping ONE or BOTH IDSMs. The FWSM is critical and needs to be there. It will also require you to re-design the DR site.


Regards


Farrukh

omair.siddiqui Thu, 06/11/2009 - 10:00
User Badges:

Thanks for the suggestion. I have pitched the importance of firewalling to management.


Can we use FWSM for deep inspection too, I understand it might not be as comprehensive as IDSM but is it possible at the first place.


avanzaadmin Fri, 06/12/2009 - 05:16
User Badges:

My experience with FWSM (3.1.x) along side IDSM is that the inspection engines has their uses. We use the HTTP inspection extensively and it has been reasonably good at keeping a grip on the IM-over-HTTP clients, although this particular case requires help from the IDSM. As long as some traffic flows through the FWSM, ether before or after passing the IDSM, there is the option to enable inspection engines.


/Fredrik

Farrukh Haroon Wed, 06/17/2009 - 11:03
User Badges:
  • Red, 2250 points or more

Dear Omair


There are a lot of inspections available on the Firewall, but they cannot compete with a full-blown IPS in anyway. Both technologies complement each other, and for critical vertical sectors (like banking and finance) its important to have both.


Regards


Farrukh

Actions

This Discussion