Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
340
Views
0
Helpful
2
Replies

How many transparent contexts will an FWSM support?

fwhopper
Level 1
Level 1

‎09-04-2009 12:29 PM - edited ‎03-11-2019 09:12 AM

As stated in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Using the CLI Release 4.0.pdf, "If you do not want the overhead of security contexts, or want to maximize your use of security contexts, you can configure up to eight pairs of interfaces, called bridge groups. Each bridge group connects to a separate network. Bridge group traffic is isolated from other bridge groups; (p 113, section 5-7)"

That sounds like the FWSM only supports 8 transparent firewalls contexts.

However, in the product bullit "New Cisco Catalyst 6500 Firewall Security System Bundle with Supervisor Engine 720-3BXL" it says that the FWSM will support 250 firewall contexts.

So my question is, if I do place the transparent firewall into a context, will it actually support 250 transparent firewall?

I have not been able to find any supporting documentation.

Thanks in advance,

Faron

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎09-04-2009 09:50 PM

Faron

"That sounds like the FWSM only supports 8 transparent firewalls contexts."

That's not what it is saying. Basically when you set up a transparent firewall it firewalls between 2 vlans only. Note it's 2 vlans using the same IP subnet. So if you then want to firewall between another 2 vlans you need to use another context.

What it is saying is that if you need to firewall between more than 2 vlans rather than use contexts the FWSM will support up to 8 bridge groups ie. so instead of firewalling between 2 vlans you can now firewall between 8 pairs of vlans ie. 16. If you couldn't do this you would need 8 contexts.

However the FWSM supports 8 bridge groups per context. So it is not saying that in total you can only have 8 transparent firewall contexts. It is saying you have can as many contexts as your license allows (up to 250) and within each context you could if you wanted to firewall between 16 vlans. Obviously you don't have to use bridge groups at all. If you had a 250 context license it is unlikely that you would need to use them. You could use standard transparent firewalls ie. firewall between 2 vlans per context.

Jon

0 Helpful

fwhopper
Level 1
Level 1
In response to Jon Marshall

‎09-08-2009 04:56 AM

Jon,

Thanks for your update. After re-reading it several times, I see what you mean now.

Faron

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card