Catalyst 6000 family IOS Firewall Feature Set

Answered Question
Sep 14th, 2010

I am chosing catalyst 6500 with FWSM.

Does it need IOS Firewall Feature Set( FR-C6FW) for configuration firewall on catalyst6500?

I aleady choosed "SC-SVC-FWM-4.0-K9".

I have this problem too.
0 votes
Correct Answer by Allen P Chen about 6 years 2 months ago

Hello,

The Firewall Feature Set is not really supported on the 6500 switch.  If you try to configure any "inspect" commands, the CLI will produce a warning such as:

#ip inspect name brol tcp
%CBAC (Inspect) is not supported by this platform. The configuration is accepted, but it may not work as expected

The firewalling should be done on the FWSM.

Hope that helps!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Correct Answer
Allen P Chen Tue, 09/14/2010 - 17:43

Hello,

The Firewall Feature Set is not really supported on the 6500 switch.  If you try to configure any "inspect" commands, the CLI will produce a warning such as:

#ip inspect name brol tcp
%CBAC (Inspect) is not supported by this platform. The configuration is accepted, but it may not work as expected

The firewalling should be done on the FWSM.

Hope that helps!

Allen P Chen Tue, 09/14/2010 - 18:03

Hello,

Yes, you do not need "FR-C6FW" on the switch to support the FWSM.  Just an FYI, FR-C6FW has actually gone end of life:

http://www.cisco.com/en/US/partner/prod/collateral/switches/ps5718/ps708/prod_end-of-life_notice0900aecd8067a132.html

What version of FWSM will you be using?  Here are the Release Notes for FWSM 4.0, which details the code requirements on the switch:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/release/notes/fwsmrn40.html#wp171379

Thanks!

iotoiotoioto Tue, 09/14/2010 - 18:32

FWSM version is 4.0.

I checked web site that you told me.

It looks OK.

If you realize something, could you tell?

WS-C6504-E Catalyst 6500 Enhanced 4-slot chassis,5RU,no PS,no Fan Tray

○ S733AEK9-122X Cisco CAT6000-SUP720 IOS ADVANCED ENTERPRISE SERVICES SSH

○ WS-SUP720-3B Catalyst 6500/Cisco 7600 Supervisor 720 Fabric MSFC3 PFC3B

CF-ADAPTER-SP SP adapter  for SUP720 and SUP720-10G

WS-X6148A-GE-TX Catalyst 6500 48-port 10/100/1000 w/Jumbo Frame, RJ-45

WS-X6724-SFP Catalyst 6500 24-port GigE Mod: fabric-enabled (Req. SFPs)

○ WS-SVC-FWM-1-K9 Firewall blade for 6500 and 7600, VFW License Separate

○ SC-SVC-FWM-4.0-K9 Firewall Module Software 4.0 for 6500 and 7600, 2 free VFW

FAN-MOD-4HS High-Speed Fan Module for 7604/6504-E

PWR-2700-AC/4 2700W AC Power Supply for Cisco 7604/6504-E

CAB-AC-C6K-TWLK Power Cord, 250Vac 16A, twist lock NEMA L6-20 plug, US

Actions

This Discussion