Catalyst 6000 family IOS Firewall Feature Set

Answered Question
Sep 14th, 2010
User Badges:

I am chosing catalyst 6500 with FWSM.

Does it need IOS Firewall Feature Set( FR-C6FW) for configuration firewall on catalyst6500?

I aleady choosed "SC-SVC-FWM-4.0-K9".

Correct Answer by Allen P Chen about 6 years 6 months ago

Hello,


The Firewall Feature Set is not really supported on the 6500 switch.  If you try to configure any "inspect" commands, the CLI will produce a warning such as:


#ip inspect name brol tcp
%CBAC (Inspect) is not supported by this platform. The configuration is accepted, but it may not work as expected


The firewalling should be done on the FWSM.


Hope that helps!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Correct Answer
Allen P Chen Tue, 09/14/2010 - 17:43
User Badges:
  • Cisco Employee,

Hello,


The Firewall Feature Set is not really supported on the 6500 switch.  If you try to configure any "inspect" commands, the CLI will produce a warning such as:


#ip inspect name brol tcp
%CBAC (Inspect) is not supported by this platform. The configuration is accepted, but it may not work as expected


The firewalling should be done on the FWSM.


Hope that helps!

iotoiotoioto Tue, 09/14/2010 - 17:55
User Badges:

Thank you so much, Allen.

You mean, no need "FR-C6FW" , right?


Nobu

Allen P Chen Tue, 09/14/2010 - 18:03
User Badges:
  • Cisco Employee,

Hello,


Yes, you do not need "FR-C6FW" on the switch to support the FWSM.  Just an FYI, FR-C6FW has actually gone end of life:


http://www.cisco.com/en/US/partner/prod/collateral/switches/ps5718/ps708/prod_end-of-life_notice0900aecd8067a132.html


What version of FWSM will you be using?  Here are the Release Notes for FWSM 4.0, which details the code requirements on the switch:


http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/release/notes/fwsmrn40.html#wp171379


Thanks!

iotoiotoioto Tue, 09/14/2010 - 18:32
User Badges:

FWSM version is 4.0.

I checked web site that you told me.

It looks OK.


If you realize something, could you tell?


WS-C6504-E Catalyst 6500 Enhanced 4-slot chassis,5RU,no PS,no Fan Tray

○ S733AEK9-122X Cisco CAT6000-SUP720 IOS ADVANCED ENTERPRISE SERVICES SSH

○ WS-SUP720-3B Catalyst 6500/Cisco 7600 Supervisor 720 Fabric MSFC3 PFC3B

CF-ADAPTER-SP SP adapter  for SUP720 and SUP720-10G

WS-X6148A-GE-TX Catalyst 6500 48-port 10/100/1000 w/Jumbo Frame, RJ-45

WS-X6724-SFP Catalyst 6500 24-port GigE Mod: fabric-enabled (Req. SFPs)

○ WS-SVC-FWM-1-K9 Firewall blade for 6500 and 7600, VFW License Separate

○ SC-SVC-FWM-4.0-K9 Firewall Module Software 4.0 for 6500 and 7600, 2 free VFW

FAN-MOD-4HS High-Speed Fan Module for 7604/6504-E

PWR-2700-AC/4 2700W AC Power Supply for Cisco 7604/6504-E

CAB-AC-C6K-TWLK Power Cord, 250Vac 16A, twist lock NEMA L6-20 plug, US

Actions

This Discussion