×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Doese the FWSM support SCCP and H.323 stateful inspection

Unanswered Question
Jan 6th, 2004
User Badges:

We are going to put phones in a seperate Voice Vlan and want to follow the Cisco IP Telephony Safe document which suggests to use a stateful firewall that supports SCCP so that dynamic pinholes can be opened and closed for UDP/RTP media streams. We know we can do this with IOS or PIX firewalls, but we can't find any documentation stating it is support on FWSM.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gfullage Tue, 01/06/2004 - 18:45
User Badges:
  • Cisco Employee,

All the fixup commands in the PIX are unchanged in the FWSM, so if a PIX supports it in 6.2 code (see here http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/df.htm#1067379) then the FWSM will support it also.


See this also for PIX/FWSM command differences/similarities:


http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_installation_and_configuration_guide_chapter09186a0080159cb1.html

acgarcia Wed, 01/07/2004 - 07:12
User Badges:

Thanks! This cleared the air for me. Another problem I see in this scenario is DHCP. DHCP servers will sit on different VLANS than the secured VLANS where IP Phones will be located. I found a couple of posts that said that DHCP relay does not work in the FWSM. Is this true? The posts also mention that this will be a feature in FWSM 2.1 release in Q4 03, which is already past, but I don't see any FWSM 2.1 software on CCO. Do you think it would be best to return the FWSM and go with a regular PIX. The only thing we are going to use the FWSM are for VoIP security (CallManagers, IP Phones, IPCC, ICM, and Unity will be protected).

gfullage Wed, 01/07/2004 - 18:32
User Badges:
  • Cisco Employee,

DHCP Relay is coming in v2.1, which is not ready as yet, not sure when it's due either but shouldn't be too far off (don't quote me on that though :-) )


I can't tell you whether or not to return the FWSM, I'm sure you chose it for some valid reasons which you'll have to way up. The PIX does support DHCP Relay now though so it does have the functionality you want if you go that route.

Actions

This Discussion