Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

bypass traffic when FWSM fail

Hi all,

I have one FWSM on router 7609. And will router bypass all traffic to FWSM when FWSM fail (I mean MSFC will process this traffic)?

Thanks in advanced

Minh Tu

3 REPLIES
Hall of Fame Super Blue

Re: bypass traffic when FWSM fail

Hi Minh

How are you running the FWSM, in routed mode ?.

The whole point of the FWSM is that if it failed you wouldn't want traffic to route around it because presumably you need to protect certain devices and that's why the FWSM is there.

In answer to your question no if the FWSM fails traffic will not be routed round, certainly at least in routed mode as the L3 interfaces for the firewalled subnets are on the FWSM.

If you need to provide a more resilient architecture you could either

1) buy another FWSM and put into the same chassis

2) Buy another chassis (7609) with a FWSM.

HTH

Jon

Community Member

Re: bypass traffic when FWSM fail

I think you can control it buy controlling the routes. Assuming you also have a CSM or ACE, you cn control the traffic as which module it should it - either FWSM or CSM. I don't have the configs, but I think it is possible.

But I am with Jon in saying that you do not want to bypass FW, no matter what. If your FW fails, its better to have redundance or just fix it.

Satya

Community Member

Re: bypass traffic when FWSM fail

I think that you should buy another FWSM and configure FWSM active-standby.

Best regards,

Khang

201
Views
8
Helpful
3
Replies
CreatePlease to create content