Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
534
Views
0
Helpful
1
Replies

fwsm and how to bypass its session inspections without causing them to drop

HummusChipsSalat
Level 1
Level 1

‎10-03-2011 08:04 AM - edited ‎03-11-2019 02:33 PM

Hi all !

i have a question about fwsm and how to bypass its session inspections without causing them to drop .

scenario :

due to number of connections capacity limitations of our FWSM's, we have made a temporary solution utilizing few FWSMs and sharing the load between them using PBR [ tested on Cat6x in hardware ]

its not pretty but it would let us go through the winter

my question here is for firewall guys :

if im LB between the firewalls and like to make an adjustment in the traffic and move a certain range in the PBR from FW1 to FW2 ,

regularly the connection would be tore down and would need to be re-established . this means Downtime .

i would like to find any way i can cause FW2 to allow the "moved" connections to pass and continue on FW2 .

if it involves disabling a feature for x period of time and then re-enabling it  - ok , anything is good .

Thanks

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎10-03-2011 10:03 AM

Hi,

TCP state bypass would take care of TCP during transition, datagram based protocols (expect the ones going through inspection engines) should take care of themselves (provided they are allowed by ACL).

If the two FWSMs are in failover (A/A scenario) check out ASR groups.

Marcin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card