hi! I've a few questions to verify with the configuration shown below.
1) i created a context called test-no-vrf(transparent mode) with vlan 240(outside) and 241(inside) created in the 6509 switch and i'm able to access the GUI using ASDM. If i would to apply firewall rule in my test-no-vrf context (between my live svr's vlan(not vlan240 n 241) with my test vlan of 241), will this impact my live vlan's servers in another live-context? First of all, will i be able to add my live vlan subnet into my test-no-vrf's rules?
2) can i create another group for my test vlan 240 and 241 instead of joining to my live vlan in vlan-group3? What's the different of creating another vlan-group for test vlan 240 and 241 with my current setup below? Does that mean i will not be able to use rules that involve my live vlan/subnets' servers?
3) If i create a context with vrf (routing done within the vrf itself instead of going throug the msfc) + all the new vlans. Can these vlans be use in my live context? or it's localized within the context itself?
The FWSM does not support virtual routing. (VRF). To configure the FWSM for Virtualization, you gonna have create VRF on the MSFC instead and have different vlans on the MSFC in their own VRF. On the FWSM create you multiple Context and allocate the vlans to a context on the FWSM. Traffic between VRFs will transit the FWSM context associated with the local VRF, route through the switch MSFC and traverse back through the FWSM context associated with the destination VRF.
hi! Just to confirm, about the question i asked abou the vlan-group. If i created a new test context with 3 vlans assigned to a new vlan-group, cab i apply rules that include my other live server which is of different vlans from the one i assigned my test context? (eg. allow only http from my other server segments to access the inside of my test context). What's the different of grouping them into one vlan-group and isolating my test context's vlan from my live server vlans? thx.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...