How many transparent contexts will an FWSM support?
As stated in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Using the CLI Release 4.0.pdf, "If you do not want the overhead of security contexts, or want to maximize your use of security contexts, you can configure up to eight pairs of interfaces, called bridge groups. Each bridge group connects to a separate network. Bridge group traffic is isolated from other bridge groups; (p 113, section 5-7)"
That sounds like the FWSM only supports 8 transparent firewalls contexts.
However, in the product bullit "New Cisco Catalyst 6500 Firewall Security System Bundle with Supervisor Engine 720-3BXL" it says that the FWSM will support 250 firewall contexts.
So my question is, if I do place the transparent firewall into a context, will it actually support 250 transparent firewall?
I have not been able to find any supporting documentation.
Re: How many transparent contexts will an FWSM support?
"That sounds like the FWSM only supports 8 transparent firewalls contexts."
That's not what it is saying. Basically when you set up a transparent firewall it firewalls between 2 vlans only. Note it's 2 vlans using the same IP subnet. So if you then want to firewall between another 2 vlans you need to use another context.
What it is saying is that if you need to firewall between more than 2 vlans rather than use contexts the FWSM will support up to 8 bridge groups ie. so instead of firewalling between 2 vlans you can now firewall between 8 pairs of vlans ie. 16. If you couldn't do this you would need 8 contexts.
However the FWSM supports 8 bridge groups per context. So it is not saying that in total you can only have 8 transparent firewall contexts. It is saying you have can as many contexts as your license allows (up to 250) and within each context you could if you wanted to firewall between 16 vlans. Obviously you don't have to use bridge groups at all. If you had a 250 context license it is unlikely that you would need to use them. You could use standard transparent firewalls ie. firewall between 2 vlans per context.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...