Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to determine which vlans are placed on FWSM?

Hi all,

I have some basic questions on firewall/data center design. I have inherited a pair of 6500s containing FWSM modules. All 50+ VLan interfaces are placed on the FWSM and are doing quite a bit of intervlan traffic for the 200+ machines we have on our access layer switches in those various Vlans. I'm starting to see performance issues which is most likely due to the limitations of the firewall.

To me it's obvious not all of these vlans should be placed on the FWSM and should be moved down to the 6500 msfc, however, what is best practice to determine what networks should be locked up int he fwsm? The obvious ones to move to the msfc are storage, backup, etc. Do you typically only place networks in which the outside internet has access to on the FWSM?

Thanks.

Everyone's tags (3)
3 REPLIES
Cisco Employee

How to determine which vlans are placed on FWSM?

Hi Steven,

Yes you need to put critical resources (web-servers, email servers etc.) behind the FWSM. You need to be very careful while designing this. About performance issue on FWSM, make sure FWSM is not oversubscribed with traffic being handled by it.

For more information on Oversubscription please follow the below document.

https://supportforums.cisco.com/docs/DOC-13066

Would recommend to open a TAC case and work on performance related issues.

Regards,

Dinkar

New Member

How to determine which vlans are placed on FWSM?

What types on network vlans would you place/route ON the FWSM? Our Public IP -> nat internal ips for the load balancer?

Cisco Employee

How to determine which vlans are placed on FWSM?

Hi Steve,

For all those servers which are vulnerable to attacks, mostly from outsdside users.

Regards,

Dinkar

366
Views
3
Helpful
3
Replies
CreatePlease to create content