I am getting ready to install a pair of ASA FWSM modules (WS-SVC-ASA-SM1) into a pair of VSS 6509-E switches on our College campus network. The VSS chassis' have dual ten GigE connections to our data closets and consist of primarily wired and wireless campus network users. Apparently there several options of how to install the FWSM modules and several options of active/standby configurations in a VSS environment. I was wondering if anyone has had experience doing this and if they could share with me their experiences? And if there is a best practice for this type of deployment i.e. transparent mode vs. non-transparent mode (no NAT on these firewalls), load balancing issues, active/standby deployment, etc.? Any information would be greatly appreciated.
There's not a whole lot of ASA Service Module deployments out there that I've seen. Most customers are opting for the 5585-X in that performance / price range.
If you haven't already looked at it, there are some general principles outlines in the document "Service Module Design with ACE and FWSM". Much of the FWSM info there can be applied directly to the ASA SM.
A lot depends on the environment into which they will be integrated so it's hard to answer the question in a general sense. I would say that I have seen transparent mode on perhaps 5% of the ASA implementations of any kind that I have seen.
The ASA SM does not support clustering, so a pair is limited to HA mode. Whether you use Active/Standby or Active/Active depends partly on whether you have multiple contexts and how much complexity you feel comfortable adding.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...