Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How 2 IDSM Combines Thoroughput & Integration with FWSM

Hi;

We have planned to place the two IDSM module in 6509 chassis with FWSM. IDSM will in inline mode.

1- I understand that combine throughput will be 1GB but through which feature i can achieve it.

2- How it will integrate with FWSM. I mean what are the minimal steps that FWSM forward all request to IDSM.

Thanks

6 REPLIES

Re: How 2 IDSM Combines Thoroughput & Integration with FWSM

New Member

Re: How 2 IDSM Combines Thoroughput & Integration with FWSM

Thanks A lot;

Found these links much useful. Our scenario include switch for core network. sup 720-3B, FWSM for segregation of application servers in different zones , IDSM and ACE for load balancing of some important application servers. Along with that 67XX gig ehternet with DFC card is also the part of the solution.

What would be the best design in your opinion. Other than that I have another query.

The management is looking to cut down the cost for DR and remove drop one IDSM and FWSM and leave only chassis with 1 IDSM. Mu concerns are

I believe FSWM is more imp than IDSM coz as per my understanding IDSM can't replace IDSM. How do you see it

Re: How 2 IDSM Combines Thoroughput & Integration with FWSM

I would recommend dropping ONE or BOTH IDSMs. The FWSM is critical and needs to be there. It will also require you to re-design the DR site.

Regards

Farrukh

New Member

Re: How 2 IDSM Combines Thoroughput & Integration with FWSM

Thanks for the suggestion. I have pitched the importance of firewalling to management.

Can we use FWSM for deep inspection too, I understand it might not be as comprehensive as IDSM but is it possible at the first place.

New Member

Re: How 2 IDSM Combines Thoroughput & Integration with FWSM

My experience with FWSM (3.1.x) along side IDSM is that the inspection engines has their uses. We use the HTTP inspection extensively and it has been reasonably good at keeping a grip on the IM-over-HTTP clients, although this particular case requires help from the IDSM. As long as some traffic flows through the FWSM, ether before or after passing the IDSM, there is the option to enable inspection engines.

/Fredrik

Re: How 2 IDSM Combines Thoroughput & Integration with FWSM

Dear Omair

There are a lot of inspections available on the Firewall, but they cannot compete with a full-blown IPS in anyway. Both technologies complement each other, and for critical vertical sectors (like banking and finance) its important to have both.

Regards

Farrukh

168
Views
13
Helpful
6
Replies