Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM question on design

Thanks everyone, I have dual 6509's with dual FWSM's, basically I need to be able to create FW rules to permit/deny traffic to/from user vlans to several server vlans and between other networks, etc. These VLANs are present in the 6509, can I do this by running transparent mode on the FWSM? First time setting up FWSM, any hints, recommendations are appreciated.

Thanks again.

New Member

Re: FWSM question on design

I assume you have the network set up as I had, the 6509 acting as a L3 switch between the different VLANs and their subnets.

What you can do in this case is to remove all SVIs you want to firewall from the 6509 and add them to the FWSM instead. If you then give the same IP to the FWSM interfaces as you had on the 6509 SVIs, and leave all rules wide open, you should have the same functionality as you had with the 6509 doing the routing.