Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

how many FWSM in VSS (6509-E) ?


We will be implementing  VSS with FWSM.

How many FWSM modules do we need for this configuration?

  >> one FW module per 6509-E at minimum or can we use only one FWSM per VSS ?

I have tried to find any recomendation on cisco doc , but without success, all the time I found redundant FWSM but question is : IS one FWSM module per VSS enough or what critical issue could arise here?

A problem can appear when active node with fwsm module fails

could someone shed some light here please?



  • LAN Switching and Routing
VIP Super Bronze

Re: how many FWSM in VSS (6509-E) ?

Hi Emilio,

You need one FWSM in each chassis and they both need to be in the same vlan.

pod2-vss#sh run

Building configuration...

firewall switch 1 module 5 vlan-group 5

firewall switch 2 module 5 vlan-group 5

Have a look at this document:



New Member

Re: how many FWSM in VSS (6509-E) ?

Hi all,

I have wrote with Cisco and this is a result :

one FW module per 6509-E at minimum or can we use only one FWSM per VSS ?

-You can have just one FWSM in the Active . You don’t need to have it as mandatory in the Standby as well . But you won’t have redundancy as there would be only single FWSM

Other question

(one  FWSM per VSS)

[DC A [nodes R1 and R2] and DC B [nodes R3 and R4] from left to right]

DWDMs link is configured from R1<->R3 and R2<->R4and 2x10 Gb link between R1 <> R2 and R3 <> R4 in each DC

so if FWSM on R1 fails all traffic from DC A will be forwarded to FWSM at DC B on R3 , so during maintenance all traffic for FWSM will be handled by DWDM link.

(2  FWSMs per VSS and cluster of four FWSM)

Server are configured as clusters with primary cluster node at DC A and standby cluster node at DC B

I need configure one FW cluster with ONE IP regarding to server clusters, which are Active at DC A and standby at DC B.

For this reason they need one unique IP address as DG, without 1 IP, server cluster conf is useless

question is :It is desired that both cluster nodes have same DG configured

answer : this  is not possible

I hope this helps someone.

This widget could not be displayed.