Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
460
Views
3
Helpful
1
Replies

Benefits of running multiple contexts on FWSM?

triplecap
Level 1
Level 1

‎01-23-2006 05:00 PM - edited ‎03-09-2019 01:43 PM

Getting ready to deploy FWSMs in our 6500s and had a question about running multiple contexts. I was thinking of running our public facing web/application servers in one context, and our financial & DB servers in another context. Seeing as I'll need to develop acls for all the traffic patterns between the various farms anyways, does it help at all to split our environment between the two contexts? My reasoning for doing this would be to:

1) Split the resources between the two so that once FW does not starve the other

2) For manageability - certain admins would have access to one FW context but not the other

3) In the event that one FW context was compromised, it doesn't necessarily buy them access to the other FW.

My reasons for not running multiple contexts:

1) If there is a bug or vulnerability in the code level I'm running, that would affect both FW contexts equally and negate the reason for running multiple contexts.

Thoughts or suggestions?

Thanks in advance.

Labels:
0 Helpful
1 Reply 1

pkhatri
Level 11
Level 11

‎01-23-2006 07:57 PM

Hi,

As with most things in networking it comes down to trade-offs. If you feel that the security/manageability advantages gained by the use of multiple contexts outweights the risk of bugs with the context functionality, then go ahead and implement them. If you want to take a risk-averse approach, then don't.

To make your decision easier, have a scan through the list of open bugs with the context functionality using the Cicso Bug Tool and then you will be able to make a more informed decision...

Hope that helps - pls rate the post if it does.

Regards,

Paresh

Customers Also Viewed These Support Documents