Getting ready to deploy FWSMs in our 6500s and had a question about running multiple contexts. I was thinking of running our public facing web/application servers in one context, and our financial & DB servers in another context. Seeing as I'll need to develop acls for all the traffic patterns between the various farms anyways, does it help at all to split our environment between the two contexts? My reasoning for doing this would be to:
1) Split the resources between the two so that once FW does not starve the other
2) For manageability - certain admins would have access to one FW context but not the other
3) In the event that one FW context was compromised, it doesn't necessarily buy them access to the other FW.
My reasons for not running multiple contexts:
1) If there is a bug or vulnerability in the code level I'm running, that would affect both FW contexts equally and negate the reason for running multiple contexts.
Thoughts or suggestions?
Thanks in advance.