Getting ready to deploy FWSMs in our 6500s and had a question about running multiple contexts. I was thinking of running our public facing web/application servers in one context, and our financial & DB servers in another context. Seeing as I'll need to develop acls for all the traffic patterns between the various farms anyways, does it help at all to split our environment between the two contexts? My reasoning for doing this would be to:
1) Split the resources between the two so that once FW does not starve the other
2) For manageability - certain admins would have access to one FW context but not the other
3) In the event that one FW context was compromised, it doesn't necessarily buy them access to the other FW.
My reasons for not running multiple contexts:
1) If there is a bug or vulnerability in the code level I'm running, that would affect both FW contexts equally and negate the reason for running multiple contexts.
Re: Benefits of running multiple contexts on FWSM?
As with most things in networking it comes down to trade-offs. If you feel that the security/manageability advantages gained by the use of multiple contexts outweights the risk of bugs with the context functionality, then go ahead and implement them. If you want to take a risk-averse approach, then don't.
To make your decision easier, have a scan through the list of open bugs with the context functionality using the Cicso Bug Tool and then you will be able to make a more informed decision...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...