Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Benefits of running multiple contexts on FWSM?

Getting ready to deploy FWSMs in our 6500s and had a question about running multiple contexts. I was thinking of running our public facing web/application servers in one context, and our financial & DB servers in another context. Seeing as I'll need to develop acls for all the traffic patterns between the various farms anyways, does it help at all to split our environment between the two contexts? My reasoning for doing this would be to:

1) Split the resources between the two so that once FW does not starve the other

2) For manageability - certain admins would have access to one FW context but not the other

3) In the event that one FW context was compromised, it doesn't necessarily buy them access to the other FW.

My reasons for not running multiple contexts:

1) If there is a bug or vulnerability in the code level I'm running, that would affect both FW contexts equally and negate the reason for running multiple contexts.

Thoughts or suggestions?

Thanks in advance.

1 REPLY
Purple

Re: Benefits of running multiple contexts on FWSM?

Hi,

As with most things in networking it comes down to trade-offs. If you feel that the security/manageability advantages gained by the use of multiple contexts outweights the risk of bugs with the context functionality, then go ahead and implement them. If you want to take a risk-averse approach, then don't.

To make your decision easier, have a scan through the list of open bugs with the context functionality using the Cicso Bug Tool and then you will be able to make a more informed decision...

Hope that helps - pls rate the post if it does.

Regards,

Paresh

244
Views
3
Helpful
1
Replies
CreatePlease to create content