Using it very comfortably on both single context and multiple context mode at several customers.
It's just like a big PIX, so not much difference in how it's used with a couple of exceptions..
When you have such a big firewall, it's likely you'll have large demands for other services as VPN's and some other stuff which is usually included in the PIX'es... at least when the demand is there, it's big..
This leads to having the other services also in specialized units.. VPNSM's or separate VPN routers, CSM's or CSS'es etc. etc. (The FWSM is basically JUST a firewall, nothing else!!)
It's usual to have two separate chassis with FWSM's for redundancy, and this works mostly very well (I have had some very interesting results and experiences when failing back and forth)
If it's an enterprise, the FWSM could be put in the core of the network and separate all subnets, but this is not a implementation I have seen often. It's more likely it's implemented in the 'usual' way protecting the servers from the clients and internet/dmz's. Everything depends on the bandwidth and security requirements. The FWSM has good specs for bandwidth, but in certain large enterprise networks it won't be enough for the resulting requirements in the core, so you'll let this traffic go unprotected or assign a separate FWSM to these hosts, alternatively use a simpler form of protection.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :