Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM 2.3.2

How are large enterprises using the FWSM in their networks? What are the devices or networks that are being protected?


Re: FWSM 2.3.2


You can have the FWSM module installed either in ur 6500 or 7600.

AFAIK its more similar to the standalone PIX firewall in place but installed in either 6500 or 7600 chasis.

CLI is also similar to the PIX firewall CLI and also have most of the features supported by the PIX.

Do refer this link for more info..


New Member

Re: FWSM 2.3.2

hi bknapton

many of larg companies are using fwsm. i am wokring in a mobile cellular company as security professional and we are using fwsm for protecting our network.

its a very very good and high end product that secure your network.

you can protect your servers and intranets through creating virtaul firewalling feature in fwsm.

fwsm give us the plate form in several ways its up to you that what is your network security requirement.

frankly speeking its troubleshooting is very easy and also configuations are not soo much hactic.

you can see more information about fwsm from this link


Re: FWSM 2.3.2

Hi there,

Using it very comfortably on both single context and multiple context mode at several customers.

It's just like a big PIX, so not much difference in how it's used with a couple of exceptions..

When you have such a big firewall, it's likely you'll have large demands for other services as VPN's and some other stuff which is usually included in the PIX'es... at least when the demand is there, it's big..

This leads to having the other services also in specialized units.. VPNSM's or separate VPN routers, CSM's or CSS'es etc. etc. (The FWSM is basically JUST a firewall, nothing else!!)

It's usual to have two separate chassis with FWSM's for redundancy, and this works mostly very well (I have had some very interesting results and experiences when failing back and forth)

If it's an enterprise, the FWSM could be put in the core of the network and separate all subnets, but this is not a implementation I have seen often. It's more likely it's implemented in the 'usual' way protecting the servers from the clients and internet/dmz's. Everything depends on the bandwidth and security requirements. The FWSM has good specs for bandwidth, but in certain large enterprise networks it won't be enough for the resulting requirements in the core, so you'll let this traffic go unprotected or assign a separate FWSM to these hosts, alternatively use a simpler form of protection.

Did it help?

CreatePlease login to create content