1- Does FWSM contain a processor OR relay on the SUP processor ?
FWSM do have internal processor but the info is not specifically available, with 1-GB RAM and 128-MB Flash memory. Logically, FWSM is similar to standalone PIX/ASA that you integrate to Catalyst 6500/Cisco 7600 seris.
2- What is the different between transparent mode and routed mode ? which mode is more secure ?
In routed mode, the FWSM is considered to be a router hop in the network. It performs NAT between connected networks. You need to do address translation between inside and outside to allow access.
In transparent mode, the FWSM acts like a "bump in the wire," or a "stealth firewall," and is not considered a router hop. The FWSM connects to the same network on its inside and outside interfaces. but each interface must be on a different VLAN. No dynamic routing protocols or NAT are required. This will facilitate you to put firewall in your existing network without need to change IP Addressing. All Layer3 routing will be done at switch level on layer 3 vlans.
Basically both mode are equally secure. It's a matter of how you implement it and depends on your network environment/topology.
FWSM support / can participate in dynamic routing in single security context mode - Open Shortest Path First (OSPF), Routing Initiation Protocol (RIP) v1 and v2, PIM Sparse Mode v2 multicast routing, Internet Group Management Protocol (IGMP) v2.
But it can allow EIGRP update traffic to pass through via ACL.
When implementing FWSM in an exsiting netwrok that contain 20 Data VLANs & 20 Vocie IP Telephony VLANs, I think the transparent mode will be better as I will not need to change the IP Schema (min. down-time)
Is this correct ?
But Is there is any limitation on number of VLANs, AND number of DMZ zones on FWSM transparent mode ?
Yes, transparent firewall is a good option as it won't changed youe existing IP Addressing scheme.
VLAN limitation is depending on your FWSM module version - FWSM version 1.1 supports 100 VLANs, while FWSM version 2.1 supports 250 VLANs, and no of virtual firewall (security context) allowed based on your FWSM firewall license. By default, FWSM is bundled with 3 virtual contexts - 2 for normal Vlans/contexts + 1 for admin context.
Security context is used to protect Vlana behind FWSM using logical firewall. It comes with 20, 50 or 100 security context.
Virtual-context allows you to protect each Vlan independently where access/traffic between Vlans are controlled with ACL.
Without virtual firewall license, you can place max 1,000 VLANs behind the FWSM, which is total Vlans you assigned to all of your segments in FWSM, e.g inside, DMZ1, DMZ2, and so on. But then, you need to use default routed mode for your FWSM.
You can use 'nat 0' or statically mapped the whole subnet to another subnet to allow access between host from those Vlans using their own IP Address. But this is good to be used internally or for Server Farm area where internally, your network address is in the same subnet or class.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...