The Cisco Firewall Services Module (FWSM) is an integrated module for the Catalyst 6500 Series switch and the Cisco 7600 Series Internet router. By providing firewall functionality on a line card, the operation of the firewall can be tightly integrated into the normal switch operation, thus providing a robust security infrastructure.
Cisco Firewall Services Module Overview:
The Cisco Firewall Services Module (FWSM) is a high-performance firewall solution, providing 5 gigabits per second (Gbps) of throughput from a single FWSM. Combining multiple modules in a single chassis enables you to scale this throughput to 20 Gbps. Some features of the FWSM include the following:
Is fully virtual LAN (VLAN) aware
Supports dynamic routing
Integrates firewall functionality and switching in a single chassis
Supports the entire Cisco PIX Firewall Version 6.0 feature set and some Version 6.2 features
Allows up to 1 million concurrent connections
Supports 5-Gbps throughout
Enables multiple FWSMs per chassis
Supports intrachassis and interchassis stateful failure
Provides multiple management options
This issue occurs because the Cisco Firewall Services Module (FWSM) does not support packet re-circulation. Packet re-circulation is a specific means to forward packets internally to the chassis between the modules.
To perform the recommended solution, follow these steps:
For native Cisco IOS systems, upgrade to release 12.2(17d)SXB7, 12.2(18)SXE1 or later versions.
This command forces all affected service modules to communicate through the chassis shared bus instead of the switched fabric (which forces the Supervisor to handle the packet re-circulation centrally instead of the service module). This command also allows the service modules to communicate properly on VLANs.