Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
369
Views
0
Helpful
1
Replies

FWSM Design for Internet Data Centre

UTVi-NetAdmin
Level 1
Level 1

‎04-20-2007 02:03 AM

Hi,

I realise this is Enterprise but has anyone experience/thoughts on the following?

The Current Cisco Data Centre SRND v2.0 documents, specifically "Firewalling and Load balancing with 6500",

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns304/c649/ccmigration_09186a00806eaff1

mention the fact that, typically, for an Internet Data Centre, the FWSM is placed 'outside' the MSFC, yet the document concentrates on the scanrio where FWSM is 'inside' or behind the MSFC.

Does this change how you would go about configuring a FWSM?

Thanks,

Mark

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎04-20-2007 03:12 AM

Hi Mark

If you only want to place the FWSM in front of the MSFC then no not really. You just need to make sure that the routed vlan is not the outside interface.

If you want to have a FWSM in front of the MSFC and also behind you need contexts. We have this setup in our data centre where we have multiple server vlans protected by the FWSM with the MSFC in front and then a separate context for connecting a 3rd party with the MSFC behind.

I would still be wary of using the FWSM as the front door to the internet. I believe it is very good as a datacentre firewall for segregating your server vlans etc. but i would feel nervous using it as the main Internet firewall. The scope for a configuration error, vlan hopping etc. would make me nervous. I would prefer to use a standalone firewall myself.

But it could just be me being old fashioned :-)

HTH

Jon

0 Helpful
Customers Also Viewed These Support Documents