CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

Foundation Summary

The "Foundation Summary" provides a convenient review of many key concepts in this chapter. If you are already comfortable with the topics in this chapter, this summary can help you recall a few details. If you just read this chapter, this review should help solidify some key facts. If you are doing your final preparation before the exam, this summary provides a convenient way to review the day before the exam.

The Cisco Firewall Services Module (FWSM) is a high-performance firewall solution, providing 5 Gbps of throughput from a single FWSM. Combining multiple modules in a single chassis enables you to scale this throughput to 20 Gbps. Some features of the FWSM include the following:

• Is fully VLAN aware

• Supports dynamic routing

• Integrates firewall functionality and switching in a single chassis

• Supports the entire PIX Firewall Version 6.0 feature set and some Version 6.2 features

• Allows up to 1 million concurrent connections

• Supports 5-Gbps throughout

• Enables multiple FWSMs per chassis

• Supports intrachassis and interchassis stateful failure

• Provides multiple management options

Table 19-9 outlines the major differences between the FWSM (Version 1.1.2) and the PIX Firewall software (Version 6.3).

Because the FWSM is tightly integrated with the switch, it becomes an easier task to secure the traffic flowing between multiple VLANs on your network. The basic deployment scenarios are as follows:

• MSFC as inside router

• MSFC as the outside router

• MSFC not directly connected to FWSM

Before you can use the firewall functionality on your network traffic, you need to perform the following configuration tasks on your switch.

• Create VLANs

• Define firewall vlan-groups

• Associate vlan-groups with the module

When first setting up the FWSM, you start by configuring the following parameters on the FWSM:

• Host name

• Interfaces

• Access lists

Just like on the PIX Firewall, you can manage the FWSM using the Cisco PDM. Because the FWSM (Version 1.1) does not come with PDM preinstalled, however, you need to place the PDM software image on your FWSM to use PDM.

Besides the basic software troubleshooting commands available through the FWSM, you can also debug the operational status of the FWSM from the switch. These basic troubleshooting operations fall into the following categories:

• Switch commands

• Status LEDs

The switch commands to troubleshoot the operation of the FWSM fall into the following categories:

• Module status

• Memory test

• Resetting and rebooting

Each FWSM has a status LED on its front panel that indicates its current operational state. Table 19-10 lists the different states indicated by the status LED.