Cisco Catalyst 6500 Series Configuration Manual page 38
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
How the Firewall Services Module Works
You might use a transparent firewall to simplify your network configuration. Transparent mode is also
useful if you want the firewall to be invisible to attackers. You can also use a transparent firewall for
traffic that would otherwise be blocked in routed mode. For example, a transparent firewall can allow
multicast streams using an EtherType ACL.
See
Security Contexts
You can partition a single FWSM into multiple virtual firewalls, known as security contexts. Each
context is an independent system, with its own security policy, interfaces, and administrators. Multiple
contexts are similar to having multiple stand-alone firewalls.
Each context has its own configuration that identifies the security policy, interfaces, and almost all the
options you can configure on a stand-alone firewall. If desired, you can allow individual context
administrators to implement the security policy on the context. Some resources are controlled by the
overall system administrator, such as VLANs and system resources, so that one context cannot affect
other contexts inadvertently.
The system administrator adds and manages contexts by configuring them in the system configuration,
which identifies basic settings for the module. The system administrator has privileges to manage all
contexts. The system configuration does not include any network interfaces or network settings for itself;
rather, when the system needs to access network resources (such as downloading the contexts from the
server), it uses one of the contexts that is designated as the admin context.
The admin context is just like any other context, except that when a user logs into the admin context (for
example, over an SSH connection), then that user has system administrator rights, and can access the
system configuration and all other context configurations. Typically, the admin context provides network
access to network-wide resources, such as a syslog server or context configuration server.
With the default software license, you can run up to two security contexts plus the admin context. For
more contexts, you must purchase a license.
Note
You can run all your contexts in routed mode or transparent mode; you cannot run some contexts in one
mode and others in another.
Multiple context mode supports static routing only.
Note
See
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
1-12
Chapter 7, "Configuring Bridging Parameters and ARP Inspection,"
Chapter 5, "Managing Security Contexts,"
Chapter 1
Introduction to the Firewall Services Module
for more information.
for more information.
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Cisco Catalyst 6500 Series
Related Products for Cisco Catalyst 6500 Series
- Cisco 6503 - Catalyst Firewall Security Sys
- Cisco 6503-E - Catalyst Chassis With Supervisor Engine 32 Switch
- Cisco 6504-E - Catalyst Chassis With Supervisor Engine 32 Switch
- Cisco 6506 - Catalyst Chassis Switch
- Cisco 6513 - Catalyst Switch
- Cisco Catalyst 6509
- Cisco Catalyst 6513-E
- Cisco Catalyst 6500-E Series