Stealth Firewall Configuration Example - Cisco catalyst 6500 series Configuration Note

Configuring Stealth Firewall Load Balancing
Figure 11-6 Stealth Firewall Configuration Example
1
Traffic to
Intranet
CSM-A
IP address
Internet
VLAN 10
10.0.1.35
Location Traffic Direction
1 To intranet
2 To intranet
3
To Internet
4 To Internet
Figure 11-6
(CSM A and CSM B).
Note Stealth firewalls do not have addresses on VLANs.
On the path from the Internet to the intranet, traffic enters the insecure side of the firewalls through
separate VLANs, VLAN 101 and VLAN 103, and exits the secure side of the firewalls through separate
VLANs, VLAN 102 and VLAN 104. On the path from the intranet to the Internet, the flow is reversed.
VLANs also provide connectivity to the Internet (VLAN 10) and to the intranet (VLAN 20).
In a stealth configuration, CSM A and CSM B load balance traffic through the firewalls.

Stealth Firewall Configuration Example

The stealth firewall configuration example contains two CSMs (CSM A and CSM B) installed in separate
Catalyst 6500 series switches.
Note In a stealth firewall configuration, each CSM must be installed in a separate Catalyst 6500 series switch.
This section describes how to create the stealth firewall configuration for CSM A and CSM B.
Catalyst 6500 Series Content Switching Module Configuration Note
11-8
Catalyst 6500
Firewall 1
VLAN 101
IP address
10.0.101.35
IP address
VLAN 103
10.0.102.35
Firewall 2
4
Arrives On
VLAN 10
VLANs 101 and 103
VLAN 20
VLANs 101 and 103
shows two regular firewalls (Firewall 1 and Firewall 2) sandwiched between two CSMs
2
Catalyst 6500
CSM-B
VLAN 102
IP address
10.0.101.36
IP address
10.0.1.36
IP address
VLAN 104
10.0.102.36
Exits On
VLANs 101 and 103
VLAN 20
VLANs 102 and 104
VLAN 10
Chapter 11 Configuring Firewall Load Balancing
Intranet
VLAN 20
10.1.0.x
IP address
10.1.0.200
Traffic to
Internet
3
OL-4612-01