Configuring Interfaces For Routed Firewall Mode; Guidelines And Limitations - Cisco 7604 Configuration Manual

Configuring Interfaces for Routed Firewall Mode

•
Configuring Interfaces for Routed Firewall Mode
This section includes the following topics:
•
•

Guidelines and Limitations

See the following guidelines for configuring an interface:
Multiple Context Mode Guidelines
•
•
•
•
VLAN ID Guidelines
You can add any VLAN ID to the configuration, but only VLANs that are assigned to the FWSM by the
switch can pass traffic. To view all VLANs assigned to the FWSM, use the show vlan command.
If you add an interface for a VLAN that is not yet assigned to the FWSM by the switch, the interface will
be in the down state. When you assign the VLAN to the FWSM, the interface changes to an up state. See
the show interface command for more information about interface states.
Failover Guidelines
If you are using failover, do not use this section to name interfaces that you are reserving for failover and
Stateful Failover communications. See
state links.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
6-2
established command—This command allows return connections from a lower security host to a
higher security host if there is already an established connection from the higher level host to the
lower level host.
If you enable communication between same security interfaces (see the
Between Interfaces on the Same Security Level" section on page
established commands for both directions.
Guidelines and Limitations, page 6-2
Configuring an Interface, page 6-3
You can only configure context interfaces that you already assigned to the context in the system
configuration using the allocate-interface command.
All allocated interfaces are enabled by default, no matter what the state of the interface is in the
system execution space. However, for traffic to pass through the interface, the interface also has to
be enabled in the system execution space. If you shut down an interface in the system execution
space, then that interface is down in all contexts that share it. See the
Interfaces" section on page
Configure the context interfaces from within each context.
Configure failover interfaces in the system configuration; do not configure failover interfaces with
this procedure. See Chapter 14, "Configuring Failover,"
6-12.
Chapter 14, "Configuring Failover,"
Chapter 6 Configuring Interface Parameters
"Allowing Communication
6-10), you can configure
"Turning Off and Turning On
for more information.
to configure the failover and
OL-20748-01