topic Re: logical int on fwsm in Network Security

logical int on fwsm

dondongamo — Mon, 11 Mar 2019 09:00:30 GMT

Hi, given below is the ver and the interface. How can we create a logical interface eg. inside, outside & dmz?

I've tried binding the int gb-ethernet0 to outside, int gb-ethernet1 to inside using nameif command but to no avail. Any idea? TIA.

FWSM# show ver

FWSM Firewall Version 2.3(4)

FWSM Device Manager Version 4.1(3)

Compiled on Tue 18-Apr-06 20:28 by dalecki

FWSM up 23 hours 31 mins

Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz

Flash ♦04-29-05STI Flash 7.2.0 @ 0xc321, 20MB

0: gb-ethernet0: irq 5

1: gb-ethernet1: irq 7

2: ethernet0: irq 11

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES: Enabled

Maximum Interfaces: 256

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Throughput: Unlimited

ISAKMP peers: Unlimited

Security Contexts: 2

This machine has an Unrestricted (UR) license.

Serial Number: SAD103805F5

Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000

Configuration has not been modified since last system restart.

FWSM# show int

Interface eobc "eobc", is up, line protocol is up

MAC address 0000.1700.0000, MTU 1500

Re: logical int on fwsm

eugene.beckett — Mon, 27 Nov 2006 23:26:56 GMT

you will need to create some layer 2 interfaces and allocate them in the context build - you cannot allocate the physical interfaces; in routed mode anyway

Re: logical int on fwsm

jgervia_2 — Tue, 28 Nov 2006 00:03:05 GMT

Hello,

It doesn't sound like you've assigned any VLANs to the firewall module. If you follow this link here:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_2_2/fwsm_cfg/switch.htm#wp1175893

It will walk you through some of the commands.

Basically it boils down to on the switch you need to define a group of vlans to pass to the module. Example:

Router(config)# firewall vlan-group 52 100

creates a vlan group named '52' with vlan 100 in it

Router(config)# firewall module 5 vlan-group 52

assigns vlan group 52 to firewall module 5.

--Jason

Re: logical int on fwsm

dondongamo — Tue, 28 Nov 2006 06:18:04 GMT

Can you redirect me to the right url. TIA.

Re: logical int on fwsm

dondongamo — Tue, 28 Nov 2006 06:29:31 GMT

I did that, after binding the fwsm to the vlan-group what's the next task ? TIA.

Re: logical int on fwsm

pringlem — Tue, 28 Nov 2006 16:09:49 GMT

From the FWSM system space, you must assign virtual interfaces to the contexts where you want to use them. Example:

context admin

description Admin Context

allocate-interface Vlan8

allocate-interface Vlan9

config-url disk:/admin.cfg

After that, change to the context and you will see interfaces that you can now assign addresses and security levels to.

-Mike

Re: logical int on fwsm

jgervia_2 — Thu, 30 Nov 2006 00:34:23 GMT

Are you in single or multiple mode?

--Jason

Re: logical int on fwsm

Patrick Iseli — Thu, 30 Nov 2006 01:18:20 GMT

Might be good to check that excellent DOC.

Index:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_2_3/fwsm_cfg/index.htm

Intoduction:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_2_3/fwsm_cfg/overvw.htm

All 2.3.x Documentation :

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_2_3/index.htm

sincerely

Patrick

Re: logical int on fwsm

dondongamo — Thu, 30 Nov 2006 13:37:23 GMT

Thank you guys for your info. After playing around with the fwsm, finally I was able to hop the initial ropes. Presently our client has only one fwsm, if we will go to router mode all the server gw should point to this. There are more or less 100 servers, just imagine the task if the fwsm will fail. Transparent is more sound appeling but what about the pros and cons? if the fwsm will fail will it disrupt the traffic towards outside? Any idea? TIA.