FWSM Multiple-contexts Configuration

changjoo_cust — Mon, 11 Mar 2019 14:44:10 GMT

Dear NetPros;

Is there any limitation or precautions when implementing multiple-contexts plus shared VLAN with MSFC?

I'm currently using multiple-contexts with seperate VLANs with MSFC and my new FWSM will be configured with shared VLAN.

Any opinion would be appreciated.

Thanks,

Charles

Re: FWSM Multiple-contexts Configuration

Syed Iftekhar Ahmed — Sat, 31 Jan 2009 03:03:38 GMT

Multiple context mode does not support the following features:

• Most dynamic routing protocols. BGP stub mode is supported.

• Multicast routing. Multicast bridging is supported.

Now Shared interface

Problem with FWSM is that it has only one MAC address. When vlans are shared among multiple contexts the FWSM's "Classifer" selects the appropriate context on the basis of Destination address of the traffic only. This requires setting up Static NAT rules on contexts to enable "classifier" to make decisions.

Since for Internet/outbond traffic you dont know all the destinations and cannot create NAT rules for all destinations, It is not possible to share inside interfaces of the contexts.

Sharing is also not possible and permitted between Transparent Contexts

Sharing Vlans needs to be avoided whereever possible with FWSM for simplicity Sake..

Syed iftekhar Ahmed

topic FWSM Multiple-contexts Configuration in Network Security

FWSM Multiple-contexts Configuration

Re: FWSM Multiple-contexts Configuration