Re: bypass traffic when FWSM fail

minhtu_pro · ‎11-20-2007

Hi all,

I have one FWSM on router 7609. And will router bypass all traffic to FWSM when FWSM fail (I mean MSFC will process this traffic)?

Thanks in advanced

Minh Tu

Jon Marshall · ‎11-21-2007

Hi Minh

How are you running the FWSM, in routed mode ?.

The whole point of the FWSM is that if it failed you wouldn't want traffic to route around it because presumably you need to protect certain devices and that's why the FWSM is there.

In answer to your question no if the FWSM fails traffic will not be routed round, certainly at least in routed mode as the L3 interfaces for the firewalled subnets are on the FWSM.

If you need to provide a more resilient architecture you could either

1) buy another FWSM and put into the same chassis

2) Buy another chassis (7609) with a FWSM.

HTH

Jon

sbaddipudi · ‎11-21-2007

I think you can control it buy controlling the routes. Assuming you also have a CSM or ACE, you cn control the traffic as which module it should it - either FWSM or CSM. I don't have the configs, but I think it is possible.

But I am with Jon in saying that you do not want to bypass FW, no matter what. If your FW fails, its better to have redundance or just fix it.

Satya

mylove142 · ‎11-21-2007

I think that you should buy another FWSM and configure FWSM active-standby.

Best regards,

Khang