11-20-2007 08:24 PM - edited 03-11-2019 04:33 AM
Hi all,
I have one FWSM on router 7609. And will router bypass all traffic to FWSM when FWSM fail (I mean MSFC will process this traffic)?
Thanks in advanced
Minh Tu
11-21-2007 04:02 AM
Hi Minh
How are you running the FWSM, in routed mode ?.
The whole point of the FWSM is that if it failed you wouldn't want traffic to route around it because presumably you need to protect certain devices and that's why the FWSM is there.
In answer to your question no if the FWSM fails traffic will not be routed round, certainly at least in routed mode as the L3 interfaces for the firewalled subnets are on the FWSM.
If you need to provide a more resilient architecture you could either
1) buy another FWSM and put into the same chassis
2) Buy another chassis (7609) with a FWSM.
HTH
Jon
11-21-2007 11:52 AM
I think you can control it buy controlling the routes. Assuming you also have a CSM or ACE, you cn control the traffic as which module it should it - either FWSM or CSM. I don't have the configs, but I think it is possible.
But I am with Jon in saying that you do not want to bypass FW, no matter what. If your FW fails, its better to have redundance or just fix it.
Satya
11-21-2007 11:29 PM
I think that you should buy another FWSM and configure FWSM active-standby.
Best regards,
Khang
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide