11-08-2012 11:13 AM - edited 03-11-2019 05:20 PM
Hello,
My corporate internal network is currently firewalled by an FWSM module on a 6513 switch. We have each security zone (we have eight) assigned to a FWSM context and have ACLs set up between the contexts and the enterprise LAN/WAN. Is it possible to support firewalling between these zones within a single security context? The reason I am asking is that we would like to purchase a second FWSM for use as a standby, but do not want to cough up the ~ $12K for the context license. We will ultimately be transitioning to ASAs for internal security, so do not want to spend more than we need to. Thanks in advance.
Mike
Solved! Go to Solution.
11-09-2012 04:38 AM
Definitely can if each current context have different subnets.
All you have to do is to configure ACL on each of the interfaces to allow access, and also configure NAT exemption if you don't want to have any NATing between those subnets.
11-09-2012 04:38 AM
Definitely can if each current context have different subnets.
All you have to do is to configure ACL on each of the interfaces to allow access, and also configure NAT exemption if you don't want to have any NATing between those subnets.
11-09-2012 10:28 AM
Thanks for the reply, Jennifer! I suspected that was the case, but was having a difficult time location any configuration examples using multiple VLANS within a single context. I will try this on one of my inactive contexts to see how it works. Thanks again.
Mike
11-09-2012 04:08 PM
here is a simple configuration example:
It's a good starting one with multiple interfaces with a single context.
You can post more questions in the forum if you have any once you started playing more with a single context.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide