Re: Need clarification on ASA & FWSM..

Manesh Rajan · ‎10-14-2011

If i have a ASA in my network, FWSM in 6509E switch ? what is the use of both device? only one device is required right? or i can use that product if i start data center ?

Jennifer Halim · ‎10-16-2011

It really depends on what you are looking to protect.

You can have dual layer firewall to protect resources, and have sandwitch type model where your internal network only have connectivity to your DMZ (server farm) for example, and DMZ to have connectivity to both internal network and the internet.

OR/ you can also use the ASA to terminate VPN tunnels only as FWSM can't be use to terminate VPN tunnels.

It really depends on how secure you would like to design the network. Otherwise, you are absolutely right, you can also design your network to only use either the ASA firewall or the FWSM.

Hope that answers your question.

Manesh Rajan · ‎10-16-2011

Hi Jennifer,

FWSM is directly connected to switch backplane.. How can i make use of FWSM on two 6509E chassis & WiSM card? WLAN Clients connect to network using LWAP

Thanks..

Jennifer Halim · ‎10-16-2011

You would need to route the traffic towards the FWSM to use it. You would assign VLAN on the switch to the FWSM, and once you configure routing to route through the FWSM, you can configure rules/etc on the FWSM to protect the network that you would need to protect.

If you have two 6509E, then it is the same concept, route the traffic that you would like to protect on the second 6509E towards the first 6509E that has the FWSM module.