Question re: FWSM and zone-based firewalls

nicole.foster · ‎10-28-2010

Hi

We have a FWSM in a 6500. I've recently been reading about zone-based firewalls and from what I've read it is only supported on Cisco Integrated Services Routers (Cisco 800 Series Routers; Cisco 1000,1800, 2800, and 3800 Series Integrated Services Routers), Cisco 7200 Series Routers, and Cisco 7301 Routers. Is it possible to use zone-based firewall configuration on a FWSM?

Nicole

mirober2 · ‎10-28-2010

Hi Nicole,

Zone-based firewall is not supported on the FWSM. However, it has equivalent firewall functionality that is configured in a different way. Here is a guide that may help with some of the configuration tasks:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/fwsm_cfg.html

If you have specific questions about the configuration, feel free to let us know.

Hope that helps.

-Mike

nicole.foster · ‎10-29-2010

Thanks for the prompt response Mike. I appreciate the help. Do foresee a move to the zone-based firewall config on the FWSM, or is there no interest since it has equivalent functionality? For convenience it would be nice if it was configured in the same way on different platforms.

Nicole

mirober2 · ‎10-29-2010

Hi Nicole,

ZBF is a feature set of IOS, so since the FWSM runs its own non-IOS version of software ZBF configuration won't be available on the FWSM. The FWSM's configuration is more analogous to the configuration of the ASA and PIX firewall appliances.

-Mike

nicole.foster · ‎10-29-2010

Bummer. There's something to be said for standarization. It's not a big deal if you only have to support one platform, but in large environments with multiple platforms, you have to learn to do the same thing multiple ways. Anyway, thanks for your help.

Nicole