Questions on FWSM in transparent, multiple context mode

limtohsoon · ‎04-28-2005

Hi Sir,

I'm a newbie to FWSM. I'm going thru some configuration examples of FWSM in transparent, multiple security context mode.

Refer to the following example,

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a00802010bd.html#wp1052835

Let's look at CustomerA context. The "inside" is on VLAN 5 and "outside" is on VLAN 151. Being transparent mode, hosts on inside network can be on the same IP subnet as the MSFC and point their default gateway to MSFC. What confuses me is, to put protected hosts on this context, we will have to assign physical switchports to VLAN 5, but the MSFC is terminating it on VLAN 151 (interface Vlan151). Is it this complicate network operation and troubleshooting?

Please advise.

Thank you.

B.Rgds,

Lim TS

yongl · ‎05-03-2005

Hi Lim,

VLAN is used to isolate protected segment(VLAN5) and unprotected segment(VLAN151) although both segments are on the same IP subnet. Transparent firewall acts as a 'bridge' between 2 segment. This will ensure that traffic from protected segment goes through the firewall inspection before reaching unprotected segment and vice-versa.

limtohsoon · ‎05-03-2005

Hi Yong,

Thanks for the info.

I understand that's how it works but it looked confusing to me at first because we assign VLAN 5 to switchports (for protected host connections) but MSFC is terminating it on interface Vlan151. It looks a bit confusing from network operation & troubleshooting standpoint.

Thank you.

B.Rgds,

Lim TS