Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
266
Views
5
Helpful
2
Replies

Setting UP 6500 Firewall Services Module

Go to solution
alandean
Level 1
Level 1

‎01-21-2004 12:12 PM - edited ‎03-09-2019 06:11 AM

I know the PIX 5xx firewalls well enough and although I've read through all the docummentation on the FSM for the 6500, I still don't understand how it works.

I have 20+ VLANS with only 1 VLAN I need secured from the other 20 VLANs, but hosts on the 20+ user VLANS need to get to some various services on the Secure VLAN.

According to Documents I have to "set vlan 1-25 firewall-vlan 9" thus making all VLANS secured VLANS on the firewall! And that means that I cannot route VLANS on the MSFC because I get an error saying:

"15 are already defined and up on the MSFC. Cannot be secured".

So I'm thinking to secure just 1 VLAN from all other VLANs, all my VLAN routing must go through the firewall beacuse I cannot route the VLANs on the MSFC whic would negate the effectiveness of a MSFC.

Wouldn't I be better off with an external PIX device and keep my high-speed routing on the MSFC? or am I missing something here?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nkhawaja
Cisco Employee
Cisco Employee

‎01-23-2004 05:29 PM

actually you can secure all your vlans from each other and let the routing happens on the FWSM as well. But IF NOT, then

just secure 2 vlans (one inside, and one outside)

all the routing from secured vlan to the outside world will happen through outside interface.

Yes in your case, an external PIX is as better as using FWSM. Using FWSM particularly beneficial if you have several VLANS to be secured

View solution in original post

2 Replies 2

Go to solution
nkhawaja
Cisco Employee
Cisco Employee

‎01-23-2004 05:29 PM

actually you can secure all your vlans from each other and let the routing happens on the FWSM as well. But IF NOT, then

just secure 2 vlans (one inside, and one outside)

all the routing from secured vlan to the outside world will happen through outside interface.

Yes in your case, an external PIX is as better as using FWSM. Using FWSM particularly beneficial if you have several VLANS to be secured

Go to solution
davidmann
Level 1
Level 1

‎01-24-2004 05:11 PM

Could you not use the DMZPUB?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents