The Cisco Firewall Services Module (FWSM) is an integrated module for the Catalyst 6500 Series switch and the Cisco 7600 Series Internet router. By providing firewall functionality on a line card, the operation of the firewall can be tightly integrated into the normal switch operation, thus providing a robust security infrastructure.
Cisco Firewall Services Module Overview:
The Cisco Firewall Services Module (FWSM) is a high-performance firewall solution, providing 5 gigabits per second (Gbps) of throughput from a single FWSM. Combining multiple modules in a single chassis enables you to scale this throughput to 20 Gbps. Some features of the FWSM include the following:
Is fully virtual LAN (VLAN) aware
Supports dynamic routing
Integrates firewall functionality and switching in a single chassis
Supports the entire Cisco PIX Firewall Version 6.0 feature set and some Version 6.2 features
Allows up to 1 million concurrent connections
Supports 5-Gbps throughout
Enables multiple FWSMs per chassis
Supports intrachassis and interchassis stateful failure
Provides multiple management options
This issue occurs because the Cisco Firewall Services Module (FWSM) does not support packet re-circulation. Packet re-circulation is a specific means to forward packets internally to the chassis between the modules.
To perform the recommended solution, follow these steps:
For native Cisco IOS systems, upgrade to release 12.2(17d)SXB7, 12.2(18)SXE1 or later versions.
This command forces all affected service modules to communicate through the chassis shared bus instead of the switched fabric (which forces the Supervisor to handle the packet re-circulation centrally instead of the service module). This command also allows the service modules to communicate properly on VLANs.
Hi, I have 2 ASA5516 configured in failover mode.On the primary active firewall, I am able to copy an image to it via FTP and also do other things. On the Secondary standby firewall, I tried copying an image to its disk0, but I got the error; "C...
hi,i'll be configuring a pair of 5506-X for HA/failover.i know there's a caveat for its design starting on 9.7 code.https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5506X/5506x-quick-start.html#id_66725i don't need FP in this case. my questi...
Hi good afternoonI should configure Cisco ISE RTC with Stealthwatch. I would like to know how should I use plus license (for pxgrid)?.I have 1000 base license, my question If I only use Cisco RTC without profiling, Should I purchase only 100 or 1000 plus ...
Take a look at the attached FirePower Access Control rule. Does the attached rule mean:FirePower, Access Control1) Block outbound connections for all SQL apps only on destination port 1433 or 2) Block outbound connection for all SQL apps on any ...
Hi Team, Need your assistance on the subject.We have a strange routing issue while connecting Cisco AnyConnect with Zscaler app running alongside > Zscaler app also add routes on the machine. It has its own virtual adapter> Issue we have i...