cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
526
Views
4
Helpful
1
Replies

Catalyst 6509 FSM or ASA is better

Haris P
Enthusiast
Enthusiast

Dears ,

I'm in a confusion that what to choose from the below 2 when implementing a small data centre

Option 1 : Cisco 6509( WS-C6509 with Sup 720-3B)  + FWSM (WS-C6513-FWM-K9)

Option 2 : WS-C6509 and ASA

My requirement is to protect from outside attacks only ..Also what are the failover options available with FWSM ?

I need only certain VLANs to be passed thru FWSM .

Another Question is regarding HSRP , i have two 6509 switches both with 7203b ,but interfaces are different .Whether i Can run HSRP on this ? Whether it need to be the same exact hardware ? .Whether I can put FWSM in one switch only for now or is it needed to put in both switches

1 Reply 1

Giuseppe Larosa
Hall of Fame Master Hall of Fame Master
Hall of Fame Master

Hello Haris,

FWSM:

can be used in multicontext, contexts can be routed or transparent.

FWSM failover option is to have one FWSM on chassis 1 and second FWSM on chassis 2.

the two chassis can be connected by a L2 trunk, you can have one vlan used for failover and one vlan used for stateful exactly as with an ASA pair.

>> I need only certain VLANs to be passed thru FWSM .

this is possible, only vlans specified in firewall vlan-group on C6500 supervisor are passed to the FWSM.

We use this setup in several server farms with good results.

FWSM can process 3 Gbps of traffic.

FWSMs cannot act as VPN terminator as an ASA

The ASA performance depends from the model. ASA 5580-40 outperforms FWSM but this is not true for other models

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers