You can think of the FWSM module like an another router (or firewall) controlling its own interfaces on layer-3. This layer-3 router, i.e. the FWSM, now connects on the IP level to the MFSC (via the secure VLAN interfaces - SVI). This means that the MFSC does not control any VLAN, which is dedicated to the FWSM. These VLANs are controlled by the FWSM exclusively, i.e. all traffic sent to any of the firewall controlled VLANs must go across the FWSM. If the MFSC and the FWSM would have a VLAN in common(VLAN1 is default VLAN), traffic might enter this VLAN without being checked by the firewall thereby creating a security hole.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.