EasyManuals Logo
Home>Cisco>Switch>Catalyst 6500 Series

Cisco Catalyst 6500 Series User Manual

Cisco Catalyst 6500 Series
392 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #34 background imageLoading...
Page #34 background image
1-8
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 1 Introduction to the Firewall Services Module
How the Firewall Services Module Works
How the Firewall Services Module Works
This section describes the network firewall functionality provided by the FWSM. It includes the
following topics:
Security Policy Overview, page 1-8
VLAN Interfaces, page 1-8
How the Firewall Services Module Works with the Switch, page 1-9
Routed Firewall and Transparent Firewall Modes, page 1-11
Security Contexts, page 1-12
Security Policy Overview
A security policy determines which traffic is allowed to pass through the firewall to access another
network. By default, no traffic can pass through the firewall. By applying ACLs to interfaces, you can
determine which IP addresses and traffic types can pass through the interfaces to access other networks.
Note By default, the Cisco PIX firewall allows traffic to flow freely from an inside network (higher security
level) to an outside network (lower security level). However, the FWSM does not allow any traffic to
pass between interfaces unless you explicitly permit it with an ACL. This rule is true for both routed
firewall mode and transparent firewall mode. While you still specify the security level for an interface
on the FWSM, the security level does not provide explicit permission for traffic to travel from a high
security interface to a low security interface. See the “Configuring Interfaces” section on page 6-6 for
more information about how security levels work.
For routed firewall mode, in addition to ACLs, you can use Network Address Translation (NAT) between
networks to further protect the real IP addresses of hosts.
If you have an AAA server, you can also apply AAA rules to users to control their access.
All of these features plus others, such as filters or inspection engines, make up the security policy of the
firewall.
VLAN Interfaces
The FWSM does not include any external physical interfaces. Instead, it uses internal VLAN interfaces.
For example, you assign VLAN 201 to the FWSM inside interface, and VLAN 200 to the outside
interface. You assign these VLANs to physical switch ports, and hosts connect to those ports. When
communication occurs between VLANs 201 and 200, the FWSM is the only available path between the
VLANs, forcing traffic to be statefully inspected.

Table of Contents

Other manuals for Cisco Catalyst 6500 Series

Preview: Command Reference
Command Reference160 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Configuration Note
Configuration Note212 pages
Preview: Installation Note
Installation Note36 pages
Preview: Hardware Installation Guide
Hardware Installation Guide134 pages
Preview: Troubleshooting
Troubleshooting10 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 6500 Series and is the answer not in the manual?

Cisco Catalyst 6500 Series Specifications

General IconGeneral
BrandCisco
ModelCatalyst 6500 Series
CategorySwitch
LanguageEnglish

Related product manuals