Name: Cisco Catalyst 6500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

CHAPTER

5-1

Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide

OL-6392-01

Managing Security Contexts

This chapter tells how to configure multiple security contexts on the Firewall Services Module (FWSM),

and includes the following sections:

• Security Context Overview, page 5-1

• Enabling or Disabling Multiple Context Mode, page 5-10

• Configuring Resource Management, page 5-11

• Configuring a Security Context, page 5-19

• Removing a Security Context, page 5-22

• Changing the Admin Context, page 5-22

• Changing Between Contexts and the System Execution Space, page 5-22

• Changing the Security Context URL, page 5-23

• Reloading a Security Context, page 5-24

• Monitoring Security Contexts, page 5-24

Security Context Overview

You can partition a single FWSM into multiple virtual firewalls, known as security contexts. Each

context is an independent firewall, with its own security policy, interfaces, and administrators. Multiple

contexts are similar to having multiple stand-alone firewalls.

Each context has its own configuration that identifies the security policy, interfaces, and almost all the

options you can configure on a stand-alone firewall. If desired, you can allow individual context

administrators to implement the security policy on the context. Some resources are controlled by the

overall system administrator, such as VLANs and system resources, so that one context cannot affect

other contexts inadvertently.

The system administrator adds and manages contexts by configuring them in the system configuration,

which identifies basic settings for the FWSM. The system administrator has privileges to manage all

contexts. The system configuration does not include any network interfaces or network settings for itself;

rather, when the system needs to access network resources (such as downloading the contexts from the

server), it uses one of the contexts that is designated as the admin context.

The admin context is just like any other context, except that when a user logs into the admin context (for

example, over an SSH connection), then that user has system administrator rights, and can access the

system execution space and all other contexts. Typically, the admin context provides network access to

network-wide resources, such as a syslog server or context configuration server.

Brand

Model

Catalyst 6500 Series

Cisco Catalyst 6500 Series User Manual

Other manuals for Cisco Catalyst 6500 Series