Cisco FWSM
Encyclopedia
Firewall Services Module (FWSM) is a firewall
module integrated by Cisco
into its Catalyst 6500 Switches and 7600 Series Routers.
Installed inside a Cisco Catalyst 6500 Series Switch or Cisco 7600 Internet Router, the FWSM allows any VLAN on the switch to be passed through to the device to operate as a firewall port and integrates firewall security inside the network infrastructure.
The FWSM is based on Cisco
PIX technology and uses the same time-tested Cisco
PIX Operating System, a secure, real-time operating system
. The Cisco FWSM enables organizations to manage multiple firewalls from the same management platform.
The central CPU is responsible for fixups and for traffic sourced from and destined to the FWSM itself (mainly management traffic). The central CPU is also responsible for rule-base compilation. The rulebe base in converted (compiled) into configuration for the Network Processors, so the majority of the traffic is handled in dedicated hardware.
The three Network Processors in the FWSM handle the majority of the traffic. Fast Path NP1 and NP2 handle the main traffic and have each three 1 Gigabit connections to the Backplane. The third NP sits above NP1 and NP2 and is the session manager..
As the rulebase is compiled into hardware, the FWSM has clear restrictions on the maximum number of Access Control Entries (ACE). The limitation is only reached with large and inefficient rulebases. The limit cannot be extended by memory upgrade as on PIX and ASA platforms.
The transparent firewall feature configures the FWSM to act as a Layer 2 bridging firewall
resulting in minimal changes to network topology
.
Firewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
module integrated by Cisco
Cisco
Cisco may refer to:Companies:*Cisco Systems, a computer networking company* Certis CISCO, corporatised entity of the former Commercial and Industrial Security Corporation in Singapore...
into its Catalyst 6500 Switches and 7600 Series Routers.
Installed inside a Cisco Catalyst 6500 Series Switch or Cisco 7600 Internet Router, the FWSM allows any VLAN on the switch to be passed through to the device to operate as a firewall port and integrates firewall security inside the network infrastructure.
The FWSM is based on Cisco
Cisco
Cisco may refer to:Companies:*Cisco Systems, a computer networking company* Certis CISCO, corporatised entity of the former Commercial and Industrial Security Corporation in Singapore...
PIX technology and uses the same time-tested Cisco
Cisco
Cisco may refer to:Companies:*Cisco Systems, a computer networking company* Certis CISCO, corporatised entity of the former Commercial and Industrial Security Corporation in Singapore...
PIX Operating System, a secure, real-time operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
. The Cisco FWSM enables organizations to manage multiple firewalls from the same management platform.
Hardware
The FWSM has 4 processors, one central CPU (Pentium III 1 GHz processor) and 3 network processors (IBM 4GS3 PowerNP)The central CPU is responsible for fixups and for traffic sourced from and destined to the FWSM itself (mainly management traffic). The central CPU is also responsible for rule-base compilation. The rulebe base in converted (compiled) into configuration for the Network Processors, so the majority of the traffic is handled in dedicated hardware.
The three Network Processors in the FWSM handle the majority of the traffic. Fast Path NP1 and NP2 handle the main traffic and have each three 1 Gigabit connections to the Backplane. The third NP sits above NP1 and NP2 and is the session manager..
As the rulebase is compiled into hardware, the FWSM has clear restrictions on the maximum number of Access Control Entries (ACE). The limitation is only reached with large and inefficient rulebases. The limit cannot be extended by memory upgrade as on PIX and ASA platforms.
Features
Resource manager helps organizations limit the resources allocated to any security context at any time thus ensuring that one security context does not interfere with another.The transparent firewall feature configures the FWSM to act as a Layer 2 bridging firewall
Firewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
resulting in minimal changes to network topology
Network topology
Network topology is the layout pattern of interconnections of the various elements of a computer or biological network....
.