Security Context Overview - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Managing Security Contexts
This chapter tells how to configure multiple security contexts on the Firewall Services Module (FWSM),
and includes the following sections:
•
•
•
•
•
•
•
•
•
•
Security Context Overview
You can partition a single FWSM into multiple virtual firewalls, known as security contexts. Each
context is an independent firewall, with its own security policy, interfaces, and administrators. Multiple
contexts are similar to having multiple stand-alone firewalls.
Each context has its own configuration that identifies the security policy, interfaces, and almost all the
options you can configure on a stand-alone firewall. If desired, you can allow individual context
administrators to implement the security policy on the context. Some resources are controlled by the
overall system administrator, such as VLANs and system resources, so that one context cannot affect
other contexts inadvertently.
The system administrator adds and manages contexts by configuring them in the system configuration,
which identifies basic settings for the FWSM. The system administrator has privileges to manage all
contexts. The system configuration does not include any network interfaces or network settings for itself;
rather, when the system needs to access network resources (such as downloading the contexts from the
server), it uses one of the contexts that is designated as the admin context.
The admin context is just like any other context, except that when a user logs into the admin context (for
example, over an SSH connection), then that user has system administrator rights, and can access the
system execution space and all other contexts. Typically, the admin context provides network access to
network-wide resources, such as a syslog server or context configuration server.
OL-6392-01
Security Context Overview, page 5-1
Enabling or Disabling Multiple Context Mode, page 5-10
Configuring Resource Management, page 5-11
Configuring a Security Context, page 5-19
Removing a Security Context, page 5-22
Changing the Admin Context, page 5-22
Changing Between Contexts and the System Execution Space, page 5-22
Changing the Security Context URL, page 5-23
Reloading a Security Context, page 5-24
Monitoring Security Contexts, page 5-24
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
C H A P T E R
5
5-1
Advertisement
Table of Contents
Troubleshooting
