Sample Configurations
This chapter illustrates and describes a number of common ways to implement the Firewall Services
Module (FWSM). It includes the following topics:
•
•
Routed Mode Examples
This section includes the following topics:
•
•
•
•
Example 1: Security Contexts With Outside Access
This configuration creates three security contexts plus the admin context, each with an inside and an
outside interface. The Customer C context includes a DMZ interface where a Websense server for HTTP
filtering resides on the service provider premises. (See
Inside hosts can access the Internet through the outside using dynamic NAT or PAT, but no outside hosts
can access the inside.
The Customer A context has a second network behind an inside router.
The admin context allows SSH sessions to the FWSM from one host.
Each customer context belongs to a class that limits its resources (gold, silver, or bronze).
Although inside IP addresses can be the same across contexts when the VLANs are unique, keeping them
unique is easier to manage.
OL-6392-01
Routed Mode Examples, page B-1
Transparent Mode Examples, page B-15
Example 1: Security Contexts With Outside Access, page B-1
Example 2: Single Mode Using Same Security Level, page B-5
Example 3: Shared Resources for Multiple Contexts, page B-8
Example 4: Failover, page B-11
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
A P P E N D I X
Figure
B-1.)
B
B-1