Firewall Mode Overview; Routed Mode Overview - Cisco Catalyst 6500 Series Configuration Manual

Configuring the Firewall Mode
This chapter describes how to set the firewall mode to either routed mode or transparent mode, and
includes the following sections:
•
•

Firewall Mode Overview

The FWSM can run in two firewall modes:
•
•
In routed mode, the FWSM is considered to be a router hop in the network. It performs NAT between
connected networks, and can use OSPF or passive RIP (in single context mode). Routed mode supports
up to 256 interfaces per context or in single mode, with a maximum of 1000 interfaces divided between
all contexts. Each interface is on a different subnet. You can share interfaces between contexts.
In transparent mode, the FWSM acts like a "bump in the wire," or a "stealth firewall," and is not a router
hop. The FWSM connects the same network on its inside and outside interfaces, but each interface must
be on a different VLAN. No dynamic routing protocols or NAT are required. However, like routed mode,
transparent mode also requires ACLs to allow traffic through. Transparent mode can allow certain types
of traffic in an ACL that are blocked by routed mode, including unsupported routing protocols and
multicast traffic. Transparent mode can also optionally use EtherType ACLs to allow non-IP traffic.
Transparent mode only supports two interfaces, an inside interface and an outside interface.
This section includes the following topics:
•
•

Routed Mode Overview

This section includes the following topics:
•
•
•
OL-6392-01
Firewall Mode Overview, page 4-1
Setting the Firewall Mode, page 4-16
Routed mode
Transparent mode
Routed Mode Overview, page 4-1
Transparent Mode Overview, page 4-8
IP Routing Support, page 4-2
Network Address Translation, page 4-2
How Data Moves Through the FWSM in Routed Firewall Mode, page 4-3
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
C H A P T E R
4
4-1