FWSM reading and references

Hi everyone,

So I've recently accepted a new position at a different company and will be starting there in a few weeks. Really excited abut the new role it's a lot of what I'm doing already but at a smaller company so I'm taking on a lot more aspects of the network myself. They use ASAs for firewalls at their internet edge and FWSMs for the data center. I need to review a few things with the AIP-SSM and multi-context firewalls on the ASA which I have this ebook to help me with that.

Amazon.com: Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance (2nd Edition) (9781587058196): Jazib Frahim, Omar Santos: Books

However I have zero experience with the FWSM at all and I'm going to be the primary person in charge of them at my new company. Does anyone have any recommendations to get up to speed with them? I've looked at some documentation and it didn't look that much different then an ASA config but figured I'd get some recommendations from the forum as well.

any help is appreciated!

joe

Find more posts tagged with

Comments

SteveO86

Cisco Press a book solely about the FWSM - I've never used this just found this on their site.
Cisco Secure Firewall Services Module (FWSM), Adobe Reader

The Cisco Firewall Book is also today's ebook deal of the day
$9.99 eBook Deal of the Day

It covers Security Contents but not IPS or AIM, just ASA configuration on versions 8.3/8.2 - Very worth while in my opinion even if just for a refresher.

The book you mentioned in the your posts covers various topics (IPS, Contexts, and much more) - That was the book I initially read when I started working with ASA's. It's one of the best in my opinion.

I've dealt primarily with ASA's and not the FWSM however.

Hope this helps.

instant000

shednik wrote: »

Hi everyone,

So I've recently accepted a new position at a different company and will be starting there in a few weeks. Really excited abut the new role it's a lot of what I'm doing already but at a smaller company so I'm taking on a lot more aspects of the network myself. They use ASAs for firewalls at their internet edge and FWSMs for the data center. I need to review a few things with the AIP-SSM and multi-context firewalls on the ASA which I have this ebook to help me with that.

Amazon.com: Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance (2nd Edition) (9781587058196): Jazib Frahim, Omar Santos: Books

However I have zero experience with the FWSM at all and I'm going to be the primary person in charge of them at my new company. Does anyone have any recommendations to get up to speed with them? I've looked at some documentation and it didn't look that much different then an ASA config but figured I'd get some recommendations from the forum as well.

any help is appreciated!

joe

The FWSM/ASA/PIX all run basically the same code.

Cisco came out with the ASA as a do-everything security box, standalone appliance. Mainly people think of it as replacing the PIX, as it runs the same code, but it also is meant to replace the VPN concentrators, and you can even put modules in it for IPS.

The FWSM is a module you can place into your 6509, that can be used to perform firewall functions, and it runs the same code as ASA/PIX.

If you check the config guides on cisco.com, you can see that it's now up to 8.5 for FWSM. (At least, it was yesterday, haven't checked today)

A lot of the base commands are the same, excepting that somewhere between 8.2 and 8.3 Cisco screwed with the NATTING setup severely, which lead to docs like this:

https://supportforums.cisco.com/docs/DOC-12690

So, just be aware of stuff like that, and you should be OK.

There really aren't any big gotchas, excepting to make sure that you're familiar with whatever setup they have for getting into the device. Unless you were in a big shop before, there's a good chance you didn't mess with 6509's before, so that'll take a little familiarization, too, to make sure that you know how the setup is a bit different for that.

If you're going to be doing extensive work with firewalls, we have three things that go around like a mantra on any firewall issue:

1. routes
2. statics
3. ACLs

If you cover NOTHING else in your preparation for your job, cover those three things. Your coworkers will appreciate you for it.

Oh yeah, as far as troubleshooting, since you're working with ASA/FWSM, a really good thing to be good at is the "packet tracer" feature.

https://supportforums.cisco.com/docs/DOC-5796
Configuring ASA and PIX Security Appliances - Training Resources - Cisco Systems (there is one about packet tracer in here, which is a video)

also, one final thing I just saw, when looking at that list: failover. be familiar with the setup and requirements for failover. for example, be able to tell which device is the active one, in an active/passive setup, and also, know how failback is handled.

That's probably enough to get you ready to work with ASA and FWSM.

shednik

Thats good to hear, they didn't look much different then the ASA from a config standpoint. I manage about 15 ASAs now providing different types of services, and I also manage a few 6500s, 3750 stacks, and a few ISRs. So from an ASA and routing and switching standpoint I'm prepared other than reviewing a few features on the ASA and the FWSM.

Thanks for the info, I'll check out the one book if the Cisco Firewalls book doesn't cover enough.

joe