pham0329pham0329 Member Posts: 556
Anyone have any experience with these? It's used at my new job, and it's one of the things I want to catch up on before starting. I got the Cisco press book for it, but just curious as to why you would use it over an ASA?

EDIT: Whoops, spelled it wrong. I'm talking about the FWSM


  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    I have a number of customers with FWSM in their 6500's. Back in the day it was really the first platform to provide the performance that it does so it was a very attractive option in the datacenter. Today there are many platforms that can offer better performance than the FWSM can along with integrated abilities to provide IPS, anti-malware, antivirus scanning and VPN functionality. Today I would personally go with an ASA for most applications but there are some people who have grown up on the FWSM and like/understand how it works and will continue to stay with it.
    The only easy day was yesterday!
  • pham0329pham0329 Member Posts: 556
    After reading through the first 3 chapters of the Cisco Press FWSM book, I'm a little disappointed in the book. It seems like a high level overview of everything, and doesn't go indepth about anything.

    Are there any differences, in terms of commands/configurations, between the ASA or FWSM? Would I be able to learn the FWSM by reading an ASA book? I would assume the firewall concepts applies regardless of whether its an ASA/FWSM. I figure I would read a couple ASA books, then go over the FWSM book, and hopefully, it will make more sense then.
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    The FWSM is more like a PIX than an ASA, depending on the code version you might be better off with a book on the 6.x pix code. The FWSM does not provide any sort of remote VPN capability (VPN for administration of the box is supported) or IPS functionality like you can get with an ASA. From a configuration standpoint the only commands that are unique to the FWSM are the ones you put on the 6500 or 7600 that it resides in to send the required VLANS to the FWSM module:

    firewall vlan-group 10 20,30,40
    firewall module 3 vlan-group 10
    firewall multiple-vlan-interfaces

    once in the FWSM you treat it as an ASA/PIX which can be configured with multiple contexts or not.
    The only easy day was yesterday!
Sign In or Register to comment.