Network Traffic Through the Firewall Module
By default, no traffic can pass through the FWSM to access the network. On PIX and ASA appliance software,
traffic flow from higher-level interfaces (Inside) to lower-level interfaces (Outside) will pass unrestricted.
However, the FWSM software does not allow any traffic to flow between the interfaces unless explicitly
permitted with an ACL. The security level does not provide explicit permission for traffic from a high-security
interface to a low-security interface. This applies to all types of FWSM implementation (routed and transparent
mode). To control network traffic, access lists are applied to FWSM interfaces. ACLs determine which IP
addresses and traffic can pass through the interfaces to access other networks.
Installing the FWSM
FWSM is installed in the Catalyst 6500 series switches and the Cisco 7600 series routers. The configuration on
both platforms is identical, except for the basic initialization depending on the following:
The Catalyst 6500 series switches supports two software modes:
Cisco IOS Software on both the switch supervisor engine and the
integrated MSFC (known as Supervisor IOS or Native IOS)
Catalyst Operating System (CatOS) on the supervisor engine, and
Cisco IOS Software on the MSFC (known as Hybrid mode??”two
separate OSs)
The Cisco 7600 series routers support only Cisco IOS software.
Pages:
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330