Note
Refer to Cisco documentation for supported supervisor engine and software releases that support the
FWSM. The version of code required to support FWSM depends on the supervisor model and whether you
are running CatOS (Hybrid) or Cisco IOS (Native).
Router/MSFC Placement
The switch includes a switching processor (called the supervisor) and a router (called the MSFC??“Multilayer
Switch Feature Card). MSFC provides Cisco IOS-based multiprotocol routing and network services. It is
important to understand the logical placement of the Router/MSFC in the network topology in relation to the
FWSM. Several criteria are outlined in the subsections that follow that can be used to determine the network
flow between the networks that require firewalling functions. The sections that follow explain the scenarios that
are used to place the Router/MSFC in single and multiple contexts.
In Single Context
In single context mode, the Router/MSFC can be placed either in front of the firewall or behind the firewall, as
shown in Figure 6-22. The placement of the Router/MSFC depends entirely on the logic and requirement of the
network flow??”for example, determining which VLANs require being pushed through the firewall for inspection
and/or need to bypass the firewall.
Pages:
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331