Introduction to the Firewall Services Module
The Firewall Services Module (FWSM) is a high-performance, space-saving, stateful firewall module
that installs in the Catalyst 6500 series switches and the Cisco 7600 series routers.
Firewalls protect inside networks from unauthorized access by users on an outside network. The firewall
can also protect inside networks from each other, for example, by keeping a human resources network
separate from a user network. If you have network resources that need to be available to an outside user,
such as a web or FTP server, you can place these resources on a separate network behind the firewall,
called a demilitarized zone (DMZ). The firewall allows limited access to the DMZ, but because the DMZ
includes only the public servers, an attack there affects only the servers and does not affect the other
inside networks. You can also control when inside users access outside networks (for example, access to
the Internet), by allowing only certain addresses out, by requiring authentication or authorization, or by
coordinating with an external URL filtering server.
When discussing networks connected to a firewall, the outside network is in front of the firewall, the
Note
inside network is protected and behind the firewall, and a DMZ, while behind the firewall, allows limited
access to outside users. Because the FWSM lets you configure many interfaces with varied security
policies, including many inside interfaces, many DMZs, and even many outside interfaces if desired,
these terms are used in a general sense only.
The FWSM includes many advanced features, such as multiple security contexts (similar to virtualized
firewalls), transparent (Layer 2) firewall or routed (Layer 3) firewall operation, hundreds of interfaces,
and many more features.
This chapter contains the following sections:
Chassis System Requirements, page 1-2
•
How the Firewall Services Module Works, page 1-8
•
OL-6392-01
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
C H A P T E R
1
1-1