top of page
Search
Writer's picturePASS HOT

Take you to know the FWSM module

7609 FWSM module FAILOVER configuration

This configuration is very simple, only the script is posted, mainly in the project, you may encounter

Configuration above 7609

firewall module 1 vlan-group 10

firewall module 5 vlan-group 10

firewall vlan-group 10 10,20,30,40

The FWSM itself has no interface, but the interface on the switch can be mapped to the FWSM in the form of a VLAN. Therefore, it can be said that the FWSM has an infinite number of interfaces. This is a very flexible design. The above meaning has four VLANs. It is then placed in a VLAN 10, and this VLAN 10 is then associated with the FWSM module in the first and fifth locations.

Of course, the command to configure the VLAN on the 76 is omitted here, as well as the command to configure the address for the VLAN. pay attention.

Configuration on the FWSM

session slot 1 processor 1

interface Vian 10

nameif inside

ecurity-level 100

ip address 192.168.10.1 255.255.255.0 standby 192.168.10.2

interface Vlan20

nameif outside

security-1 eve I 0

ip address 192.168.20.1 255.255.255.0 standby 192.168.20.2

failover

failover Ian unit primary

failover Ian interface faillink vlan 30

failover polltime unit 1 holdtime 15

failover polltime interface 15

failover interface-policy 50%

failover replication http

failover link state vlan 40

failover interface ip faillink 192.168.30.1 255.255.255.252 standby 192.168.30.2

failover interface ip state 192.168.40.1 255.255.255.252 standby 192.168.40.2

session slot 5 processor 1

Redundant firewall only needs the following commands to achieve FAILOVER

failover

failover Ian unit secondary

failover Ian interface faillink vlan 30

failover polltime unit 1 holdtime 15

failover polltime interface 15

failover interface-policy 50%

failover replication http

failover link state vlan 40

failover interface ip faillink 192.168.30.1 255.255.255.252 standby 192.168.30.2

failover interface ip state 192.168.40.1 255.255.255.252 standby 192.168.40.2

Test command

failover active

no failover active

Here mainly explain that the two 7609 FWSM modules are the same as the FAILOVER configuration of a 7609 two FWSM.

FWSM module project basic problem explanation

What is the difference between FWSM's 2x, 3x, 4x IOS? What is the latest version?

FxSM 2x, 3x, 4x for 6x 7x 8x for PIX. The PIX 6x ios configuration is quite different from the later configuration. 6X will be configured, and subsequent versions will not be configured. The latest version is now 417. Published on September 20, 2011. All questions about FWSM in this document are based on FWSM IOS 417.

What is the FWSM board used for? Is it discontinued? What is the performance?

The FWSM board is primarily used on Cisco's 65 and 76 chassis. Mainly used in ISP networks. Since the FWSM can provide 250 virtual walls, it can save a lot of equipment investment and power investment. The board provides 5G capability. See the Cisco website for details. At present, the FWSM is about to be discontinued. The new board device is called the ASA module. The board provides 20G capability. Currently, it only supports 65 chassis. Currently, 76 and NEXUX devices are not supported. According to Cisco's architecture. Supporting 76 is only a matter of time. The current price of the FWSM is about 150,000 pieces. So at the time of configuration, I am very careful.

This command is very practical but there are very few people who know it. You can pay attention on it. There are many such practical tips. In addition to being able to take you through CCIE written exams and CCIE LAB exams, PASSHOT can also teach you a lot of practical knowledge points at work! Learn IE and come to PASSHOT!

2 views0 comments

Recent Posts

See All

Comments


文章: Blog2_Post
bottom of page