7609 FWSM module FAILOVER configuration
This configuration is very simple, only the script is posted, mainly in the project, you may encounter
Configuration above 7609
firewall module 1 vlan-group 10
firewall module 5 vlan-group 10
firewall vlan-group 10 10,20,30,40
The FWSM itself has no interface, but the interface on the switch can be mapped to the FWSM in the form of a VLAN. Therefore, it can be said that the FWSM has an infinite number of interfaces. This is a very flexible design. The above meaning has four VLANs. It is then placed in a VLAN 10, and this VLAN 10 is then associated with the FWSM module in the first and fifth locations.
Of course, the command to configure the VLAN on the 76 is omitted here, as well as the command to configure the address for the VLAN. pay attention.
Configuration on the FWSM
session slot 1 processor 1
interface Vian 10
nameif inside
ecurity-level 100
ip address 192.168.10.1 255.255.255.0 standby 192.168.10.2
interface Vlan20
nameif outside
security-1 eve I 0
ip address 192.168.20.1 255.255.255.0 standby 192.168.20.2
failover
failover Ian unit primary
failover Ian interface faillink vlan 30
failover polltime unit 1 holdtime 15
failover polltime interface 15
failover interface-policy 50%
failover replication http
failover link state vlan 40
failover interface ip faillink 192.168.30.1 255.255.255.252 standby 192.168.30.2
failover interface ip state 192.168.40.1 255.255.255.252 standby 192.168.40.2
session slot 5 processor 1
Redundant firewall only needs the following commands to achieve FAILOVER
failover
failover Ian unit secondary
failover Ian interface faillink vlan 30
failover polltime unit 1 holdtime 15
failover polltime interface 15
failover interface-policy 50%
failover replication http
failover link state vlan 40
failover interface ip faillink 192.168.30.1 255.255.255.252 standby 192.168.30.2
failover interface ip state 192.168.40.1 255.255.255.252 standby 192.168.40.2
Test command
failover active
no failover active
Here mainly explain that the two 7609 FWSM modules are the same as the FAILOVER configuration of a 7609 two FWSM.
FWSM module project basic problem explanation
What is the difference between FWSM's 2x, 3x, 4x IOS? What is the latest version?
FxSM 2x, 3x, 4x for 6x 7x 8x for PIX. The PIX 6x ios configuration is quite different from the later configuration. 6X will be configured, and subsequent versions will not be configured. The latest version is now 417. Published on September 20, 2011. All questions about FWSM in this document are based on FWSM IOS 417.
What is the FWSM board used for? Is it discontinued? What is the performance?
The FWSM board is primarily used on Cisco's 65 and 76 chassis. Mainly used in ISP networks. Since the FWSM can provide 250 virtual walls, it can save a lot of equipment investment and power investment. The board provides 5G capability. See the Cisco website for details. At present, the FWSM is about to be discontinued. The new board device is called the ASA module. The board provides 20G capability. Currently, it only supports 65 chassis. Currently, 76 and NEXUX devices are not supported. According to Cisco's architecture. Supporting 76 is only a matter of time. The current price of the FWSM is about 150,000 pieces. So at the time of configuration, I am very careful.
This command is very practical but there are very few people who know it. You can pay attention on it. There are many such practical tips. In addition to being able to take you through CCIE written exams and CCIE LAB exams, PASSHOT can also teach you a lot of practical knowledge points at work! Learn IE and come to PASSHOT!
Comments