Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide, 2.3
Quick Start Steps
Downloads: This chapterpdf (PDF - 177.0KB) The complete bookPDF (PDF - 4.49MB) | Feedback

Quick Start Steps

Table Of Contents

Quick Start Steps

Routed Firewall Configuration Steps

Transparent Firewall Configuration Steps


Quick Start Steps


The following sections describe the minimum configuration required for the Firewall Services Module (FWSM) in routed mode or transparent mode:

Routed Firewall Configuration Steps

Transparent Firewall Configuration Steps

Routed Firewall Configuration Steps

Follow these steps to configure the FWSM in routed mode:

 
Task
Description

Step 1 

Assigning VLANs to the Firewall Services Module, page 2-2

On the switch, you need to assign VLANs to the FWSM so the FWSM can send and receive traffic on the switch.

Step 2 

(Might be required) Adding Switched Virtual Interfaces to the MSFC, page 2-5

If you want the Multilayer Switch Feature Card (MSFC) to route between VLANs that are assigned to the FWSM, complete this procedure.

Step 3 

Sessioning and Logging into the Firewall Services Module, page 3-1

From the switch CLI, you can session into the FWSM to access the FWSM CLI.

Step 4 

(Might be required; multiple context mode only) Enabling or Disabling Multiple Context Mode, page 5-9

If you want to use multiple context mode and your FWSM is not already configured for it, or if you want to change back to single mode, follow this procedure.

Step 5 

(Multiple context mode only) Configuring a Security Context, page 5-17

Add a security context.

Step 6 

(Multiple context mode only) Changing Between Contexts and the System Execution Space, page 5-21

You must configure some settings in the system execution space, and some settings within the context, so you need to know how to switch between contexts and the system execution space.

Step 7 

Setting the Name and Security Level, page 6-7

For each VLAN interface, you must set a name (such as inside or outside) and a security level.

Step 8 

Assigning IP Addresses to Interfaces for a Routed Firewall, page 8-2

Assign an IP address to each interface.

Step 9 

Configuring the Default Route, page 8-2

Create a default route to an upstream router.

Step 10 

Configure routing using one of these methods:

Configuring Static Routes, page 8-3

(Single context mode only) Configuring OSPF, page 8-4

(Single context mode only) Configuring RIP, page 8-18

In multiple context mode, static routing is the only routing method supported. In single mode, you have a choice of static, RIP, or OSPF. RIP support is for passive mode only.

Step 11 

Use one or more of these NAT methods:

Using Dynamic NAT and PAT, page 9-16

Using Static NAT, page 9-26

Using Static PAT, page 9-27

Bypassing NAT, page 9-29

You must specifically configure some interfaces to either use or bypass NAT. Typically, if you want to allow inside users to access the outside or other networks attached to the FWSM, configure dynamic NAT or PAT according to the "Using Dynamic NAT and PAT" section on page 16. If you want to allow outside users to access an inside host, then configure static NAT according to the "Using Static NAT" section on page 26.

The FWSM offers a large amount of flexibility in your NAT configuration.

Step 12 

Adding an Extended Access Control List, page 10-13

Before any traffic can go through the FWSM, you must create an ACL that permits traffic, and then apply it to an interface.

Transparent Firewall Configuration Steps

Follow these steps to configure the FWSM in transparent mode:

 
Task
Description

Step 1 

Assigning VLANs to the Firewall Services Module, page 2-2

On the switch, you need to assign VLANs to the FWSM so the FWSM can send and receive traffic on the switch.

Step 2 

(Might be required) Adding Switched Virtual Interfaces to the MSFC, page 2-5

If you want the MSFC to route between VLANs that are assigned to the FWSM, complete this procedure.

Step 3 

Sessioning and Logging into the Firewall Services Module, page 3-1

From the switch CLI, you can session into the FWSM to access the FWSM CLI.

Step 4 

Setting the Firewall Mode, page 4-16

Before you configure any settings, you must set the firewall mode to transparent mode. Changing the mode clears your configuration.

Step 5 

(Might be required; multiple context mode only) Enabling or Disabling Multiple Context Mode, page 5-9

If you want to use multiple context mode and your FWSM is not already configured for it, or if you want to change back to single mode, follow this procedure.

Step 6 

(Multiple context mode only) Configuring a Security Context, page 5-17

Add a security context.

Step 7 

(Multiple context mode only) Changing Between Contexts and the System Execution Space, page 5-21

You must configure some settings in the system execution space, and some settings within the context, so you need to know how to switch between contexts and the system execution space.

Step 8 

Setting the Name and Security Level, page 6-7

For each VLAN interface, you must set a name (such as inside or outside) and a security level.

Step 9 

Setting the Management IP Address for a Transparent Firewall, page 8-2

The transparent firewall requires a management IP address.

Step 10 

Adding an Extended Access Control List, page 10-13

Before any traffic can go through the FWSM, you must create an ACL that permits traffic, and then apply it to an interface.