Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide, 4.0
Quick Start Steps
Downloads: This chapterpdf (PDF - 356.0KB) The complete bookPDF (PDF - 4.66MB) | Feedback

Quick Start Steps

Table Of Contents

Quick Start Steps

Routed Firewall Minimum Configuration Steps

Transparent Firewall Minimum Configuration Steps


Quick Start Steps


The following sections describe the minimum configuration required for the FWSM in routed mode or transparent mode:

Routed Firewall Minimum Configuration Steps

Transparent Firewall Minimum Configuration Steps

Routed Firewall Minimum Configuration Steps

To configure the FWSM in routed mode, perform the following steps:

 
Task
Description

Step 1 

Assigning VLANs to the Firewall Services Module, page 2-2

On the switch, you need to assign VLANs to the FWSM so that the FWSM can send and receive traffic on the switch.

Step 2 

(Might be required) Adding Switched Virtual Interfaces to the MSFC, page 2-4

If you want the MSFC to route between VLANs that are assigned to the FWSM, complete this procedure.

Step 3 

Connecting to the Firewall Services Module, page 3-1

From the switch CLI, you can session into the FWSM to access the FWSM CLI.

Step 4 

(Might be required; multiple context mode only) Enabling or Disabling Multiple Context Mode, page 4-10

If you want to use multiple context mode and your FWSM is not already configured for it, or if you want to change back to single mode, follow this procedure.

Step 5 

(Multiple context mode only) Configuring a Security Context, page 4-27

Add a security context.

Step 6 

(Multiple context mode only) Changing Between Contexts and the System Execution Space, page 4-31

Because you must configure some settings in the system execution space and some settings within the context, you need to know how to switch between contexts and the system execution space.

Step 7 

Configuring Interfaces for Routed Firewall Mode, page 6-2

For each VLAN interface, you must set a name (such as inside or outside), a security level, and an IP address.

Step 8 

Configuring a Default Route, page 8-4

Create a default route to an upstream router.

Step 9 

Configure routing using one of these methods:

Configuring a Static Route, page 8-3

Configuring BGP Stub Routing, page 8-6

(Single context mode only) Configuring OSPF, page 8-9

(Single context mode only) Configuring EIGRP, page 8-22

(Single context mode only) Configuring RIP, page 8-21

In multiple context mode, static routing and stub BGP is the only routing method supported. In single mode, you have a choice of static, stub BGP, RIP, EIGRP, or OSPF.

Step 10 

(Might be required) Use one or more of these NAT methods:

Using Dynamic NAT and PAT, page 15-18

Using Static NAT, page 15-28

Using Static PAT, page 15-30

Configure NAT if you use private addresses, or want the extra security.

Step 11 

Adding an Extended ACE, page 12-7

Before any traffic can go through the FWSM, you must create an access list that permits traffic.

Step 12 

Applying an Access List to an Interface, page 14-4

Apply the access list to an interface.

Transparent Firewall Minimum Configuration Steps

To configure the FWSM in transparent mode, perform the following steps:

 
Task
Description

Step 1 

Assigning VLANs to the Firewall Services Module, page 2-2

On the switch, you need to assign VLANs to the FWSM so that the FWSM can send and receive traffic on the switch.

Step 2 

(Might be required) Adding Switched Virtual Interfaces to the MSFC, page 2-4

If you want the MSFC to route between VLANs that are assigned to the FWSM, complete this procedure.

Step 3 

Connecting to the Firewall Services Module, page 3-1

From the switch CLI, you can session into the FWSM to access the FWSM CLI.

Step 4 

(Might be required; multiple context mode only) Enabling or Disabling Multiple Context Mode, page 4-10

If you want to use multiple context mode and your FWSM is not already configured for it, or if you want to change back to single mode, follow this procedure.

Step 5 

(Multiple context mode only) Configuring a Security Context, page 4-27

Add a security context.

Step 6 

(Multiple context mode only) Changing Between Contexts and the System Execution Space, page 4-31

Because you must configure some settings in the system execution space and some settings within the context, you need to know how to switch between contexts and the system execution space.

Step 7 

Setting Transparent or Routed Firewall Mode, page 5-17

Before you configure any settings, you must set the firewall mode to transparent mode. Changing the mode clears your configuration. In multiple context mode, set the mode in each context.

Step 8 

Configuring Transparent Firewall Interface Parameters, page 6-3

For each VLAN interface, you must set a name (such as inside or outside), a security level, and a bridge group.

Step 9 

Assigning an IP Address to a Bridge Group, page 6-5

Assign an IP address to each bridge group.

Step 10 

Configuring a Default Route, page 8-4

Create a default route to an upstream router for returning management traffic.

Step 11 

Adding an Extended ACE, page 12-7

Before any traffic can go through the FWSM, you must create an access list that permits traffic.

Step 12 

Applying an Access List to an Interface, page 14-4

Apply the access list to an interface.