Cisco PDM Installation and Configuration Guide for Firewall Services Module, Version 4.1 - Installing PDM [Cisco PIX Device Manager]

Table Of Contents

Installing PDM

Downloading the PDM Software from Cisco.com

Sessioning into the Firewall Services Module

Loading the PDM Image

Loading the PDM Image Using TFTP in Single Mode

Loading the PDM Image Using TFTP in Multiple Context Mode

Loading the PDM Image Using HTTP in Single Mode

Enabling the FWSM for PDM

Loading the PDM Image Using HTTP in Multiple Context Mode

Loading the PDM Image Using FTP in Single Mode

Loading the PDM Image Using FTP in Multiple Context Mode

Installing PDM

This chapter describes downloading and installing the PDM Version 4.1 image.

This chapter includes the following sections:

•Downloading the PDM Software from Cisco.com

•Sessioning into the Firewall Services Module

•Loading the PDM Image

Downloading the PDM Software from Cisco.com

Perform the following steps to install PDM from Cisco.com (the Web):

Step 1 Go to http://www.cisco.com using a web browser.

Step 2 On the menu bar, click LOGIN.

Step 3 Enter your Cisco.com username and password and click OK.

Note To register as a Cisco.com user, and obtain a username and password, go to this URL: http:/tools.cisco.com/RPF/register/register.do. Only customers with an appropriate SMARTnet service contract associated with their Cisco.com user account will be granted access to the Software Center.

Step 4 Enter http://www.cisco.com/cisco/software/navigator.html?a=a&i=rpm in the web address area of your web browser and press the Return or Enter key on your keyboard. (If you are prompted again for a username and password, enter your Cisco.com username and password.)

Step 5 On the FWSM Software download page, find the section titled "Select a File to Download", click pdm-nnn.bin (where nnn represents the PDM software image version that you want to install) and follow the instructions presented.

Note Set the network address for access to TFTP server.

Sessioning into the Firewall Services Module

This section describes how to connect or "session," to the FWSM from the switch command line, log in, access privileged mode, and then configuration mode so you can configure the FWSM. Refer to the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3, "Quick Start Steps," for more information.

Note The FWSM does not have an external console port, you must session into the FWSM for initial configuration.

Later, when you configure interfaces and IP addresses on the FWSM itself, you can access the FWSM CLI remotely through an FWSM interface. Refer to the "Allowing Remote Management" section in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3, for more information:

http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/tsd_products_support_model_home.html

Without any additional configuration for user authentication, the login method consists of logging in as the default user:

•The login password lets you access unprivileged mode.

•To access configuration commands, you must enter privileged mode, which requires a second password (privileged mode is also known as enable mode).

•From privileged mode, you can access configuration mode, which does not require a password.

Caution Management access to the FWSM causes a degradation in performance. We recommend that you avoid accessing the FWSM when high network performance is critical.

For multiple context mode, see the "Loggine into the FWSM in Multiple Context Mode" section in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3 for more information about logging into security contexts:

http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/tsd_products_support_model_home.html

To session into the FWSM, log in, access privileged mode, and then configuration mode, follow these steps:

Step 1 Session into the FWSM using the command appropriate for your switch operating system:

•Cisco IOS software
Router# session slot number processor 1
•Catalyst OS
Console> (enable) session module_number
For multiple context mode, when you session into the FWSM, you access the system configuration. See Chapter 5, "Managing Security Contexts," in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide for more information:

http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/tsd_products_support_model_home.html

Step 2 Log into the FWSM by entering the login password at the following prompt:
fwsm passwd:
By default, the password is cisco. To change the password, see Chapter 6 "Changing the Passwords" in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide for more information.

Step 3 To access privileged mode, enter the following command:
fwsm> enable
This command accesses the highest privilege level. The following prompt appears:
Password:
Step 4 Enter the enable password at the prompt.

By default, the password is blank, and you can press the Enter key to continue. See Chapter 6 "Changing the Passwords" in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide for more information.

The prompt changes to the following:
fwsm#
To exit privileged mode, enter disable. You can also enter exit or quit to exit the current access mode (privileged mode, configuration mode, and so on).

Step 5 To access configuration mode, enter the following command:
fwsm# configure terminal 
The prompt changes to the following:
fwsm(config)# 
Loading the PDM Image

This section includes the following topics:

•Loading the PDM Image Using TFTP in Single Mode

•Loading the PDM Image Using TFTP in Multiple Context Mode

•Loading the PDM Image Using HTTP in Single Mode

•Loading the PDM Image Using HTTP in Multiple Context Mode

•Loading the PDM Image Using FTP in Single Mode

•Loading the PDM Image Using FTP in Multiple Context Mode

Loading the PDM Image Using TFTP in Single Mode

Perform the following steps to load the PDM image file onto the firewall:

Step 1 Enter the following at the command prompt to load the PDM image file:
fwsm# copy tftp://Your_TFTP_Server_IP_Address/Your_pdmfile_name flash:pdm
Or you can enter the generic command and follow the prompts:
fwsm# copy tftp flash:pdm
Step 2 Enter the following command at the prompt to enter configuration mode:
fwsm# configure terminal
Step 3 Enter the following command:
fwsm# nameif <vlan_name> inside <security level>
For information on assigning vlans to the firewall see, "Assigning VLANS to the Firewall Services Module" in the Catalyst 6500 Series Switch and Cisco 7600 Series Route Firewall Services Module Configuration Guide Release 2.3.

Step 4 To enter setup, use the setup command as shown in the following example:
fwsm (config)# setup
Note Press Enter to accept the default values.

After you enter the IP address of the workstation running PDM, the firewall displays the information you just entered.

The following is a sample display:
The following configuration will be used:
Enable Password: ciscofwsm
Clock (UTC): 14:22:00 Aug 28 2001
Firewall mode:routed
Inside IP address: 192.168.1.1
Inside network mask: 255.255.255.0
hostname: accounting_fwsm
Domain name: example.com
IP address of host running PDM: 192.168.1.2
Step 5 Enter n to edit the values, or enter y to save the information to the firewall Flash memory.
Use this configuration and write to flash? y
Or, enter y at the prompt to save the information to the firewall Flash memory.

Loading the PDM Image Using TFTP in Multiple Context Mode

Perform the following steps to load the PDM image file onto the firewall:

Step 1 Enter the following at the command prompt to load the PDM image file:
fwsm# copy tftp://Your_TFTP_Server_IP_Address/Your_pdmfile_name flash:pdm
Or you can enter the generic command and follow the prompts:
fwsm# copy tftp flash:pdm
Step 2 Enter the following command to change to admin context:
fwsm# changeto context admin
Note For information on configuring admin context to enable access to PDM, see the "Configuring a Security Context" section in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3.

Step 3 Configure the IP address and default route for the admin context.

–For information on configuring IP address, routing and DHCP, see the Configuring IP Addresses, Routing, and DHCP section in the in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3.

–For information on how to set up an IP address in a context, see the Logging into the FWSM in Multiple Context Mode section in the in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3.

Step 4 To identify the IP addresses from which the FWSM accepts HTTPS connections, enter the following command for each address or subnet:
fwsm/admin(config)# http source_IP_address mask source_interface
Step 5 Enter the following command to enable the HTTPS server:
fwsm/admin(config)# http server enable
Step 6 Enter the following command to enable the PDM metrics history:
fwsm/admin(config)# pdm history enable
For example, to enable the HTTPS server and let a host on the inside interface with an address of 192.168.1.2 access PDM, enter the following commands:
fwsm/admin(config)# http server enable
fwsm/admin(config)# pdm history enable
fwsm/admin(config)# http 192.168.1.2 255.255.255.255 inside
To allow all users on the 192.168.3.0 network to access PDM on the inside interface, enter the following command:
fwsm/admin(config)# http 192.168.3.0 255.255.255.0 inside
Loading the PDM Image Using HTTP in Single Mode

Follow the steps above to configure the firewall.

Enabling the FWSM for PDM

To use PDM, you need to enable the HTTP server and allow HTTP connections to the FWSM.

The FWSM allows a maximum of 5 concurrent HTTP connections per context and 16 concurrent HTTP contexts per blade.

To load the PDM image file complete step 1, continue the following steps to configure FWSM to enable PDM access:

Step 1 Enter the following at the command prompt to load the PDM image file:
fwsm# copy http://Your_http_Server_IP_Address/Your_pdmfile_name flash:pdm
Or you can enter the generic command and follow the prompts:
fwsm# copy http flash:pdm
Step 2 Enter the following command at the prompt to enter configuration mode:
fwsm# configure terminal
Step 3 Enter the following command:
fwsm# nameif <vlan_name> inside <security level>
For information on assigning vlans to the firewall see, "Assigning VLANS to the Firewall Services Module" in the Catalyst 6500 Series Switch and Cisco 7600 Series Route Firewall Services Module Configuration Guide Release 2.3.

Step 4 To enter setup, use the setup command as shown in the following example:
fwsm (config)# setup
Note Press Enter to accept the default values.

After you enter the IP address of the workstation running PDM, the firewall displays the information you just entered.

The following is a sample display:
The following configuration will be used:
Enable Password: ciscofwsm
Clock (UTC): 14:22:00 Aug 28 2001
Firewall mode:routed
Inside IP address: 192.168.1.1
Inside network mask: 255.255.255.0
hostname: accounting_fwsm
Domain name: example.com
IP address of host running PDM: 192.168.1.2
Step 5 Enter n to edit the values, or enter y to save the information to the firewall Flash memory.
Use this configuration and write to flash? y
Or, enter y at the prompt to save the information to the firewall Flash memory.

Loading the PDM Image Using HTTP in Multiple Context Mode

Perform the following steps to load the PDM image file onto the firewall:

Step 1 Enter the following at the command prompt to load the PDM image file:
fwsm# copy http://Your_http_Server_IP_Address/Your_pdmfile_name flash:pdm
Or you can enter the generic command and follow the prompts:
fwsm# copy http flash:pdm
Step 2 Enter the following command to change to admin context:
fwsm# changeto context admin
Note For information on configuring admin context to enable access to PDM, see the "Configuring a Security Context" section in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3.

Step 3 Configure the IP address and default route for the admin context.

–For information on configuring IP address, routing and DHCP, see the Configuring IP Addresses, Routing, and DHCP section in the in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3.

–For information on how to set up an IP address in a context, see the Logging into the FWSM in Multiple Context Mode section in the in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3.

Step 4 To identify the IP addresses from which the FWSM accepts HTTPS connections, enter the following command for each address or subnet:
fwsm/admin(config)# http source_IP_address mask source_interface
Step 5 Enter the following command to enable the HTTPS server:
fwsm/admin(config)# http server enable
Step 6 Enter the following command to enable the PDM metrics history:
fwsm/admin(config)# pdm history enable
For example, to enable the HTTPS server and let a host on the inside interface with an address of 192.168.1.2 access PDM, enter the following commands:
fwsm/admin(config)# http server enable
fwsm/admin(config)# pdm history enable
fwsm/admin(config)# http 192.168.1.2 255.255.255.255 inside
To allow all users on the 192.168.3.0 network to access PDM on the inside interface, enter the following command:

fwsm/admin(config)# http 192.168.3.0 255.255.255.0 inside

Loading the PDM Image Using FTP in Single Mode

Perform the following steps to load the PDM image file onto the firewall:

Step 1 Enter the following at the command prompt to load the PDM image file:
fwsm# copy ftp://Your_FTP_Server_IP_Address/Your_pdmfile_name flash:pdm
Or you can enter the generic command and follow the prompts:
fwsm# copy ftp flash:pdm
Step 2 Enter the following command at the prompt to enter configuration mode:
fwsm# configure terminal
Step 3 Enter the following command:
fwsm# nameif <vlan_name> inside <security level>
For information on assigning vlans to the firewall see, "Assigning VLANS to the Firewall Services Module" in the Catalyst 6500 Series Switch and Cisco 7600 Series Route Firewall Services Module Configuration Guide Release 2.3.

Step 4 To enter setup, use the setup command as shown in the following example:
fwsm# (config)# setup
Note Press Enter to accept the default values.

After you enter the IP address of the workstation running PDM, the firewall displays the information you just entered.

The following is a sample display:
The following configuration will be used:
Enable Password: ciscofwsm
Clock (UTC): 14:22:00 Aug 28 2001
Firewall mode:routed
Inside IP address: 192.168.1.1
Inside network mask: 255.255.255.0
hostname: accounting_fwsm
Domain name: example.com
IP address of host running PDM: 192.168.1.2
Step 5 Enter n to edit the values, or enter y to save the information to the firewall Flash memory.
Use this configuration and write to flash? y
Or, enter y at the prompt to save the information to the firewall Flash memory.

Loading the PDM Image Using FTP in Multiple Context Mode

Perform the following steps to load the PDM image file onto the firewall:

Step 1 Enter the following at the command prompt to load the PDM image file:
fwsm# copy ftp://Your_FTP_Server_IP_Address/Your_pdmfile_name flash:pdm
Or you can enter the generic command and follow the prompts:
fwsm# copy ftp flash:pdm
Step 2 Enter the following command to change to admin context:
fwsm# changeto context admin
Note For information on configuring admin context to enable access to PDM, see the "Configuring a Security Context" section in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3.

Step 3 Configure the IP address and default route for the admin context.

–For information on configuring IP address, routing and DHCP, see the Configuring IP Addresses, Routing, and DHCP section in the in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3.

–For information on how to set up an IP address in a context, see the Logging into the FWSM in Multiple Context Mode section in the in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3.

Step 4 To identify the IP addresses from which the FWSM accepts HTTPS connections, enter the following command for each address or subnet:
fwsm/admin(config)# http source_IP_address mask source_interface
Step 5 Enter the following command to enable the HTTPS server:
fwsm/admin(config)# http server enable
Step 6 Enter the following command to enable the PDM metrics history:
fwsm/admin(config)# pdm history enable
For example, to enable the HTTPS server and let a host on the inside interface with an address of 192.168.1.2 access PDM, enter the following commands:
fwsm/admin(config)# http server enable
fwsm/admin(config)# pdm history enable
fwsm/admin(config)# http 192.168.1.2 255.255.255.255 inside
To allow all users on the 192.168.3.0 network to access PDM on the inside interface, enter the following command:

fwsm/admin(config)# http 192.168.3.0 255.255.255.0 inside

	Cisco PDM Installation and Configuration Guide for Firewall Services Module, Version 4.1
	Installing PDM
Cisco PDM Installation and Configuration Guide for Firewall Services Module, Version 4.1 Preface Overview Preparing to Install PDM Installing PDM Configuring PDM Tips and Troubleshooting	Download this chapter Installing PDM Feedback Table Of Contents Installing PDM Downloading the PDM Software from Cisco.com Sessioning into the Firewall Services Module Loading the PDM Image Loading the PDM Image Using TFTP in Single Mode Loading the PDM Image Using TFTP in Multiple Context Mode Loading the PDM Image Using HTTP in Single Mode Enabling the FWSM for PDM Loading the PDM Image Using HTTP in Multiple Context Mode Loading the PDM Image Using FTP in Single Mode Loading the PDM Image Using FTP in Multiple Context Mode Installing PDM This chapter describes downloading and installing the PDM Version 4.1 image. This chapter includes the following sections: •Downloading the PDM Software from Cisco.com •Sessioning into the Firewall Services Module •Loading the PDM Image Downloading the PDM Software from Cisco.com Perform the following steps to install PDM from Cisco.com (the Web): Step 1 Go to http://www.cisco.com using a web browser. Step 2 On the menu bar, click LOGIN. Step 3 Enter your Cisco.com username and password and click OK. Note To register as a Cisco.com user, and obtain a username and password, go to this URL: http:/tools.cisco.com/RPF/register/register.do. Only customers with an appropriate SMARTnet service contract associated with their Cisco.com user account will be granted access to the Software Center. Step 4 Enter http://www.cisco.com/cisco/software/navigator.html?a=a&i=rpm in the web address area of your web browser and press the Return or Enter key on your keyboard. (If you are prompted again for a username and password, enter your Cisco.com username and password.) Step 5 On the FWSM Software download page, find the section titled "Select a File to Download", click pdm-nnn.bin (where nnn represents the PDM software image version that you want to install) and follow the instructions presented. Note Set the network address for access to TFTP server. Sessioning into the Firewall Services Module This section describes how to connect or "session," to the FWSM from the switch command line, log in, access privileged mode, and then configuration mode so you can configure the FWSM. Refer to the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3, "Quick Start Steps," for more information. Note The FWSM does not have an external console port, you must session into the FWSM for initial configuration. Later, when you configure interfaces and IP addresses on the FWSM itself, you can access the FWSM CLI remotely through an FWSM interface. Refer to the "Allowing Remote Management" section in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3, for more information: http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/tsd_products_support_model_home.html Without any additional configuration for user authentication, the login method consists of logging in as the default user: •The login password lets you access unprivileged mode. •To access configuration commands, you must enter privileged mode, which requires a second password (privileged mode is also known as enable mode). •From privileged mode, you can access configuration mode, which does not require a password. Caution Management access to the FWSM causes a degradation in performance. We recommend that you avoid accessing the FWSM when high network performance is critical. For multiple context mode, see the "Loggine into the FWSM in Multiple Context Mode" section in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3 for more information about logging into security contexts: http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/tsd_products_support_model_home.html To session into the FWSM, log in, access privileged mode, and then configuration mode, follow these steps: Step 1 Session into the FWSM using the command appropriate for your switch operating system: •Cisco IOS software Router# session slot number processor 1 •Catalyst OS Console> (enable) session module_number For multiple context mode, when you session into the FWSM, you access the system configuration. See Chapter 5, "Managing Security Contexts," in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide for more information: http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/tsd_products_support_model_home.html Step 2 Log into the FWSM by entering the login password at the following prompt: fwsm passwd: By default, the password is cisco. To change the password, see Chapter 6 "Changing the Passwords" in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide for more information. Step 3 To access privileged mode, enter the following command: fwsm> enable This command accesses the highest privilege level. The following prompt appears: Password: Step 4 Enter the enable password at the prompt. By default, the password is blank, and you can press the Enter key to continue. See Chapter 6 "Changing the Passwords" in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide for more information. The prompt changes to the following: fwsm# To exit privileged mode, enter disable. You can also enter exit or quit to exit the current access mode (privileged mode, configuration mode, and so on). Step 5 To access configuration mode, enter the following command: fwsm# configure terminal The prompt changes to the following: fwsm(config)# Loading the PDM Image This section includes the following topics: •Loading the PDM Image Using TFTP in Single Mode •Loading the PDM Image Using TFTP in Multiple Context Mode •Loading the PDM Image Using HTTP in Single Mode •Loading the PDM Image Using HTTP in Multiple Context Mode •Loading the PDM Image Using FTP in Single Mode •Loading the PDM Image Using FTP in Multiple Context Mode Loading the PDM Image Using TFTP in Single Mode Perform the following steps to load the PDM image file onto the firewall: Step 1 Enter the following at the command prompt to load the PDM image file: fwsm# copy tftp://Your_TFTP_Server_IP_Address/Your_pdmfile_name flash:pdm Or you can enter the generic command and follow the prompts: fwsm# copy tftp flash:pdm Step 2 Enter the following command at the prompt to enter configuration mode: fwsm# configure terminal Step 3 Enter the following command: fwsm# nameif <vlan_name> inside <security level> For information on assigning vlans to the firewall see, "Assigning VLANS to the Firewall Services Module" in the Catalyst 6500 Series Switch and Cisco 7600 Series Route Firewall Services Module Configuration Guide Release 2.3. Step 4 To enter setup, use the setup command as shown in the following example: fwsm (config)# setup Note Press Enter to accept the default values. After you enter the IP address of the workstation running PDM, the firewall displays the information you just entered. The following is a sample display: The following configuration will be used: Enable Password: ciscofwsm Clock (UTC): 14:22:00 Aug 28 2001 Firewall mode:routed Inside IP address: 192.168.1.1 Inside network mask: 255.255.255.0 hostname: accounting_fwsm Domain name: example.com IP address of host running PDM: 192.168.1.2 Step 5 Enter n to edit the values, or enter y to save the information to the firewall Flash memory. Use this configuration and write to flash? y Or, enter y at the prompt to save the information to the firewall Flash memory. Loading the PDM Image Using TFTP in Multiple Context Mode Perform the following steps to load the PDM image file onto the firewall: Step 1 Enter the following at the command prompt to load the PDM image file: fwsm# copy tftp://Your_TFTP_Server_IP_Address/Your_pdmfile_name flash:pdm Or you can enter the generic command and follow the prompts: fwsm# copy tftp flash:pdm Step 2 Enter the following command to change to admin context: fwsm# changeto context admin Note For information on configuring admin context to enable access to PDM, see the "Configuring a Security Context" section in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3. Step 3 Configure the IP address and default route for the admin context. –For information on configuring IP address, routing and DHCP, see the Configuring IP Addresses, Routing, and DHCP section in the in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3. –For information on how to set up an IP address in a context, see the Logging into the FWSM in Multiple Context Mode section in the in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3. Step 4 To identify the IP addresses from which the FWSM accepts HTTPS connections, enter the following command for each address or subnet: fwsm/admin(config)# http source_IP_address mask source_interface Step 5 Enter the following command to enable the HTTPS server: fwsm/admin(config)# http server enable Step 6 Enter the following command to enable the PDM metrics history: fwsm/admin(config)# pdm history enable For example, to enable the HTTPS server and let a host on the inside interface with an address of 192.168.1.2 access PDM, enter the following commands: fwsm/admin(config)# http server enable fwsm/admin(config)# pdm history enable fwsm/admin(config)# http 192.168.1.2 255.255.255.255 inside To allow all users on the 192.168.3.0 network to access PDM on the inside interface, enter the following command: fwsm/admin(config)# http 192.168.3.0 255.255.255.0 inside Loading the PDM Image Using HTTP in Single Mode Follow the steps above to configure the firewall. Enabling the FWSM for PDM To use PDM, you need to enable the HTTP server and allow HTTP connections to the FWSM. The FWSM allows a maximum of 5 concurrent HTTP connections per context and 16 concurrent HTTP contexts per blade. To load the PDM image file complete step 1, continue the following steps to configure FWSM to enable PDM access: Step 1 Enter the following at the command prompt to load the PDM image file: fwsm# copy http://Your_http_Server_IP_Address/Your_pdmfile_name flash:pdm Or you can enter the generic command and follow the prompts: fwsm# copy http flash:pdm Step 2 Enter the following command at the prompt to enter configuration mode: fwsm# configure terminal Step 3 Enter the following command: fwsm# nameif <vlan_name> inside <security level> For information on assigning vlans to the firewall see, "Assigning VLANS to the Firewall Services Module" in the Catalyst 6500 Series Switch and Cisco 7600 Series Route Firewall Services Module Configuration Guide Release 2.3. Step 4 To enter setup, use the setup command as shown in the following example: fwsm (config)# setup Note Press Enter to accept the default values. After you enter the IP address of the workstation running PDM, the firewall displays the information you just entered. The following is a sample display: The following configuration will be used: Enable Password: ciscofwsm Clock (UTC): 14:22:00 Aug 28 2001 Firewall mode:routed Inside IP address: 192.168.1.1 Inside network mask: 255.255.255.0 hostname: accounting_fwsm Domain name: example.com IP address of host running PDM: 192.168.1.2 Step 5 Enter n to edit the values, or enter y to save the information to the firewall Flash memory. Use this configuration and write to flash? y Or, enter y at the prompt to save the information to the firewall Flash memory. Loading the PDM Image Using HTTP in Multiple Context Mode Perform the following steps to load the PDM image file onto the firewall: Step 1 Enter the following at the command prompt to load the PDM image file: fwsm# copy http://Your_http_Server_IP_Address/Your_pdmfile_name flash:pdm Or you can enter the generic command and follow the prompts: fwsm# copy http flash:pdm Step 2 Enter the following command to change to admin context: fwsm# changeto context admin Note For information on configuring admin context to enable access to PDM, see the "Configuring a Security Context" section in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3. Step 3 Configure the IP address and default route for the admin context. –For information on configuring IP address, routing and DHCP, see the Configuring IP Addresses, Routing, and DHCP section in the in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3. –For information on how to set up an IP address in a context, see the Logging into the FWSM in Multiple Context Mode section in the in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3. Step 4 To identify the IP addresses from which the FWSM accepts HTTPS connections, enter the following command for each address or subnet: fwsm/admin(config)# http source_IP_address mask source_interface Step 5 Enter the following command to enable the HTTPS server: fwsm/admin(config)# http server enable Step 6 Enter the following command to enable the PDM metrics history: fwsm/admin(config)# pdm history enable For example, to enable the HTTPS server and let a host on the inside interface with an address of 192.168.1.2 access PDM, enter the following commands: fwsm/admin(config)# http server enable fwsm/admin(config)# pdm history enable fwsm/admin(config)# http 192.168.1.2 255.255.255.255 inside To allow all users on the 192.168.3.0 network to access PDM on the inside interface, enter the following command: fwsm/admin(config)# http 192.168.3.0 255.255.255.0 inside Loading the PDM Image Using FTP in Single Mode Perform the following steps to load the PDM image file onto the firewall: Step 1 Enter the following at the command prompt to load the PDM image file: fwsm# copy ftp://Your_FTP_Server_IP_Address/Your_pdmfile_name flash:pdm Or you can enter the generic command and follow the prompts: fwsm# copy ftp flash:pdm Step 2 Enter the following command at the prompt to enter configuration mode: fwsm# configure terminal Step 3 Enter the following command: fwsm# nameif <vlan_name> inside <security level> For information on assigning vlans to the firewall see, "Assigning VLANS to the Firewall Services Module" in the Catalyst 6500 Series Switch and Cisco 7600 Series Route Firewall Services Module Configuration Guide Release 2.3. Step 4 To enter setup, use the setup command as shown in the following example: fwsm# (config)# setup Note Press Enter to accept the default values. After you enter the IP address of the workstation running PDM, the firewall displays the information you just entered. The following is a sample display: The following configuration will be used: Enable Password: ciscofwsm Clock (UTC): 14:22:00 Aug 28 2001 Firewall mode:routed Inside IP address: 192.168.1.1 Inside network mask: 255.255.255.0 hostname: accounting_fwsm Domain name: example.com IP address of host running PDM: 192.168.1.2 Step 5 Enter n to edit the values, or enter y to save the information to the firewall Flash memory. Use this configuration and write to flash? y Or, enter y at the prompt to save the information to the firewall Flash memory. Loading the PDM Image Using FTP in Multiple Context Mode Perform the following steps to load the PDM image file onto the firewall: Step 1 Enter the following at the command prompt to load the PDM image file: fwsm# copy ftp://Your_FTP_Server_IP_Address/Your_pdmfile_name flash:pdm Or you can enter the generic command and follow the prompts: fwsm# copy ftp flash:pdm Step 2 Enter the following command to change to admin context: fwsm# changeto context admin Note For information on configuring admin context to enable access to PDM, see the "Configuring a Security Context" section in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3. Step 3 Configure the IP address and default route for the admin context. –For information on configuring IP address, routing and DHCP, see the Configuring IP Addresses, Routing, and DHCP section in the in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3. –For information on how to set up an IP address in a context, see the Logging into the FWSM in Multiple Context Mode section in the in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide Release 2.3. Step 4 To identify the IP addresses from which the FWSM accepts HTTPS connections, enter the following command for each address or subnet: fwsm/admin(config)# http source_IP_address mask source_interface Step 5 Enter the following command to enable the HTTPS server: fwsm/admin(config)# http server enable Step 6 Enter the following command to enable the PDM metrics history: fwsm/admin(config)# pdm history enable For example, to enable the HTTPS server and let a host on the inside interface with an address of 192.168.1.2 access PDM, enter the following commands: fwsm/admin(config)# http server enable fwsm/admin(config)# pdm history enable fwsm/admin(config)# http 192.168.1.2 255.255.255.255 inside To allow all users on the 192.168.3.0 network to access PDM on the inside interface, enter the following command: fwsm/admin(config)# http 192.168.3.0 255.255.255.0 inside
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks