Cisco Cisco ACE Application Control Engine Module Anwendung
Cisco Catalyst 6500 Series Firewall Services Module
At-A-Glance
Copyright © 2008 Cisco Systems, Inc. All rights reserved. Cisco, Cisco IOS, Cisco Systems, and the Cisco Systems logo are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
C45-388771-01 03/08
What Are the Benefits of the Cisco Catalyst 6500 Series FWSM?
Feature
Benefits
Integrated Services Module
Enhances security and lowers cost of ownership:
The FWSM can be deployed in existing Cisco Catalyst 6500 Series switches or 7600 Series routers, providing infrastructure simplification, maximum return on network investment,
services innovation, and pervasive security. Any physical port on the switch can be configured to operate with firewall policy and protection, allowing for easy deployment at
a reduced footprint without additional configuration, power, and cabling.
•
High Performance, High Scalability,
Low Latency
Future-proofed as network traffic grows and secures latency-sensitive applications:
The Cisco FWSM provides industry-leading 100,000 connections per second, 5 Gbps throughput, and 1 million concurrent connections per module. Multiple FWSMs can be
clustered using static VLAN configurations or Cisco IOS
®
Software policy-based routing for directing traffic to these FWSMs. Up to four FWSMs can be deployed in the same
chassis for a total of 20 Gbps throughput.
A single FWSM can support up to 1000 virtual interfaces (256 per context), and a single chassis can scale up to a maximum of 4000 VLANs. In addition, two Cisco Application
A single FWSM can support up to 1000 virtual interfaces (256 per context), and a single chassis can scale up to a maximum of 4000 VLANs. In addition, two Cisco Application
Control Engines (ACEs) can be used within the Cisco Catalyst 6500 Series chassis to load-balance between three FWSMs for more than 15 Gbps of firewall throughput. Full
firewall protection is applied across the switch backplane, giving the lowest latency figures (30 ms for small frames, 30 usecs) possible. The Cisco FWSM is based on high-speed
network processors that provide high performance but retain the flexibility of general-purpose CPUs.
•
•
Firewall Services Virtualization
Reduces cost and complexity of management as needs grow:
A single FWSM can be partitioned into a maximum of 250 virtual firewalls (security contexts) in Cisco FWSM Software Version 3.1, allowing service providers and large enterprises
to implement policies for different customers or functional areas (such as DMZs) over the same physical infrastructure, reducing the cost and complexity of managing multiple
devices.
The Resource Manager helps ensure high availability by limiting resource usage per context. Role-based management allows multiple IT owners to configure and manage
The Resource Manager helps ensure high availability by limiting resource usage per context. Role-based management allows multiple IT owners to configure and manage
network- and application-layer security policies. Used at the Internet edge, virtual firewalls can be combined with virtual routing/forwarding (VRF) instances to provide complete
traffic separation and security on the campus network. Includes support for RIP, OSPF and stub iBGP routing protocols.
•
•
Transparent (Layer 2 ) Firewalls
Eases deployment:
Layer 2 firewalls can greatly simplify deployment in the data center with firewall policies configured within the same subsets and transparent to the hosts they are protecting.
Layer 2 firewalls also fit into existing networks with no Layer 3 changes and transparently pass Layer 3 traffic from routers, allowing interoperability with HSRP, VRRP, GLBP,
Multicast, and non-IP traffic such as IPX, MPLS, and BPDUs. The Cisco FWSM allows a mixture of transparent and routed firewalls to be implemented on the same module,
providing the most flexible network deployment options. The FWSM allows both routed and transparent virtual firewalls to coexist on the same physical device.
•
High Availability
Enterprise-class robustness for data center security:
The Cisco FWSM can be deployed in pairs to provide intra- or inter-chassis stateful failover services that help ensure resilient network protection for the most critical environments.
Both Active-Standby and Active-Active (Cisco FWSM Software Version 3.1) failover are supported.
•
Rich Stateful Inspection
Market-leading firewall features and broad protocol support:
The Cisco FWSM is based on Cisco PIX
®
firewall technology, which offers rich stateful inspection firewall services, and security enforcement technologies, including standards
compliance checking, denial of service attack protection, and intelligent application-aware inspection and controls for Web, data center application, VoIP, and multimedia protocols.
•
Why Cisco?
The Cisco Catalyst 6500 Series switches are the most widely deployed, industry leading family of switches. Adding the high performance, feature rich firewall service module
provides unprecedented capability with unmatched flexibility. Cisco delivers the industry’s richest set of security features integrated into the network fabric.
provides unprecedented capability with unmatched flexibility. Cisco delivers the industry’s richest set of security features integrated into the network fabric.