Cisco Cisco Catalyst 6500 Series Firewall Services Module Technical Manual
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on the Firewall Service Module (FWSM) that runs software
version 3.2(5).
version 3.2(5).
The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
Conventions
Refer to the Cisco Technical Tips Conventions for more information on document conventions.
Background Information
Context Configuration Files
Context Configurations
The FWSM includes a configuration for each context that identifies the security policy, interfaces, and almost
all the options you can configure on a standalone device. You can store context configurations on the internal
Flash memory or the external Flash memory card, or you can download them from a TFTP, FTP, or HTTP(S)
server.
all the options you can configure on a standalone device. You can store context configurations on the internal
Flash memory or the external Flash memory card, or you can download them from a TFTP, FTP, or HTTP(S)
server.
System Configuration
The system administrator adds and manages contexts with the configuration of each context configuration
location, allocated interfaces, and other context operating parameters in the system configuration, which, like
a single mode configuration, is the startup configuration. The system configuration identifies basic settings for
the FWSM. The system configuration does not include any network interfaces or network settings for itself;
rather, when the system needs to access network resources, such as downloading the contexts from the server,
it uses one of the contexts that is designated as the admin context. The system configuration does include a
specialized failover interface for failover traffic only.
location, allocated interfaces, and other context operating parameters in the system configuration, which, like
a single mode configuration, is the startup configuration. The system configuration identifies basic settings for
the FWSM. The system configuration does not include any network interfaces or network settings for itself;
rather, when the system needs to access network resources, such as downloading the contexts from the server,
it uses one of the contexts that is designated as the admin context. The system configuration does include a
specialized failover interface for failover traffic only.
Admin Context Configuration
The admin context is just like any other context, except that when you log in to the admin context, then you
have system administrator rights and can access the system and all other contexts. The admin context is not
restricted in any way, and can be used as a regular context. But, because logging into the admin context grants
you administrator privileges over all contexts, you can possibly need to restrict access to the admin context to
appropriate users. The admin context must reside on Flash memory, and not remotely.
have system administrator rights and can access the system and all other contexts. The admin context is not
restricted in any way, and can be used as a regular context. But, because logging into the admin context grants
you administrator privileges over all contexts, you can possibly need to restrict access to the admin context to
appropriate users. The admin context must reside on Flash memory, and not remotely.
If your system is already in multiple context mode, or if you convert from single mode, the admin context is
created automatically as a file on the internal Flash memory called admin.cfg. This context is named
created automatically as a file on the internal Flash memory called admin.cfg. This context is named
admin
.
If you do not want to use admin.cfg as the admin context, you can change the admin context.