Cisco Cisco Catalyst 6500 Series Firewall Services Module Manual Técnica
as a web or FTP server, you can place these resources on a separate network behind the firewall, called a
demilitarized zone (DMZ). The firewall allows limited access to the DMZ, but because the DMZ includes
only the public servers, an attack there affects only the servers and does not affect the other inside networks.
You can also control when inside users access outside networks, for example, access to the Internet, if you
allow only certain addresses out, require authentication or authorization, or coordinate with an external URL
filtering server.
demilitarized zone (DMZ). The firewall allows limited access to the DMZ, but because the DMZ includes
only the public servers, an attack there affects only the servers and does not affect the other inside networks.
You can also control when inside users access outside networks, for example, access to the Internet, if you
allow only certain addresses out, require authentication or authorization, or coordinate with an external URL
filtering server.
The FWSM includes many advanced features, such as multiple security contexts that are similar to virtualized
firewalls, transparent (Layer 2) firewall or routed (Layer 3) firewall operation, hundreds of interfaces, and
many more features.
firewalls, transparent (Layer 2) firewall or routed (Layer 3) firewall operation, hundreds of interfaces, and
many more features.
During the discussion of networks connected to a firewall, the outside network is in front of the firewall, the
inside network is protected and behind the firewall, and a DMZ, while behind the firewall, allows limited
access to outside users. Because the FWSM lets you configure many interfaces with varied security policies,
which includes many inside interfaces, many DMZs, and even many outside interfaces if desired, these terms
are used in a general sense only.
inside network is protected and behind the firewall, and a DMZ, while behind the firewall, allows limited
access to outside users. Because the FWSM lets you configure many interfaces with varied security policies,
which includes many inside interfaces, many DMZs, and even many outside interfaces if desired, these terms
are used in a general sense only.
Configure
In this section, you are presented with the information to configure the features described in this document.
Note: Use the Command Lookup Tool (registered customers only) in order to obtain more information on the
commands used in this section.
commands used in this section.
Network Diagram
This document uses this network setup:
Note: The IP addressing schemes used in this configuration are not legally routable on the Internet. They are
RFC 1918 addresses, which have been used in a lab environment.
RFC 1918 addresses, which have been used in a lab environment.