Cisco Catalyst 6500 & 7600 virtual FW licensing f/ 50 VF FR-SVC-FWM-VC-T2= 데이터 시트
제품 코드
FR-SVC-FWM-VC-T2=
Data Sheet
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 12
Robust Stateful Inspection and Application-Layer Security
The Cisco FWSM is based on the Cisco PIX firewall technology, also known as the Adaptive
Security Algorithm (ASA). The FWSM offers rich stateful inspection firewall services, tracking the
state of all network communications, applying security policy, and preventing Denial of Service
attacks and unauthorized network access. The FWSM creates a connection table entry for a
session flow based on the source and destination addresses, randomized TCP sequence
numbers, port numbers, and additional TCP flags, and applies security policy to these
connections.
Building upon the network-based firewall services, the FWSM also delivers strong application-layer
security through intelligent, application-aware inspection engines that examine network flows
at Layers 4–7. To defend networks from application-layer attacks, these inspection engines
incorporate extensive application and protocol knowledge, and employ security enforcement
technologies that include standards conformance checking, protocol anomaly detection,
application and protocol state tracking, bidirectional NAT services, bidirectional ACLs, Port
Address Translation (PAT), and attack detection and mitigation techniques such as
application/protocol command filtering, content verification, URL obfuscation, and URL filtering.
These inspection engines give businesses control over instant messaging, peer-to-peer file
sharing, and tunneling applications. In addition, the FWSM provides market-leading protection for
a wide range of VoIP and other multimedia standards.
Cisco FWSM Platform Performance and Capacities
Table 1 provides information on the performance and capacity of the Cisco FWSM.
Table 1.
Cisco FWSM Platform Performance and Capacities
Capacities
Performance
●
5.5 Gbps throughput per service module
●
Up to 4 FWSMs (20 Gbps) per Catalyst 6500 chassis with static VLAN
or IOS Policy-based Routing
●
2.8 Mpps
●
1 million concurrent connections
●
100,000 connection setups and teardowns per second
●
256,000 concurrent NAT or PAT translations
●
Jumbo Ethernet packets (8500 bytes) supported
VLAN Interfaces
●
1000 total per service module
●
256 VLANs per security context in routed mode
●
8 VLAN pairs per security context in transparent mode
Access Lists
●
Up to 80,000 Access Control Entries in single context mode
●
Note: the FWSM implements Layer 3 and 4 access control security
checks in hardware with virtually no performance impact using non-
upgradeable high-speed memory
upgradeable high-speed memory
Virtual Firewalls (Security Contexts)
●
20, 50, 100, 250 Virtual Firewall licenses
●
2 Virtual Firewalls and 1 administrative context are provided for testing
purposes.