Chapter 1
Introduction to the Firewall Services Module
For QoS compatibility, the FWSM preserves the DSCP bits for all traffic that passes through the FWSM.
Note
Security Context Overview
You can partition a single FWSM into multiple virtual devices, known as security contexts. Each context
has its own security policy, interfaces, and administrators. Multiple contexts are similar to having
multiple standalone devices. Many features are supported in multiple context mode, including routing
tables, firewall features, and management. Some features are not supported, including dynamic routing
protocols.
In multiple context mode, the FWSM includes a configuration for each context that identifies the
security policy, interfaces, and almost all the options you can configure on a standalone device. The
system administrator adds and manages contexts by configuring them in the system configuration,
which, like a single mode configuration, is the startup configuration. The system configuration identifies
basic settings for the FWSM. The system configuration does not include any network interfaces or
network settings for itself; rather, when the system needs to access network resources (such as
downloading the contexts from the server), it uses one of the contexts that is designated as the admin
context.
The admin context is just like any other context, except that when a user logs in to the admin context,
then that user has system administrator rights and can access the system and all other contexts.
Multiple context mode supports static routing only.
Note
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Layer 3 and Layer 4 header adjustments
–
For UDP or other connectionless protocols, the FWSM creates connection state information so that
it can also use the accelerated path.
Data packets for protocols that require Layer 7 inspection can also go through the accelerated path.
Some established session packets must continue to go through the session management path or the
control plane path. Packets that go through the session management path include HTTP packets that
require inspection or content filtering. Packets that go through the control plane path include the
control packets for protocols that require Layer 7 inspection.
Security Context Overview
1-9