Cisco Secure Firewall Services Module (FWSM)
- 6h 4m
- Arvind Durai, Ray Blair
- Cisco Press
- 2009
The Firewall Services Module (FWSM) is a high-performance stateful-inspection firewall that integrates into the Cisco 6500 switch and 7600 router chassis. The FWSM monitors traffic flows using application inspection engines to provide a strong level of network security. The FWSM defines the security parameter and enables the enforcement of security policies through authentication, access control lists, and protocol inspection. The FWSM is a key component to anyone deploying network security.
Cisco Secure Firewall Services Module (FWSM) covers all aspects of the FWSM. The book provides a detailed look at how the FWSM processes information, as well as installation advice, configuration details, recommendations for network integration, and reviews of operation and management. This book provides you with a single source that comprehensively answers how and why the FWSM functions as it does. This information enables you to successfully deploy the FWSM and gain the greatest functional benefit from your deployment. Practical examples throughout show you how other customers have successfully deployed the FWSM.
By reading this book, you will learn how the FWSM functions, the differences between the FWSM and the ASA Security Appliance, how to implement and maintain the FWSM, the latest features of the FWSM, and how to configure common installations.
- Understand modes of operation, security levels, and contexts for the FWSM
- Configure routing protocols and the host-chassis to support the FWSM
- Deploy ACLs and Authentication, Authorization, and Accounting (AAA)
- Apply class and policy maps
- Configure multiple FWSMs for failover support
- Configure application and protocol inspection
- Filter traffic using filter servers, ActiveX, and Java filtering functions
- Learn how IP multicast and the FWSM interact
- Increase performance with firewall load balancing
- Configure IPv6 and asymmetric routing
- Mitigate network attacks using shunning, anti-spoofing, connection limits, and timeouts
- Examine network design, management, and troubleshooting best practices
About the Authors
Ray Blair, CCIE No. 7050, is a consulting systems architect who has been with Cisco for more than 8 years, working primarily on security and large network designs. He has 20 years of experience in designing, implementing, and maintaining networks that have included nearly all networking technologies. Mr. Blair maintains three CCIE certifications in Routing and Switching, Security, and Service Provider. He is also a CNE and a CISSP.
Arvind Durai, CCIE No. 7016, is an advanced services technical leader for Cisco. His primary responsibility has been in supporting major Cisco customers in the enterprise sector. One of his focuses has been on security, and he has authored several white papers and design guides in various technologies. Mr. Durai maintains two CCIE certifications, in Routing and Switching and Security.
In this Book
-
Types of Firewalls
-
Overview of the Firewall Services Module
-
Examining Modes of Operation
-
Understanding Security Levels
-
Understanding Contexts
-
Configuring and Securing the 6500/7600 Chassis
-
Configuring the FWSM
-
Access Control Lists
-
Configuring Routing Protocols
-
AAA Overview
-
Modular Policy
-
Understanding Failover in FWSM
-
Understanding Application Protocol Inspection
-
Filtering
-
Managing and Monitoring the FWSM
-
Multicast
-
Asymmetric Routing
-
Firewall Load Balancing
-
IP Version 6
-
Preventing Network Attacks
-
Troubleshooting the FWSM
-
Designing a Network Infrastructure
-
Design Scenarios
-
FWSM 4.x Performance and Scalability Improvements
-
Understanding FWSM 4.x Routing and Feature Enhancements
YOU MIGHT ALSO LIKE
