Cisco Firewall Service Module - security appliance
Mfg # WS-SVC-FWM-1-K9-RF
CDW # 3330924
Quick tech specs
- Security appliance
- plug-in module
- 6503
- 6509
- 6509-NEB-A
- refurbished
- for Catalyst 6500
- 6506
- 6509-NEB
- 6513
Know your gear
The Cisco Catalyst 6500 Series Firewall Services Module (FWSM), a high-speed, integrated firewall module for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers, provides 5.5 Gbps throughput, 100, 000 connections per second, and 1 million concurrent connections. Up to four FWSMs can be installed in a single chassis, providing scalability to 20 Gbps per chassis. As part of the Cisco PIX family of security appliances, the FWSM provides large enterprises and service providers with superior security, reliability, and performance.
The FWSM uses Cisco PIX technology and runs the Cisco PIX OS, a real-time, hardened, embedded system that eliminates security holes and performance-degrading overhead. At the heart of the system, a protection scheme based on the Adaptive Security Algorithm (ASA) offers stateful connection-oriented firewalling. Using ASA, the FWSM creates a connection table entry for a session flow based on the source and destination addresses, randomized TCP sequence numbers, port numbers, and additional TCP flags. The FWSM controls all inbound and outbound traffic by applying the security policy to these connection table entries.
The FWSM includes many advanced features like multiple security contexts both at the routed levels and in bridging mode, helping to reduce cost and operational complexity while managing multiple firewalls from the same management platform. The virtualization on the FWSM reinforces the investment protection provided on Cisco Catalyst 6500 Series switches and 7600 Series routers. FWSM virtualization, when combined with other security services within the Cisco Catalyst 6500 Series Switch or Cisco 7600 Series Router, presents a powerful defense in-depth solution. Using features like Resource Manager, organizations can limit the resources allocated to any security context at any time, which helps to ensure that one security context does not interfere with another.
Using the transparent firewall feature, which configures the FWSM to act as a Layer 2 bridging firewall, there are minimal changes required to the network topology. The use of a transparent firewall reduces both the configuration and deployment time-a definite plus for any business with limited IT resources. There are no IP addresses except the management interface; no subnetting or configuration updates are required with transparent firewalls.
The FWSM Services Management and Enhanced Resource Management and Limiting features more effectively provision and monitor security services, even within and across multiple virtual contexts. This includes class creation, resource limiting, per-user/Cisco Access Control Server (ACS)-based access control lists (ACLs), syslogs per ACL, syslog level configuration, Address Resolution Protocol (ARP) inspection, and multicast pass-through support.
Enhanced filtering provides extended protection and application support, such as voice applications. It also includes policy-based Network Address Translation (NAT), bidirectional NAT, bidirectional ACLs, voice over IP (VoIP) enhancements, Port Address Translation (PAT) for skinny and Session Initiation Protocol (SIP), Media Gateway Control Protocol (MGCP), H.323 v3 and v4, Multiprotocol Label Switching (MPLS) and firewall integration, URL filtering with WebSense and N2H2, and shunning and blocking attacks.
The FWSM uses Cisco PIX technology and runs the Cisco PIX OS, a real-time, hardened, embedded system that eliminates security holes and performance-degrading overhead. At the heart of the system, a protection scheme based on the Adaptive Security Algorithm (ASA) offers stateful connection-oriented firewalling. Using ASA, the FWSM creates a connection table entry for a session flow based on the source and destination addresses, randomized TCP sequence numbers, port numbers, and additional TCP flags. The FWSM controls all inbound and outbound traffic by applying the security policy to these connection table entries.
The FWSM includes many advanced features like multiple security contexts both at the routed levels and in bridging mode, helping to reduce cost and operational complexity while managing multiple firewalls from the same management platform. The virtualization on the FWSM reinforces the investment protection provided on Cisco Catalyst 6500 Series switches and 7600 Series routers. FWSM virtualization, when combined with other security services within the Cisco Catalyst 6500 Series Switch or Cisco 7600 Series Router, presents a powerful defense in-depth solution. Using features like Resource Manager, organizations can limit the resources allocated to any security context at any time, which helps to ensure that one security context does not interfere with another.
Using the transparent firewall feature, which configures the FWSM to act as a Layer 2 bridging firewall, there are minimal changes required to the network topology. The use of a transparent firewall reduces both the configuration and deployment time-a definite plus for any business with limited IT resources. There are no IP addresses except the management interface; no subnetting or configuration updates are required with transparent firewalls.
The FWSM Services Management and Enhanced Resource Management and Limiting features more effectively provision and monitor security services, even within and across multiple virtual contexts. This includes class creation, resource limiting, per-user/Cisco Access Control Server (ACS)-based access control lists (ACLs), syslogs per ACL, syslog level configuration, Address Resolution Protocol (ARP) inspection, and multicast pass-through support.
Enhanced filtering provides extended protection and application support, such as voice applications. It also includes policy-based Network Address Translation (NAT), bidirectional NAT, bidirectional ACLs, voice over IP (VoIP) enhancements, Port Address Translation (PAT) for skinny and Session Initiation Protocol (SIP), Media Gateway Control Protocol (MGCP), H.323 v3 and v4, Multiprotocol Label Switching (MPLS) and firewall integration, URL filtering with WebSense and N2H2, and shunning and blocking attacks.