Datasheet

Data Sheet
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 12
FWSM Overall Feature Summary
Table 2 provides an overall feature summary of the Cisco FWSM.
Table 2. FWSM Overall Feature Summary
Features Summary
Scalable Architecture to Support
Up to 20+ Gbps of Firewall
Services within the Catalyst 6K
Infrastructure
A variety of industry proven clustering techniques deliver a seamless method
to scale firewall performance to 20 Gbps and beyond.
Visibility into Encrypted Threats
Leveraging SSL decryption capabilities within the Catalyst 6K infrastructure,
the FWSM has the ability to gain visibility into encrypted policy violations to
which traditional firewalls have no visibility.
Intelligent Network Services
Layer 2 Firewall (transparent mode) with NAT and PAT support
Layer 2 Firewall (transparent mode) with NAT and PAT support
Layer 3 Firewall (route and/or NAT mode)
Mixed Layer 2 and Lyer 3 firewall per FWSM
Dynamic/static NAT and PAT
Policy-based NAT
VRF-aware NAT
Destination NAT for Multicast
Static routing support in signle- and multiple security content mode
Dynamic routing in single security context mode: Open Shortest Path First
(OSPF). Routing Initiation Protocol (RIP) v1 and v2, PIM Sparse Mode v2
multicast routing, Internet Group Management Protocol (IGMP) v2.
Dynamic routing in single and virtual security context mode using stub iBGP
(Licensed feature)
Transparent mode supports static routing only
Private VLAN for L2 and L3 firewall enables firewall security policies between
isolated ports.
Asymmetric routing supporting without redundancy by using asymmetric
routing groups
IPv6 networking and management access using IPv6 HTTPS, Secure Shell
Protocol (SSH) v1 and v2, and Telnet
Core Stateful Firewall
NAT Translate bypass enhances scalability by not creating NAT
translate entries when no NAT-control or NAT except is used
Selective TCP State Bypass on a per flow basis
Timeout on a per flow for TCP and non-TCP flows
ACLs: Extended ACL for IP traffic, Ethertype ACL for non-IP traffic, standard
ACL for OSPF route distribution, per-user Cisco Secure Access Control Server
(ACS)-based ACLs, per-user ACL override, object fgrouping for ACLs, time-
based ACLs
Cisco Modular Policy Framework (MPF) with flow-based security policies
Cut-through user authentication proxy with local database and external
AAA server support: TCP, HTTP, FTP, HTTPS, and others
URL filtering: Filter HTTP, HTTPS, and FTP requests by Websense Enterprise
or HTTP filtering by N2H2 (now part of Secure Computing Corporation)
Same security-level communication between VLANs (without NAT/static
policies) and per-host maximum connection limit
Protection from denial of service (DoS) attacks: DNS Guard, Flood Defender,
Flood Guard, TCP Intercept with SYN cookies organization, Unicast Reverse
Path Forwarding (uRPF), Mail Guard, FragGuard and Virtual Reassembly,
Internet Control Message Protocol (ICMP) stateful inspection, User Datagram
Protocol (UDP) rate control, TCP stream re-assembly and deobfuscation
engine, TCP traffic normalization services for attack detection
Address Resolution Protocol (ARP) inspection in transparent firewall mode
DHCP server, DHCP relay to upstream router with per interface configuration