Datasheet
Data Sheet
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 12
FWSM Overall Feature Summary
Table 2 provides an overall feature summary of the Cisco FWSM.
Table 2. FWSM Overall Feature Summary
Features Summary
Scalable Architecture to Support
Up to 20+ Gbps of Firewall
Services within the Catalyst 6K
Infrastructure
●
A variety of industry proven clustering techniques deliver a seamless method
to scale firewall performance to 20 Gbps and beyond.
Visibility into Encrypted Threats
●
Leveraging SSL decryption capabilities within the Catalyst 6K infrastructure,
the FWSM has the ability to gain visibility into encrypted policy violations to
which traditional firewalls have no visibility.
Intelligent Network Services
●
Layer 2 Firewall (transparent mode) with NAT and PAT support
●
Layer 2 Firewall (transparent mode) with NAT and PAT support
●
Layer 3 Firewall (route and/or NAT mode)
●
Mixed Layer 2 and Lyer 3 firewall per FWSM
●
Dynamic/static NAT and PAT
●
Policy-based NAT
●
VRF-aware NAT
●
Destination NAT for Multicast
●
Static routing support in signle- and multiple security content mode
●
Dynamic routing in single security context mode: Open Shortest Path First
(OSPF). Routing Initiation Protocol (RIP) v1 and v2, PIM Sparse Mode v2
multicast routing, Internet Group Management Protocol (IGMP) v2.
●
Dynamic routing in single and virtual security context mode using stub iBGP
(Licensed feature)
●
Transparent mode supports static routing only
●
Private VLAN for L2 and L3 firewall enables firewall security policies between
isolated ports.
●
Asymmetric routing supporting without redundancy by using asymmetric
routing groups
●
IPv6 networking and management access using IPv6 HTTPS, Secure Shell
Protocol (SSH) v1 and v2, and Telnet
Core Stateful Firewall
●
NAT Translate bypass enhances scalability by not creating NAT
translate entries when no NAT-control or NAT except is used
●
Selective TCP State Bypass on a per flow basis
●
Timeout on a per flow for TCP and non-TCP flows
●
ACLs: Extended ACL for IP traffic, Ethertype ACL for non-IP traffic, standard
ACL for OSPF route distribution, per-user Cisco Secure Access Control Server
(ACS)-based ACLs, per-user ACL override, object fgrouping for ACLs, time-
based ACLs
●
Cisco Modular Policy Framework (MPF) with flow-based security policies
●
Cut-through user authentication proxy with local database and external
AAA server support: TCP, HTTP, FTP, HTTPS, and others
●
URL filtering: Filter HTTP, HTTPS, and FTP requests by Websense Enterprise
or HTTP filtering by N2H2 (now part of Secure Computing Corporation)
●
Same security-level communication between VLANs (without NAT/static
policies) and per-host maximum connection limit
●
Protection from denial of service (DoS) attacks: DNS Guard, Flood Defender,
Flood Guard, TCP Intercept with SYN cookies organization, Unicast Reverse
Path Forwarding (uRPF), Mail Guard, FragGuard and Virtual Reassembly,
Internet Control Message Protocol (ICMP) stateful inspection, User Datagram
Protocol (UDP) rate control, TCP stream re-assembly and deobfuscation
engine, TCP traffic normalization services for attack detection
●
Address Resolution Protocol (ARP) inspection in transparent firewall mode
●
DHCP server, DHCP relay to upstream router with per interface configuration