GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: FWSM 6509 firewall module info posted 03/26/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Loizos, The problem I have experienced appear to be a 'design feature' to protect the secure hosts rather
than (maybe) a problem per se. Devices on the outside required tftp from the outside inbound
to a protected server. We discovered later that there were application problems on the protected
server that may have caused the tftp session to hang. This resulted in the FWSM closing down
tftp on the protected interface. Without knowing more about the FWSM internal architecture I would say:
1) the FWSM took the right action (from a security point of view)
2) the FWSM should have blocked tftp only to the affected server host rather than the entire interface.


After much troubleshooting a 'clear xlate' restored tftp service on the
FWSM interface. Of course, a) the affected clients on the interface saw this as a firewall problem.
b) Off hours, I was unable to replicate the (server hung and ) tftp problem


If you encounter this problem, two internal bug numbers to reference when talking to TAC are:
CSCeb51412 CSCec67252


Veronica Timm
York University
Toronto, Canada

LoizosCisco wrote:

Veronica,

Thank you for the links. I have seen those. Do you
have any sample real life configs. Have you exprienced
any problems or do you have any tips?


You can e-mail me at: ylouis2@xxxxxxx

Thank you

Loizos
CCIE # 10702


--- Veronica Timm <veronica@xxxxxxxx> wrote:


Loizos, Good documentation? I would describe them as fair. I am aware of only one set of FWSM documents which
I'm sure you have seen. Does anyone know of any additional documentation?





http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_1_1/fwsm112/fwsm112.pdf


http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_1_1/fwsm112/bascfg.pdf


http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_1_1/fwsm112/advcfg.pdf


In FWSM 1.1(2) I was informed by TAC to ignore the *'firewall multiple-vlan-interfaces' *command.*
*This will be used in a future release.


Veronica Timm
York University
Toronto, Canada




LoizosCisco wrote:




Does anyone have any ifno or configs on the FWSM
modules. I can not find any good documentation on
Cisco web site.

Thank you

Loizos
CCIE # 10702


--- Chris Larson <CLarson@xxxxxxxxx> wrote:





It has been some time since I have worked with
Netscreen, but I have noticed they continually


beat


out competition including Cisco in most firewall
"shootouts". I am concerned about Juniper now


owning


them as Juniper has no experience in the
firewall/security market but that is probably
minor... who knows.


The netscreen is gui through a browser, lacks (or
did) any good debugging for troubleshooting but is
very simple. If you understand the basics of
firewalling and VPN this is very easy to deploy.


At


the time Netscreen was about to introduce the 1000
that was vlan aware. Of course now so is the FWSM
but. I think the netscreen is an excellent and


easy


to use product for its pricing that apparently
outperforms most other firewalls according to
independant "shootouts".. I would imagine that has
to do with the design around ASICS rather then a
processor. Price to performance, you prolly can't
beat it. Feature wise though it may be lacking....


Chris #12380




-----Original Message----- From: Wright, Jeremy [mailto:wright@xxxxxxxxxxxx]


Sent: Wed 3/24/2004 11:35 AM To: 'security@xxxxxxxxxxxxxx' Cc: 'ccielab@xxxxxxxxxxxxxx' Subject: PIX vs. Netscreen



Has anyone had experience with both of these
products? If so, what are the
advantages/disadvantages of both? Thanks.







*****************************************
Jeremy Wright
CCIE# 11168
Network Engineer
Archer Daniels Midland
wright@xxxxxxxxxxxx
(217)451-4063

*****************************************


CONFIDENTIALITY NOTICE:
This message is intended for the use of


the


individual or entity to which it is addressed and
may contain information that is privileged,
confidential and exempt from disclosure under
applicable law. If the reader of this message is
not the intended recipient or the employee or


agent


responsible for delivering this message to the
intended recipient, you are hereby notified that


any


dissemination, distribution or copying of this
communication is strictly prohibited.
If you have received this communication


in


error, please notify us immediately by email reply
or by telephone and immediately delete this


message


and any attachments. In the U.S. call us toll


free


at (800) 637-5843.
Spanish, French, French (Canada),
Portuguese, Polish, German, Dutch, Turkish,


Russian,


Japanese and Chinese: http://www.admworld.com/confidentiality.htm.






_______________________________________________________________________






Please help support GroupStudy by purchasing your
study materials from:
http://shop.groupstudy.com

Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html




__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on


time.


http://taxes.yahoo.com/filing.html



_______________________________________________________________________


Please help support GroupStudy by purchasing your


study materials from:


http://shop.groupstudy.com

Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html




--
Veronica Timm
Senior Network Specialist
Network Operations
York University		Voice: (416) 736-2100 x.22682
Toronto, Ontario	  Fax: (416) 736-5701
Canada.  M3J 1P3	Email: veronica@xxxxxxxx






__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html



-- Veronica Timm Senior Network Specialist Network Operations York University Voice: (416) 736-2100 x.22682 Toronto, Ontario Fax: (416) 736-5701 Canada. M3J 1P3 Email: veronica@xxxxxxxx

_______________________________________________________________________
Please help support GroupStudy by purchasing your study materials from:
http://shop.groupstudy.com

Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html