Cisco Secure Firewall Services Module (FWSM) (Networking...

• Cover Type: Paperback with 528 pages
• Published by: Cisco Press
• Edition: 1st Edition September 8, 2008
• Written in: English
• ISBN 10 Number: 1587053535
• ISBN 13 Number: 978-1587053535
• Book Dimensions: 9.1 x 7.2 x 1.3 inches
• Weighs: 1.9 pounds

Cisco Secure Firewall Services section (FWSM)

Best practices for securing networks with FWSM

Ray Blair, CCIE® No. 7050

Arvind Durai, CCIE No. 7016

The Firewall Services section (FWSM) is a high-performance stateful-inspection firewall that integrates into the Cisco® 6500 switch and 7600 router chassis. The FWSM monitors traffic flows using application inspection engines to provide a strong level of network security. The FWSM defines the security parameter and enables the enforcement of security policies through authentication, access control lists, and protocol inspection. The FWSM is a key component to anyone deploying network security.

Cisco Secure Firewall Services section (FWSM) covers all aspects of the FWSM. The book provides a detailed look at how the FWSM processes information, as well as installation advice, configuration details, recommendations for network integration, and reviews of operation and management. This book provides you with a single source that comprehensively answers how and why the FWSM functions as it does. This information enables you to successfully deploy the FWSM and gain the greatest functional benefit from your deployment. Practical examples throughout show you how other customers have successfully deployed the FWSM.

By reading this book, you will learn how the FWSM functions, the differences between the FWSM and the ASA Security Appliance, how to implement and maintain the FWSM, the latest features of the FWSM, and how to configure common installations.

Ray Blair, CCIE® No. 7050, is a consulting systems architect who has been with Cisco for more than 8 years, working primarily on security and large network designs. He has twenty years of experience in designing, implementing, and maintaining networks that have included nearly all networking technologies. Mr. Blair maintains three CCIE certifications in Routing and Switching, Security, and Service Provider. He is also a CNE and a CISSP.

Arvind Durai, CCIE No. 7016, is an advanced services technical leader for Cisco. His primary responsibility has been in supporting major Cisco customers in the enterprise sector. One of his focuses has been on security, and he has authored several white papers and design guides in various technologies. Mr. Durai maintains two CCIE certifications, in Routing and Switching and Security.

• Understand modes of operation, security levels, and contexts for the FWSM
• Configure routing protocols and the host-chassis to support the FWSM
• Deploy ACLs and Authentication, Authorization, and Accounting (AAA)
• Apply class and policy maps
• Configure multiple FWSMs for failover support
• Configure application and protocol inspection
• Filter traffic using filter servers, ActiveX, and Java filtering functions
• Learn how IP multicast and the FWSM interact
• Increase performance with firewall load balancing
• Configure IPv6 and asymmetric routing
• Mitigate network attacks using shunning, anti-spoofing, connection limits, and timeouts
• Examine network design, management, and troubleshooting best practices

This security book is part of the Cisco Press® Networking Technology series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Category: Networking: Security

Covers: Firewall security

 

About The Author

Ray Blair is a consulting systems architect and has been with Cisco Systems for more than eight years, working primarily on security and large network designs. He has twenty years of experience with designing, implementing, and maintaining networks that have included nearly all networking technologies. His first four years in the high-technology industry started with designing industrial computer systems for process monitoring. Mr. Blair maintains three Cisco Certified Internetwork Expert (CCIE) certifications in Routing and Switching, Security, and Service Provider. He also is a Certified Novell Engineer (CNE) and a Certified Information Systems Security Professional (CISSP).

Arvind Durai is an advanced services technical leader for Cisco Systems. His primary responsibility has been in supporting major Cisco customers in the Enterprise sector, some of which includes Financial, Manufacturing, E-commerce, State Government, and Health Care sectors. One of his focuses has been on security, and he has authored several white papers and design guides in various technologies. Mr. Durai maintains two Cisco Certified Internetwork Expert (CCIE) certifications in Routing and Switching and Security. Mr. Durai holds a Bachelor of Science degree in Electronics and Communication, a Master’s degree in Electrical Engineering (MS), and Master’s degree in Business Administration (MBA).

 

Reader Reviews
This book is effectively the user's manual for Cisco's FWSM. I don't know if the module comes with other documentation, but this text is probably what you should use for an indepth explanation of the product. Cisco has put a fair amount of functionality into FWSM. Using and controlling this functionality can be done via the network. Naturally, the remote access is mediated by a standard username and password combination. This can be compared with local configured user data stored in the FWSM. Or, in an interesting feature, with user data at an external server. The latter feature reflects a possible data centre usage, where you have several FWSMs deployed, and you want to centralise sysadmin data in one server. Another key feature is the failover mechanism. Where the firewall has 2 units. These can be set in active/standby or active/active modes. There are 2 FWSM modules, that jointly offer a physical redundancy. The book shows that synchronising these peer modules is straightforward. Obviously this costs more, but the improved reliability should be attractive or even necessary to some data centre sysadmins.