[c-nsp] FWSM, Contexts and ASA's
Christian Koch
christian at visr.org
Wed Feb 13 12:10:23 EST 2008
Hi Dale,
We are in still in process of deploying the FWSM blades and i am still
reading into the product literature, and i really cant say on the future of
the FWSM vs ASA, i believe it could be a great product for virtualizing
managed firewall services, but i am still too new to it, to evaluate
thanks for your input, this is some of what i was looking for - real
experiences with the fwsm
On Feb 13, 2008 11:50 AM, Dale W. Carder <dwcarder at wisc.edu> wrote:
>
> On Feb 13, 2008, at 10:36 AM, Christian Koch wrote:
> >
> > we are deploying FWSM for a customer firewalls, and someone has
> > brought up
> > the thought of moving our coproate firewalls (now on asa's) over to
> > these
> > same FWSM's..
> >
> > my main thoughts are to stray away from this.. does anyone run an
> > architecture like this now? or have any opinions on WHY to or to
> > not do it?
>
> While the FWSM does offer pretty decent resource provisioning,
> are you actually using it and tuning how many resources each
> context can eat up?
>
> I would also ask a strategy question, Do you think the FWSM
> product really has a future compared to ASA?
>
> If and when there is a problem on the FWSM, do you want your
> corporate network to be down? This is like any other such
> egg/basket issue, and NOT specific to the FWSM.
>
> We have several FWSM's and ASA's. We recently had an issue
> where one of the network processors in an FWSM got confused
> and refused to pass traffic for new flows. Strange situation
> for 50 customers in a funny ~40% state of "down". Based on
> geography this would have been the basket our eggs would
> have been in had we not separated the NOC out from various
> potential situations like this.
>
> Dale
>
More information about the cisco-nsp
mailing list