The Firewall Services Module (FWSM) - a high-speed, integrated firewall module that provides the fastest firewall data rates in the industry: 5 GB throughput, 100, 000 CPS, and 1M concurrent connections. Up to four FWSMs can be installed in a single chassis providing scalability to 20 GB per chassis. As part of the world-leading Cisco PIX Firewall family, the FWSM provides large enterprises and service providers with unmatched security, reliability, and performance.
The FWSM leverages Cisco PIX technology and runs the Cisco PIX Operating System (OS), a real-time, hardened, embedded system that eliminates security holes and performance-degrading overhead. At the heart of the system, a protection scheme based on the Adaptive Security Algorithm (ASA) offers stateful connection-oriented firewalling. Using ASA, the FWSM creates a connection table entry for a session flow based on the source and destination addresses, randomized TCP sequence numbers, port numbers, and additional TCP flags. The FWSM controls all inbound and outbound traffic by applying the security policy to these connection table entries.
A variety of industry proven clustering techniques deliver a seamless method to scale firewall performance to 20 Gbps and beyond.
Leveraging SSL decryption capabilities within the Catalyst 6K infrastructure, the FWSM has the ability to gain visibility into encrypted policy violations to which traditional firewalls have no visibility.
Dynamic routing in single security context mode: Open Shortest Path First (OSPF). Routing Initiation Protocol (RIP) v1 and v2, PIM Sparse Mode v2 multicast routing, Internet Group Management Protocol (IGMP) v2.
NAT Translate bypass enhances scalability by not creating NAT translate entries when no NAT-control or NAT except is used
Same security-level communication between VLANs (without NAT/static policies) and per-host maximum connection limit
Intrachassis and interchassis
Active-Standby stateful failover
Active-Active stateful failover support in multiple context mode
Asymmetric routing support with Active-Active redundancy
Advanced HTTP inspection services: RFC compliance checking for protocol anomaly detection, HTTP command filtering, MIME type filtering content validation, Uniform Resource Identifier (URI) length enforcement, and more
Multiplatform real-time monitoring, analysis and reporting with Cisco Security Monitoring, Analysis and Response System (MARS) v4.2 for FWSM Software 2.3 or later
Console to command-line interface (CLI): Session from switch, Cisco IOS Software-like CLI parser