«

Hello,

I have some questions on FWSM and any help will be appreciated:

Basically what we are trying to do is simple in architecture:
Relocating production Vlans behind the FWSM blade..

In comparison, this is much simpler than putting it on the perimeter
and have the whole network behind it where you need to do complex
routing etc..

I have defined one outside interface where FWSM interfaces with the
campus network ... The idea is to put VLANS (not complex) behind this
interface. The filtering (ACL)s for incoming traffic is done on the
outside interface.

1) In order to make a distinction between different vlans, would it be
possible to use more then one access-list on the outside interface ?
(If I specify only one access-list for all the incoming traffic from
outside to the vlans, it will be difficult to troubleshoot when having
problems with specific vlans)

2) ACL Command: access-list x permit tcp any any established can not
be used for FWSM.. Is there anything else I can use to replace
"established" ?

3) If I want to put comments in the FWSM configuration file, how can I
do that ?


Thanks in advance

--osman

Montreal, Quebec