Datasheet
Data Sheet
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 12
Security Services Integration
The Cisco FWSM can be combined with other Cisco security services modules such as the
Intrusion Detection Services Module (IDSM-2), IP Security (IPSec) VPN Shared Port Adapter
(SPA), Traffic Anomaly Detection Module (ADM), Anomaly Guard Module (AGM), and the Network
Analysis Module (NAM-1 and NAM-2). Together, these services modules provide a complete self-
defending network solution. Integration of service modules into one chassis allows for ease of use
and support for network administrators. Role-based remote access controls fosters collaboration
for IT managers.
With this modular approach, customers can use their existing switching and routing infrastructures
for cost-effective deployment—and can do so while obtaining the highest performance available in
the industry and providing secured IP services along with multilayer LAN and WAN switching and
routing capabilities.
Firewall Services Module Benefits
Integrated Module Enhances Security and Lowers Cost of Ownership
Besides protecting the perimeter of the corporate network from threats, the Cisco FWSM is
installed inside a Cisco Catalyst 6500 Series switch or Cisco 7600 Series router, inspects traffic
flows and prevents unauthorized users from accessing a particular subnet, workgroup, or LAN
within a corporate network. This intelligent network integration allows the FWSM to provide greater
investment protection, a lower total cost of ownership, and a reduced footprint where power and
rack space are at a premium. Any physical port on the switch can be configured to operate with
firewall policy and protection, allowing for easy deployment without additional configuration and
cabling, and providing firewall security inside the network infrastructure. The FWSM can be
deployed together with other Cisco Catalyst 6500 Series and Cisco 7600 Series security
services modules, for a secure, multilayer defense-in-depth IP services solution.
High Performance, High Scalability and Low Latency Ready for the Future
The FWSM is based on high-speed network processors that provide high performance but retain
the flexibility of general-purpose CPUs. The Cisco FWSM provides industry-leading performance
of upto 100,000 new connections per second, 5.5 Gbps of throughput, and one million concurrent
connections per service module. This superior performance helps organizations meet future
growing requirements without requiring a system overhaul. Multiple FWSMs can be clustered
using static VLAN configurations or the Catalyst 6500 IOS Policy-based Routing (PBR) for
directing traffic to these FWSMs. Up to four FWSMs can be deployed in the same chassis for a
total of 20 Gbps throughput. A single FWSM can support up to 1000 virtual interfaces (256 per
context), and a single chassis can scale up to a maximum of 4000 VLANs. In addition, two Cisco
Application Control Engines (ACE) can be used within the Catalyst 6500 chassis to load balance
three FWSMs for over 15Gbps of firewall throughput, over 150,000 connections per second and
two million concurrent connections.
Full firewall protection is applied across the switch backplane, giving the lowest latency figures
(30 microseconds for small frames) possible. This is important to secure latency-sensitive
applications such as financial market data and voice over IP (VoIP).