Super-Networking

Cisco confirms the memory exhaustion vulnerability as per the advisory published by CERT/CC and confirms this vulnerability impacts the PIX and ASA appliance for system software 7.2 only. Exploitation of the vulnerability may lead to a Denial of Service condition against the appliance.
The Firewall Services Module (FWSM) is not affected by this vulnerability.
PSIRT would […]

I have been seeing some “Critical Syslog Events” coming through lately from my Cisco FWSM (Firewall Switch Module). The event number is FWSM-2-106017 or if you have a PIX it would be PIX-2-106017.
When you go to Cisco’s site for the explanation this is what they give you:
Error Message    %FWSM-2-106017: Deny IP due to Land […]

One of the benefits of having a firewall in your network is for the logging of the traffic that passes through it. By default when you turn on logging every single connection through the firewall is logged both on setup and teardown. In a high traffic network this can cause huge databases of syslogs and […]

I have been working on setting up a test for one over our load balanced webservers to be placed behind the new firewall we have installed. With putting this server behind the firewall I am also switching that webserver to use one-armed mode for load balancing.
Basically the main thing with one-armed CSM configs is that […]

Here are some good config guides to help you setup your Cisco Firewall Service Module.
Guide for your FWSM running version 2.3:
FWSM Config Guide 2.3
Guide for you FWSM running version 3.1:
FWSM Config Guide 3.1
Guide for setting up your FWSM into Transparent Mode:
FWSM Transparent Mode Config Guide

Here is a good read for those of you wanting to upgrade your Cisco Firewall Service Module from 2.X software to a 3.X version of the software.
FWSM Upgrade
I just upgrade our FWSM and had no issues, quite painless.

I am currently looking into putting additional security onto a network by adding a firewall in-place of an ACL. This network does a ton of traffic and is quite complex so putting in a firewall normally would be no easy task. This network is being run with a 7600 series router which gives me an […]