The FWSM also supports contexts so you can create around 250 individual virtual firewalls with over 1000 VLANs.
It is a monster but if you have to manage it you realize how cumbersome having that many firewalls is. :-) steve > > Cisco has a cool product called the Firewall Services Module. Basically, > it plugs into your switch's chassis and provides inline firewalling with > PIX OS 7.0, just like a standalone firewall. The syslog messages are > exactly the same, except for the following tiny difference: > > An original PIX message would be: > > Mar 5 04:02:24 myfirewall %PIX-6-302020: Built ICMP connection for faddr > x.x.x.x/0 gaddr x.x.x.x/0 laddr x.x.x.x/0 > > The FWSM message looks like: > > Mar 5 04:02:24 myfirewall %FWSM-6-302020: Built ICMP connection for faddr > x.x.x.x/0 gaddr x.x.x.x/0 laddr x.x.x.x/0 > > The following patch for /var/ossec/etc/decoder.xml should fix the > problem: > > --------------------------------------------------------------- > *** decoder.xml.2007-03-05 2007-03-05 11:54:30.000000000 -0500 > --- decoder.xml 2007-03-05 11:54:44.000000000 -0500 > *************** > *** 677,682 **** > --- 677,683 ---- > <decoder name="pix"> > <prematch>^%PIX-|^\w\w\w \d\d \d\d\d\d \d\d:\d\d:\d\d: > %PIX-|</prematch> > <prematch>^%ASA-|^\w\w\w \d\d \d\d\d\d \d\d:\d\d:\d\d: > %ASA-</prematch> > + <prematch>^%FWSM-|^\w\w\w \d\d \d\d\d\d \d\d:\d\d:\d\d: > %FWSM-</prematch> > </decoder> > > <decoder name="pix-fw1"> > --------------------------------------------------------------- > > David > Stephen Bradley 937-673-6255 [EMAIL PROTECTED] Broadband Support
