The FWSM supports asymmetric traffic flow from the 3.x code version and later. The previous section covers the problems caused by routing while introducing firewalls in asymmetric routing and gives a solution with and without redundancy to avoid these problems in the network. The solution aligns the firewalls with the Layer 3 network to avoid asymmetric routing issues. Asymmetric routing problems can occur when traffic flows between multiple security domains and these security domains are represented in a multiple context firewall. In this case, the flow of traffic for all security domains will be achieved by using symmetric firewall redundancy, congruent with the routing architecture. FWSM redundancy can be designed using Active/Standby and Active/Active modes.
The concept of asymmetric routing can be applied to single or multiple context mode. Asymmetric routing (ASR) feature support is available in 3.1 code version and later to support asymmetric routing. Based on the 3.1 code, the FWSM can have a maximum of 32 groups of ASR. The ASR support is also available in transparent and routed firewalls.
In this section, you will learn to support asymmetric routing using the following failover modes:
• Active/Standby mode
• Active/Active mode
Was this article helpful?