I would like to see IPV6 Support for Cisco FWSM
I probably could arrange for a Linux box strapped to our FWSM in a v6 environment to be made available to NetCitadel as we have about 20 spare contexts floating around that could be used for experimentation. I hope it would give the developers an opportunity to fix up and make more functional the v4 support and see if there is a way to work with the multiple context functionality?
Bear in mind, the FWSM apparently only does IPv6 filtering in software and is a general pain in the rear so the OP should be planning to set fire to the blades and pushing them out of a top floor window. One problem I ran into is that you cannot use protocol groups and logging rules together, plus RPF looks like a no-go; unless you do not mind all your logs filling up with grumblings that fe80::/10 -> ip6-multicast is 'hacking' you :-/
 due to contraints in the FWSM, only non-SCP access could be granted :(
 straight vanilla SCP is not available as only SCP to a single global context (which dumps things in disk:/). You then log in, *change* context and then 'copy disk:/foobar.fw running-config'. Currently I am using the FWSM functionality in non-SCP mode, but working on an external helper script to sort it out properly
Log in to post a comment.