Chapter 4. Troubleshooting Firewall Services Module

Firewall Services Module (FWSM) is designed and implemented based on the PIX Firewall code; hence most of the troubleshooting techniques shown in Chapter 3, "Troubleshooting Cisco Secure PIX Firewalls" also apply to FWSM, with a few exceptions. However, as the FWSM module interoperates with the switch, the packet flows from point A to point B through the FWSM are more complex than that of the PIX/ASA platform because of its complex architecture. To troubleshoot issues with FWSM, you must understand FWSM architecture. This will help you to understand FWSM packet flows. So this chapter starts with a discussion of FWSM Architecture, which leads to a discussion of packet flows through the FWSM. Then we will discuss the tools available to troubleshoot complex issues, and how to use these tools to analyze logs efficiently. Issues are then broken down into different categories such as connection issues, performance issues, and so on, for simplicity. The chapter concludes with a Best Practices Section.

