What would be another reason for using security context? According to Cisco ( ) the common uses are :
•You are a service provider and want to sell security services to many customers. By enabling multiple security contexts on the security appliance, you can implement a cost-effective, space-saving solution that keeps all customer traffic separate and secure, and also eases configuration.
•You are a large enterprise or a college campus and want to keep departments completely separate.
•You are an enterprise that wants to provide distinct security policies to different departments.
•You have any network that requires more than one security appliance.
Lets say an organization was going to deploy a 6500 switch with a FWSM in a datacenter and all the administration was to be done by one administrator. All the servers are for the organization. In other words its not a service provider.
In addition there are about 20 VLANS for different servers (e.g. one subnet for internal databases, one for internal web servers, one for DMZ databases, one for DMZ web servers, one for internal email servers).
Based on the Cisco documentation I do not see a need for multiple security contexts in this case. I am assuming all firewall functionality will still work when packets go from one VLAN to another such as packet inspection, ACLs, etc. In addition the VLANS will be just as secure from one another.
Thanks!
•You are a service provider and want to sell security services to many customers. By enabling multiple security contexts on the security appliance, you can implement a cost-effective, space-saving solution that keeps all customer traffic separate and secure, and also eases configuration.
•You are a large enterprise or a college campus and want to keep departments completely separate.
•You are an enterprise that wants to provide distinct security policies to different departments.
•You have any network that requires more than one security appliance.
Lets say an organization was going to deploy a 6500 switch with a FWSM in a datacenter and all the administration was to be done by one administrator. All the servers are for the organization. In other words its not a service provider.
In addition there are about 20 VLANS for different servers (e.g. one subnet for internal databases, one for internal web servers, one for DMZ databases, one for DMZ web servers, one for internal email servers).
Based on the Cisco documentation I do not see a need for multiple security contexts in this case. I am assuming all firewall functionality will still work when packets go from one VLAN to another such as packet inspection, ACLs, etc. In addition the VLANS will be just as secure from one another.
Thanks!