Evaluated Product - Details

Return to the EPL index

Cisco Firewall Services Module (FWSM) version 3.1 (4) for Cisco Catalyst 6500 switches and Cisco 7600 routers

Product type: Network and Network Related Devices and Systems
Product Status: Completed
Assurance Level: EAL4+ ALC_FLR.1

Product Details

Product Description

Certification Country: UNITED STATES (2007)
Certificate Details: CCEVS-VR-07-0027
Certification Method: CC
Crypt Evaluation: Not Required
Evaluation Facility: Arca CCTL
Manufacturer/Vendor/Distributor: Cisco Systems


Cisco Systems Inc
Global Certifications

Phone: + 1 410 309 4862
Email: certteam@cisco.com
Website: http://www.cisco.com

Senior Systems Engineering Manager
Tony Hall
Sales / Channels

Phone: +61 2 6216 0647
Mobile: +61 401 890577
Email: anthhall@cisco.com


Maintenance Report
Security Target
Consumer Guide
Certification Report

The Cisco FWSM is a stateful packet filtering firewall. A stateful packet filtering firewall controls the flow of IP traffic by matching information contained in the headers of connection-oriented or connectionless IP packets against a set of rules specified by the firewall's authorised administrator. This header information includes source and destination host (IP) addresses, source and destination port numbers, and the transport service application protocol (TSAP) held within the data field of the IP packet. Depending upon the rule and the results of the match, the firewall either passes or drops the packet. The stateful firewall remembers the state of the connection from information gleaned from prior packets flowing on the connection and uses it to regulate current packets. The packet will be denied if the security policy is violated.

In addition to IP header information, the Cisco FWSM mediates information flows on the basis of other information, such as the direction (incoming or outgoing) of the packet on any given firewall network interface. For connection-oriented transport services, the firewall either permits connections and subsequent packets for the connection or denies the connection and subsequent packets associated with the connection.