ACE and FWSM Deployment design

Hi,
I have a new deployment with FWSM in single context and ACE in multiple context. I need actually 3 contexts. what is the best mode of deployment of FWSm with ACE. I want to have the gateway of all real servers as the Firewall.
shall it be something like this - MSFC-> Fwsm -> ACE -> Real servers.
what mode the FWSM should be?
with regards
sathappan.s

Hi
You don't need to match FWSM contexts to ACE contexts. You are quite right in what you say in that you could use one routed context on the FWSM use different interfaces in that context for each ACE context.
It all depends on hwo you want to organise it. For example it could be argued that having matching contexts allows for easier adminstration having both the FW ruleset and the ACE rules "tied" to each other. Also if you have separate depts. managing their firewalls/load balancers contexts are the way to go.
As i said before it often comes down to licenses/cost but yes it is possible to use only one FWSM context.
Jon

Similar Messages

  • Ask the Expert: Cisco's 802.11ac Solutions - Deployment, Design, and Interop

    Ask your Questions on Cisco’s 802.11ac Solutions - Deployment, Design, and Interop with Cisco Experts: Richard Hamby and Shankar Ramanathan.
    Monday, March 30th, 2015 to Friday, April 10th, 2015
     Richard Hamby is a senior technical support engineer and Team Lead of the Cisco Technical Assistance Center in Richardson, Texas.  He is an expert in Indoor and Outdoor wireless for the full line of Cisco Unified and Converged Access Wireless products, as well as TAC Engineering Engagement Engineer liaison to project engineering teams for new Cisco wireless products.  Prior to his current role, Richard was a customer support engineer with the AAA Security TAC team supporting Cisco identity management solutions and been with Cisco since 2009.
    Shankar Ramanathan is a Customer Support Engineer at the Cisco Technical Center. He is a Technical Content Engineer and Subject Matter Expert for Cisco Enterprise Unified and Converged Access wireless mobility solution including Wireless LAN Controller  2500/5500/WISM2/7500/8500, Converged access 5760/3650/3850 switches,  Access Points Lightweight and Autonomous, VoWLAN (792x/9971) , Cisco Prime Infrastructure SNMP management, Cisco Mobility Services Engine(MSE/ CMX). Prior to joining Cisco in  November 2011, he worked as a wireless network engineer at Elan Technologies, responsible for RF wireless network planning, simulation, propagation path analysis, and optimization of Wi-Fi 802.11 mesh and WiMax (802.16 d/e) networks for various system  integration and automation projects. Shankar holds a master of science degree in electrical engineering specializing in communications and signal process from the State University of New York, Buffalo. Shankar has a CCIE in Wireless(#40548) and CCNA  certified (number 410004168640IMZF) and has over six years of industry experience.
    Find other  https://supportforums.cisco.com/expert-corner/events.
    **Ratings Encourage Participation! **
    Please be sure to rate the Answers to Questions

    A common question we are asked is 'why is my device not achieving 11ac data rates?'
    One of the most common answers relates to client compatibility/capability. To get the highest possible data rates of 11ac (assuming proper distance and RF health), the AP and the client device must both be capable supporting the requirements - 5GHZ, 80MHz Channel, short guard interval, 3 spatial streams. Each spatial stream has a max of 433.3Mb/s (at 80MHz, short GI).
    The majority of 11ac-capable wireless cards on the market do not support 3 spatial streams. Most adapters in wireless-capable devices are 1SS or 2SS.  For example, the Intel 7260 11ac adapter used in many devices is a 2SS adapter - therefore it's max possible data rate is 866.7.  Another common adapter in use is the 11ac Broadcom 3SS that Apple uses in the newer Macbooks.  These devices can achieve the 1.3GBs PHY data rate.
    This guidance is the same for 11n adapters as well.  To achieve max rate, your 11n AP and adapter must both support 40MHz channels, 3SS, short GI.
    Note: The 11n and 11ac standards both define support for 4SS.  4SS-capable devices are rare, so 3SS is essentially our reality.
    One of the most useful references for questions related to this topic is the AP Data Sheet for each AP.  Here's the AP3700 for example:
    http://www.cisco.com/c/en/us/products/collateral/wireless/3700-series-access-point/data_sheet_c78-729421.html
    Table 1 lists the expected data rate per MCS Index value by #SS at each channel width and GI. Indexes 0-7 are the same for 11n and 11ac (11n limited to 40MHz channels of course).  And MCS 8 & 9 are 11ac-only 256-QAM modulations. 

  • It's my 3000 post – Oracle ACE and Oracle employees

    Hello,
    So, this is my post number 3000. In this forum, it’s not so unique, but still I decided to dedicate it to the subject of Oracle ACE and Oracle employees.
    Recently, Joel blogged about Carl awarded Oracle ACE (http://joelkallman.blogspot.com/2009/02/carl-backstrom-oracle-ace.html), after special efforts made by Sharon, because “the folks at the Oracle Technology Network decided that Oracle employees could no longer be awarded the ACE designation”. I truly wish I could write that Carl is a living proof of this decision being misguided. Unfortunately, I can’t. However, Carl’s case paints the situation in strong colors. Only after his death, Carl was honored with something that I’m sure seems so obvious to most of us.
    I’m thinking that if this decision, not to award Oracle employees with Oracle ACE, was made sooner, people like Scott and Joel would not have awarded Oracle ACE, not to mention Tom Kyte, and probably others I’m not familiar with. Scott and Joel deals with APEX all day long, as part of their job, and this forum is not part of their day job description. Still, they find the time to help us all. Just look at the post counter of Scott. I’m amazed each time I see it. Scott, with all his experience, doesn’t limit himself to only the most complicated issues. You can see his replies, to the most basic issues, almost every day. Joel never failed helping me, and many others on this forum, every time there is an issue only he can help with. Scott and Joel were lucky, and have been awarded Oracle ACE, prior to this decision. Carl was less lucky, and as Joel wrote, I can’t think of anyone who better represent the true meaning and spirit of the Oracle ACE program.
    The point I’m trying to make is that Oracle ACE should not be left for luck and timing, or place of work, for that matter. I’m sure that the OTN folks had best intensions when making this decision. I can understand that people might suspect favoritism toward Oracle employees; however, the solution shouldn’t be the easy one – no to every Oracle employee.
    While writing, I can think of Tyler. He’s no longer a member of the APEX team, but we can still enjoy his wisdom and experience on this forum, not to mention his APEX dedicated blog entries, were he covers special and more complex aspects of working with this tool. I don’t know if Tyler qualifies to become Oracle ACE (and, of course, I’m only using him as an example) but it seems wrong to me not to even consider it, just because he happens to work for Oracle. I’m sure there are others like Tyler, in the other forums. I believe that this kind of behavior, by Oracle employees, should be encouraged, and not taken for granted. Certainly, they shouldn’t be penalized.
    So, what all of this has to do with my 3000 posts? I believe I earned the right to call myself a frequent poster on this forum. As such, I know how time consuming this forum can be, not to mention the hard and tedious job of keep repeating the same answers to the same questions, keep pointing to old references, and such. So, I want to take this opportunity to thank all the active participants of this forum, Oracle employees and others. In spite of all the hardship, this forum can also be very rewarding, and at least for me, a very educated experience. I learned a lot in my attempts to help others. I can all heartedly recommend it to everyone who enjoys helping others, and enriching him /her self in the process.
    Regards,
    Arie.

    If I understand you correctly, you ought to reinstall. At this point, even if you're able to resurrect this installation, it might be severely unstable. Mostly because of my proclivity for messing around with settings until I screw something up, I have a tremendous amount of experience with the recovery console, and my success rate is not inspiring. If you have data you need on the drive, your best course of action is to reinstall to a different boot drive, and once you’re able to boot, archive the files you want from the corrupted installation. Then you can wax both drives, restore the data and get everything back the way you want it. Getting your data back from the recovery console is basically a lost cause since it doesn't support wildcards (as in, you'd have to copy every freaking file one at a time).
    I re-read the above paragraph, and it's not the clearest thing I've ever written, so if you need clarification on anything, let me know.

  • Im in the military and im deployed right now i got a ipod touch but it wont let me down load apps . i put all my billing info in and my address but it keeps telling me to contact the support to complete my transaction

    im in the military and im deployed right now i got n ipod touch but it wont let me download apps . i put all my billing info and address in but it keeps telling me that i need to contact the support to complete my transaction

    it keeps telling me that i need to contact the support to complete my transaction
    Then contact Support.
    http://apple.com/support/itunes/contact/

  • Best report to check application and package deployment compliancy?

    I am looking for the best report to check application and package deployment compliancy.
    Preferably targeting a collection.
    tconners

    I'm recommending this one:
    Software Distribution - Application Monitoring folder -
    All application deployments (advanced)
    It allows you to select Collections and applications
    Kent Agerlund | My blogs: blog.coretech.dk/kea and
    SCUG.dk/ | Twitter:
    @Agerlund | Linkedin: Kent Agerlund |
    Mastering ConfigMgr 2012 The Fundamentals

  • Hello, I own a license for Adobe CS5 Production Premium and Adobe CS4 Design Premium for Windows/PC. I am switching to an OSX/MAC system. Is it possible to transfer my licenses to the new platform?

    Hello, I own a license for Adobe CS5 Production Premium and Adobe CS4 Design Premium for Windows/PC. I am switching to an OSX/MAC system. Is it possible to transfer my licenses to the new platform?

    It's possible to transfer licenses but it must be done by contacting a Customer Service representative by phone or web chat. They'll probably have you submit a form.
    Contact Customer Care

  • The background behind my pages has turned black, how do i get it to go back to grey? i have switched between preview, normal, bleed, slug and presentation and closed and opened in design and it is still black. I can't imagine layouts with the black backgr

    the background behind my pages has turned black, how do i get it to go back to grey? i have switched between preview, normal, bleed, slug and presentation and closed and opened in design and it is still black. I can't imagine layouts with the black background please help!

    or maybe the interface has been set to Dark?
    Go to Preferences > Interface tab, choose Light from Color Theme dropdown on Apearance section (upper part of the window)

  • Business delegate and Session facade design patterns

    Does any one tell me, what is the difference between business delegate and session facade design patterns.

    1. Session Facade decouples client code from Entity beans introducing session bean as a middle layer while Business Delegate decouples client code from EJB layer ( Session beans).
    2. SF reduces network overhead while BD reduces maintenance overhead.
    3. In SF any change in Session bean would make client code change.
    While in DB client is totally separate from Session bean because BD layer insulate client from Session beans(EJB layer).
    3. In only SF scenario, Client coder has to know about EJB programming but BD pattern no EJB specialization needed.
    4.SF emphasizes on separation of Verb, Noun scenario while BD emphasizes on separation of client(presentable) and EJB layer.
    Anybody pls suggest more differences ?

  • We are currently looking for a way to link images to a design file within programs like InDesign and Illustrator using an HTML link instead of a local file.  We are hosting our images in SharePoint and need the design file to retain it's links, no matter

    We are currently looking for a way to link images to a design file within programs like InDesign and Illustrator using an HTML link instead of a local file.  We are hosting our images in SharePoint and need the design file to retain it's links, no matter who on our network opens the design file.

    The Cloud forum is not about using individual programs
    The Cloud forum is about the Cloud as a delivery & install process
    If you will start at the Forums Index https://forums.adobe.com/welcome
    You will be able to select a forum for the specific Adobe product(s) you use
    Click the "down arrow" symbol on the right (where it says All communities) to open the drop down list and scroll

  • Urgent!!! Cisco ACE and asymetric routing assistance needed

    I am wondering if someone can give me pointers on the cisco ACE
    and asymetric routes. I've attached the diagram:
    -Cisco IOS IP address is 192.168.15.4/24 and 4.1.1.4/24
    -Firewall External interface is 192.168.15.1/24,
    -Firewall Internal interface is 192.168.192.1/24,
    -F5_BigIP External interface is 192.168.192.4/24,
    -F5_BigIP Internal interface is 192.168.196.1/24 and 192.168.197.1/24,
    -host_y has IP addresses of 192.168.196.10/24 and 192.168.197.10/24,
    -Checkpoint has static route for 192.168.196.0/24 and 192.168.197.0/24
    pointing to the F5_BigIP,
    -host_y is dual-home to both VLAN_A and VLAN_B with the default
    gateway on host_y pointing to VLAN_A which is 192.168.196.1,
    -host_x CAN ssh/telnet/http/https to both of host_y IP addresses
    of 192.168.196.10 and 192.168.197.10.
    In other words, from host_x, when I try to connect to host_y
    via IP address of 192.168.197.10, the traffics will go through VLAN_B
    but the return traffics will go through VLAN_A. Everything
    is working perfectly for me so far.
    Now customer just replaces the F5_BigIP with Cisco ACE. Now,
    I could not get it to work with Asymetric route with Cisco ACE. In
    other words, from host_x, I can no longer ssh or telnet to host_y
    via IP address of 192.168.197.10.
    Anyone knows how to get asymetric route to work on Cisco ACE?
    Thanks in advance.

    That won't work because ACE uses the vlan id to distinguish between flows.
    So when the response comes back on a different vlan, ACE can't find the flow it belongs to and it drops it.
    Even if we could force it to accept the packet, ACE would then try to create a new flow for this packet and it will collide with the flow already existing on the frontend.
    You would need to force your host to respond on the same vlan the traffic came in.
    This could be done with client nat on ACE using different nat pool.
    Gilles.

  • Last Data Update in Visual Composer and Web App Designer

    Hello,
    We want to show the last data update in query result and we used 2
    differents ways to do it: throught Web Application Designer (SP 12) and
    Visual Composer (SP 10).
    In query result of Web Application Designer, the last data update came
    in GMT0 and in visual composer came ok (GMT - 3, that's our time zone).
    This value (ROLLUPTIME) is taken out of the RSMDATASTATE table and this is used in SAPLRSMDATASTATE program, that is called by Web App Designer.
    Why does the difference exist between: Web App Designer and Visual Composer for last data update?
    So, I need more information how the Visual Composer brings the correct value (in our time zone) and Web App Designer in GMT0.
    Best Regards,
    Pablo Moraes

    Hi Mario,
    Yes, i used the same user and the same query to access the information. But, how can i check the mapping from my VC user to the BI user?
    Regards,
    Pablo Moraes

  • Java platform and Java Deployment should be updated but there is no other version, always the warning to update but thats not possible

    Java Platform 7u9 and Java Deployment Kit plug-ins are yellow and asked to be updated.
    The problem is that there is no other version than I have already installed.
    Even if I try to instal this latest version again I've get the message that I already have the latest version.
    The same problem was with Flashplayer where I installed the latest version but three days Firefox asked to update the plugin.
    The last one is now ok but Java Platform and Java Deployment Kit is hopeless.
    Why it ask for an update if there is none?
    What should or can I do? I always be careful and patch my pc if necesserry.
    All my friends who are working with Firefox have the same problem.
    Can anybody tell me whats going on here?
    greetings, Mimi321

    Hi
    There is still an issue for me. When i check to see if add-ons are up to date it identifies "Java(TM) Platform SE 7 U9" as out-of-date and gives me an orange "Update" action. When i hit this it takes me to the Java website giving me "Recommended Version 7 Update 9". This is the one i've already got so i cannot get rid of the orange Update action buttons.
    Furthermore, if i try the link earlier in this thread to test to see which version of Java i should be using it says "Congratulations! You have the recommended Java installed (Version 7 Update 9)" so i'm not sure what this talk of version 7.10 is about?

  • Status of a specified package and program deployment

    Good morning.
    In the report "Status of a specified package and program deployment", I noticed there are 2 groups of reports; "Status of Targeted Resources" and "Resource Receipt Status". Each group has their own substatus:
    Status of Targeted Resources:
    Accepted - No Further Status, Succeded, Waiting
    Resource Receipt Status:
    Accepted, Expired, No Status
    Can anyone guide me on the following?
    1. The meaning of each status (Accepted-NFS, Succeeded, Waiting, Accepted, Expired, No Status).
    2. Some of the count for status is less than what is displayed on the report after I exported to csv format. What does this mean? Does it mean some clients not detected or something?
    3. Total percentage of each "Status of Targeted Resources" and "Resource Receipt Status" is around 100.1% and 99.9% respectively as per print screen below. What does this mean?
    Your guidance is much appreciated. Thank you.

    Hi,
    Accepted - No Further Status – Back end installation may be running and need to wait for some time to get the actual status
    Succeeded – Deployment installed successfully without any issues
    No Status - Systems are not online or has issue with SMS Agent, or not received the policy, if the system is online then this status must change in one hour time (if the status not changed then you may Suspect the issue with SMS / SCCM agent
    Accepted – Deployment can be installed in few mins, as it will start downloading the software from remote /local system
    Expired – Deployment is expired
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Can we develop a solution in Visual Studio 2012 and still deploy it on BizTalk 2010?

    Can we develop a solution in Visual Studio 2012 and still deploy it on BizTalk 2010? or Is it that solutions developed in VS 2012 have to be deployed only to BizTalk 2013?
    Thanks

    BizTalk 2010 projects are not compatible with Visual Studio 2012. To use Visual Studio 2012 with BizTalk 2010 projects, you must install
    BizTalk 2013 on the computer that has Visual Studio 2012. The first time you open a BizTalk 2010 project, it is automatically upgraded to the BizTalk 2013/Visual Studio 2012 project system
    Refer
    this.
    Please mark it as Answer if this answers your question
    Thanks.
    Mo
    The contents I write here is my personal views, not the view of my employer and anyone else.

  • New! Import and Export Form Design Files

    You can now export your form design to a Design File . You or other users can import the Design file and create a new form file from it.
    Use Cases / Benefits
    You can share your designs as templates for others to easily re-use
    You can create corporate branded form templates that can be used by your company's employees
    You can archive your form designs locally for later use
    How It Works
    To export a design file open a form file, go to the Design tab and select “Export Design File…” from File menu. The file extension of the exported Design File will be ".FCDT" - FormsCentral Design Template.
    To import a design file go to the “My Forms” dashboard and select “Import Design File…” from File menu. Select the desired .FCDT file.
    NOTE: The FCDT file contains the form Design only – it does not contain options, responses or summary reports.
    This feature is availabe to free and paid users of FormsCentral.
    Please send us your feedback on this feature. Enjoy!

    Hi
    It states that you can save your design and open it "This feature is availabe to free and paid users of FormsCentral" but it is greyed out on the free version. Will not let me import design I created. I had issues with the first design and tried to redesign and ended up with more issues that combined the first design with the second design.
    Can someone assist me with this, please,
    Thank you for your time and consideration,
    L.McD

Maybe you are looking for

  • How do I DUMP this POS Firefox 23.0 and go back to a good stable Firefox version?

    The POS 23.0 is unstable, and does not function with most of the websites, Java, JavaScript, most of the players for videos... Just generally a POS!!!! I enjoy using FireFox, but this new version is JUNK!!

  • Where's the My Templates folder in Yosemite, or How to delete a Numbers template.

    I have Numbers 3.5.2 - where'd the My Templates folder go? I don't see it in Library/Application Support. .... In other words, I'm trying to delete unwanted templates. Could it be that it's now easier to find than in earlier iWorks, but I'm missing t

  • SDO_ORDINATES.X.Field in data file exceeds maximum length

    Hi All, While loading data in .SHP file into oracle spatial through SHP2SDO tool following error message appears: Error message: Record 54284: Rejected - Error on table GEO_PARCEL_CENTROID, column CENTROID_GEOM.SDO_ORDINATES.X. Field in data file exc

  • App store update macbook

    I am getting a consistent error message whenever I attempt to use the App Store for updating my system. Periodically Garage Band & iMovie. When I select update I get; There was an error in the App Store.  Please try again later.  (18) If it was a sin

  • Error compiling "Undefined symbols for architecture armv6:"

    Hey, I seem to be getting errors like this a lot... I only just started making apps yesterday, so they are all still very basic, but I was wondering if I am doing something wrong when I import frameworks? This may be caused from something else entire