Design FWSM in transparent or routed mode in the DC !!!

Hi guys ,i was wondering with so many security zones in the server farm or DC and according to FWSM's capability of supporting only two interfaces in transparent mode which design is really the best one? i mean using multiple context in transparent mode or just using the whole system in routed mode ???
Thanks in advance ,...

As per my experiance, there should be real justice and need to go for Transperent mode. To fully utilize the box capability and to play around with your network, always prefer Routed mode. Transperent mode is also difficult to trouble shoot.
Choose transperent mode to insert a firewall in a previously unprotected network, and to put firewall without out disturbing the network..
regards
Prasad

Similar Messages

  • Can I configure csm as one arm and routing mode at the same time?

    My csm currently is configured as the routing mode and bridge mode, resently I have a service requirement which I think the one arm mode should be the best resolution. Can anybody let me know if there will be any affect if I add the one arm mode to the currently production environment?
    Thanks in advance.
    Jason

    Gille,
    Thanks for your quick response. I notice you have same opinion about the one arm mode in your other post, but I think in the multi-tire data center design with fw in bridge mode and csm in one arm mode with RHI, do give us a lot of flexibilty. If I use policy routing instead of source nat, can I overcome these limit you metioned?
    Do you know who csm could handle the TFTP traffic? I may have too much question, I am realy looking for your suggestion.
    Thanks
    Jason

  • ACE bridge mode , FWSM routed mode

    i have the following senario:
    MSFC ---vlan 777----FWSM----vlan160---ACE----VLAN180
    FWSM is working in routed mode and vlan 777 is shared between the MSFC and FWSM
    ACE is working in bridged mode and vlan 160 is shared between the FWSM and ACE
    vlan 180 is the server side vlan
    i want he FWSM ip address to be the Server gateway while ACE module in
    bridge mode
    i create bvi interface but i can't ping from ACE to FWSM or from FWSM to
    ACE
    if i change ACE to routed mode , i can ping to FWSM
    any body can help me in this issue?

    The config looks good.
    I would look at the arp table on FWSM and ACE when the ping fails and also capture a sniffer trace of ACE tengig interface and see if the ping request goes out - on which vlan - and if we get a response.
    Is evertyhing else working ?
    Like ping through the ACE module ?
    Your config does not show a 'no shutdown' on the vlan interface, but I assume you fixed that already.
    Gilles.

  • CSM route mode and bridge mode can exist at the same time?

    I'm using CSM on ver 4.x,and I used to the bridge mode for firewall load balance,for a new requset,I have to create a new server/client vlan,but the original firewall load balance was effected when I issued the server vlan command,and I'd like to use route mode for the new server farm,I'm wondering that route mode and brige mode can't exist at the same time,because it seems it doesn't make sense.Any reply will be very appreciated.

    you can use bridge mode and route mode at the same time.
    Traffic with desintation mac address being the CSM will be routed, otherwise it will be bridged.
    Gilles.

  • Cuestion about CSM on bridge&router mode

    Hello!!
    Plese help me with this cuestion about CSM connection modes:
    We have 2 Cat6500 with a CSM inside of each (CSM1 on Cat6500_1 and CSM2 on Cat6500-2)
    The CSM1 is on bridge mode with Vlan31 for Client side and Vlan131 for Server side.
    The CSM2 is on router mode with Vlan30 for Client side an Vlan2 for Server side.
    We want to join both switches for redundancy purposes (switches and CSMs).
    We want to merge the two Client Vlans (include the logical IP segments) on a /23 mask.
    But the cuestions here are:
    Can we keep the original config (bridge mode and router mode) on the CSM1 (for example)
    considering this Module as active and CSM2 as standby?
    Is there any consideration to take in count in order to configure this? (Some examples...)
    Thanks in advance
    Pedro

    yes, you can mix bridge more and router mode and so merge the 2 configs.
    Gilles.

  • CSM concurrent bridge and router mode

    Hi,
    Is it possible on the CSM to use bridge and router mode at the same time ? Or is it only router mode or only bridge mode ?
    E.g. in the example below, when using HTTPS entering the vlan 3 , it will be bridged to vlan 3....But when using HTTP entering vlan 3...it will be routed to vlan 4... Will that work ?
    Thanks
    vlan 3 client
    ip address 3.3.3.1 255.255.255.0
    vlan 3 server
    ip address 3.3.3.1 255.255.255.0
    vlan 4 server
    ip address 4.4.4.1 255.255.255.0
    vserver HTTPS
    vlan 3
    virtual 3.3.3.10 tcp https
    serverfarm HTTPS
    serverfarm HTTPS
    no nat server
    no nat client
    real 3.3.3.11
    inservice
    real 3.3.3.12
    inservice
    vserver HTTP
    vlan 3
    virtual 3.3.3.11 tcp http
    serverfarm HTTP
    serverfarm HTTP
    nat server
    no nat client
    real 4.4.4.10
    inservice
    real 4.4.4.11
    inservice

    HI Michel,
    first of all you can run bridged and routed mode at the same time but you can not define the same vlan as client and server. If you would change the above config from vlan 3 server to vlan 30 server and place the reals in vlan 30 it will work. A proper layer 2 configuration is for sure the prerequisit.
    Kind regards,
    Joerg

  • Trying to migrate to routed mode

    We have multiples css11k configured as bridge mode.
    The firewall has direct connection to all DMZ (one vlan per DMZ) and it is the default gateway for all servers. The CSS11K is connected to all DMZs and using the group NAT to relay traffic to the real servers. The firewall does NAT for public to private VIP.
    We are trying to migrate to routed mode so the servers can capture true source IP addresses, reduce the number of default routes in the CSS and remove the public VIP NATed in the firewall (to setup content rule VIP using the public ip address).
    A new test DMZ is setup and it is connected by CSS and the real HTTPs servers. A test ip address is
    configured at the firewall without NAT and the firewall is configured to route the incoming traffic to the CSS through one of the existing DMZ. The content rule of the CSS is configured using the test public ip address. I can see traffic in/out through the two sniffers I setup (between f/w and CSS, and CSS and real server). Most of time, we cannot get page displayed. The firewall log showed all traffic in/out through the correct interface. The sniffer showed data retransmission, tcp rest, tcp out of order .....
    Any suggestion.
    p.s. The ssl certificate is associated with the public ip address. The server is working fine if we connect the firewall directly to the new test DMZ and have firewall does the server IP NAT.

    here is section of the cfg (modified ip address and name):
    ############# using network 10.10.20.0/255.255.255.0 to route 100.1.1.1 traffic to CSS11K
    ip route 0.0.0.0 0.0.0.0 10.10.20.1
    ip route 0.0.0.0 0.0.0.0 10.10.10.1
    !************************* INTERFACE *************************
    interface 1/1
    trunk
    redundancy-phy
    vlan 10
    vlan 20
    vlan 30
    interface 2/1
    trunk
    vlan 10
    vlan 20
    vlan 30
    interface 3/1
    bridge vlan 999
    phy 100Mbits-FD
    !************************** CIRCUIT **************************
    circuit VLAN10
    redundancy
    ip address 10.10.10.254 255.255.255.0
    no redirects
    circuit VLAN20
    redundancy
    ip address 10.10.20.254 255.255.255.0
    no redirects
    circuit VLAN30
    redundancy
    ip address 10.10.30.254 255.255.255.0
    no redirects
    circuit VLAN999
    description "Box-to-Box Redundancy VLAN"
    ip address 10.0.0.1 255.255.255.252
    redundancy-protocol
    !************************** SERVICE **************************
    service VLAN10-SERVER-1
    ip address 10.10.10.125
    protocol tcp
    port 80
    domain test.vlan10.com
    keepalive type tcp
    keepalive port 80
    active
    service VLAN10-SERVER-2
    ip address 10.10.10.126
    protocol tcp
    port 80
    domain test.vlan10.com
    keepalive type tcp
    keepalive port 80
    active
    service VLAN20-SERVER-1
    ip address 10.10.20.125
    protocol tcp
    port 80
    domain test.vlan20.com
    keepalive type tcp
    keepalive port 80
    active
    service VLAN20-SERVER-2
    ip address 10.10.20.126
    protocol tcp
    port 80
    domain test.vlan20.com
    keepalive type tcp
    keepalive port 80
    active
    service ROUTED-SERVER
    protocol tcp
    ip address 10.10.30.18
    no cache-bypass
    keepalive type tcp
    keepalive port 443
    keepalive frequency 60
    port 443
    domain ROUTED-SERVER.com
    active
    !*************************** OWNER ***************************
    owner vlan10
    content vlan10.com
    dnsbalance roundrobin
    vip address 10.10.10.100
    protocol tcp
    port 80
    balance aca
    add service VLAN10-SERVER-1
    add service VLAN10-SERVER-2
    advanced-balance sticky-srcip
    active
    owner vlan20
    content vlan20.com
    vip address 10.10.20.100
    protocol tcp
    port 443
    add service VLAN20-SERVER-1
    add service VLAN20-SERVER-2
    advanced-balance sticky-srcip
    active
    owner routed-segment
    content routed-server.com
    vip address 100.1.1.1
    balance aca
    port 443
    protocol tcp
    dnsbalance roundrobin
    add service ROUTE-SERVER
    active
    !*************************** GROUP ***************************
    group group.nat.vlan10
    portmap number-of-ports 14304
    vip address 10.10.10.100
    add destination service VLAN10-SERVER-1
    add destination service VLAN10-SERVER-2
    active
    group group.nat.vlan20
    portmap number-of-ports 14304
    vip address 10.10.20.100
    add destination service VLAN20-SERVER-1
    add destination service VLAN20-SERVER-2
    active

  • Sharing a VLAN between FWSM and ACE (Routed Mode)

    Anybody in here with experience on sharing a Vlan between an ACE and a FWSM module?
    I have a transfer network between the ACE and the FWSM in the same chassis. FWSM gets several vlans and ACE gets some Vlans.
    I wanted to configure it like this.
    firewall vlan group 10 <FWSM only vlans>
    firewall vlan group 20 <shared FWSM and ACE vlan>
    or
    svclc vlan group 20 <shared FWSM and ACE vlan>
    svclc vlan group 30 <ACE only vlans>
    The design hides the client side network and the server side network for the ACE behind the FWSM module.
    Layout:
    |-- Clients <--> MSFC <--> FWSM <--> ACE <--> Server --|
    So allocation on the 65xx would be like this.
    firewall module n vlan-group 10,20
    svclc module n vlan-group 20,30
    Any obvious issues with this design if you share the vlan(s) referred in group 20 with both modules?
    FWSM and ACE will be in routed mode.
    Thanks for reading...
    Roble

    Never mind...
    Just found the perfect answer for this in a another posting from Syed.
    http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Data%20Center&topic=SNA%20Data%20Center%20Networking&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dddee0b/0#selected_message
    Roble

  • FWSM in Transparent mode help

    Hi all,
    i am actually designing for a new solution based on 6509 Switch with FWSM module, here is what i have :
    FWSM will be used in Transparent mode with two bridge group : 1 , 2 as mentioned on the image, i wonder if this is a correct deisgn or not, is this will work with no probleme with these two trunk links ?
    i've seen on the guidelines of this url :
    http://www.cisco.com/en/US/docs/security/fwsm/fwsm22/configuration/guide/fwmode.html#wp1184961
    "The transparent FWSM uses an inside interface and an outside interface only. "
    is it applicable in my case,
    any other information will be welcome.
    Thanks for help

    Hi,this is sample configuration.
    6509A:
    vlan 256
    name FWoutside
    int vlan 256
    ip addr 98.1.1.252 255.255.255.0
    6509B:
    vlan 255
    name FWinside
    int vlan 255
    ip addr 98.1.1.251 255.255.255.0
    firewall module 3 vlan-group 16,32
    firewall vlan-group 16 255
    firewall vlan-group 32 256
    FW:
    firewall transparent
    nameif vlan256 outside security0
    nameif vlan255 inside security100
    access-list ACL_IN extended permit ip any any
    access-group ACL_IN in interface outside
    access-group ACL_IN in interface inside
    6509B:
    6509B#ping 98.1.1.252
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 98.1.1.252, timeout is 2 seconds:
    Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
    6509B#

  • Failure when FWSM in transparent mode with multiple contexts

    hi experts,
                We have two FWSMs working in active/standby state,  configured with multiple contexts in transparent mode. and the "outside" and "inside" interfaces for each context are in same subnet. 
                Now we have one FWSM broken and the RMA part can't arrived in short time, so  we have the risk that the sencond FWSM could be failed as well.   In the worst case if the two was broken or powered off simultaneously,   i wonder that if the communications between multiple contexts could be ok???
    thanks in advance.

    The software requirements for Cisco Secure ACS are dependent on the type of Extensible Authentication Protocol (EAP) desired. For full support of all the EAP types including EAP-Flexible Authentication via Secure Tunneling (FAST), use release 3.2.3 or higher.
    http://www.cisco.com/en/US/netsol/ns340/ns394/ns431/ns434/networking_solutions_implementation_guide09186a008038906c.html

  • Reg:FWSM router mode issue

    Hi,
    I have a Cisco FWSM installed on Cisco 7613 router,the topology is like mentioned below,
            7613+{FWSM}------3560---------3560----[10.220.0.0/29,10.220.1.0/29,10.220.2.0/29] 
    Here  we created a p2p link between 7613 gig port and switch3560 gig port  (say 10.220.1.252/29) and then there ia a trunk between both 3560 switches  ,We wish to run FWSM in router mode and configured vlan groups 10(101,102)and 20(200,201),assigned both these groups to firewall module on router on vlan 200 ip add 192.168.2.1/24 has been given, while on fwsm on int vl 200, 192.168.2.2 ip has been given,although the interfaces are up and pinging their individual ip ads they are not pinging each other(both ip ads appear in sh arp though.Kindly help in resolving this issue.
    Also i configured inside vlan 201as inside its also up and visible in arp of router but not pinging others kindly help in the resolution of this issue.
    We need to put this firewall in front of the router which has a serial line to another 7600 router,how would i take traffic to fwsm ,pls suggest what else do i need to do ,as i m new to FWSM .
    router config:
    Router#sh firewall module
    Module Vlan-groups
      04   1,2
    Router#sh firewall vlan-group
    Display vlan-groups created by both ACE module and FWSM
    Group    Created by      vlans
        1           ACE      100-101,200-202
        2                    <empty>
    Router#sh arp
    Protocol  Address          Age (min)  Hardware Addr   Type   Interface
    Internet  10.225.62.145           -   001d.a156.9300  ARPA   GigabitEthernet10/1
    Internet  10.225.62.146         107   001d.a1a5.fbc1  ARPA   GigabitEthernet10/1
    Internet  192.168.2.1             -   001d.a156.9300  ARPA   Vlan200
    Internet  192.168.2.2             7   0007.0e5c.3d00  ARPA   Vlan200
    Internet  192.168.3.1             4   0007.0e5c.3d00  ARPA   Vlan201
    Internet  192.168.3.2             -   001d.a156.9300  ARPA   Vlan201
    Fwsm config:
    hostname FWSM
    interface Vlan200
    nameif outside
    security-level 0
    ip address 192.168.2.2 255.255.255.0
    interface Vlan201
    nameif inside
    security-level 100
    ip address 192.168.3.1 255.255.255.0
    passwd 2KFQnbNIdI.2KYOU encrypted
    ftp mode passive
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    no failover
    no asdm history enable
    arp timeout 14400
    route outside 0.0.0.0 0.0.0.0 192.168.2.1 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 1:00:00 h225 1:00:00 mgcp 0:05:00
    timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    class-map inspection_default
    match default-inspection-traffic
    policy-map global_policy
    class inspection_default
      inspect dns maximum-length 512
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect smtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:4e3eadb1a489f3b696d0c6da8b1b20b9
    : end
    FWSM#
    FWSM# sh arp
            outside 192.168.2.1 001d.a156.9300
            inside 192.168.3.2 001d.a156.9300
            eobc 127.0.0.81 0000.1800.0000
    FWSM# sh int
    Interface Vlan200 "outside", is up, line protocol is up
      Hardware is EtherSVI
            MAC address 0007.0e5c.3d00, MTU 1500
            IP address 192.168.2.2, subnet mask 255.255.255.0
      Traffic Statistics for "outside":
            6 packets input, 658 bytes
            12 packets output, 1316 bytes
            474 packets dropped
    Interface Vlan201 "inside", is up, line protocol is up
      Hardware is EtherSVI
            MAC address 0007.0e5c.3d00, MTU 1500
            IP address 192.168.3.1, subnet mask 255.255.255.0
      Traffic Statistics for "inside":
            6 packets input, 658 bytes
            7 packets output, 726 bytes
            107 packets dropped

    hi,
    thanks for being so helpful,there is a little issue thats arisen, i can not ping inside address configured on fwsm(192.168.3.1)where as i can ping 192.168.3.2 on router interface.i cannot telnet fwsm using its outside interface ip 192.168.2.2 either,hereis my FWSM config ,kindly suggest if there is any mistake .
    thanks.
    Also i tried to ping inside fwsm interface from my client 10.220.2.2 and enabled debug,to get these ,
    FWSM# debug icmp trace 255
    debug icmp trace enabled at level 255
    FWSM# ICMP echo request (len 50 id 2 seq 34642) 10.220.2.2 > 192.168.2.2
    ICMP echo reply (len 50 id 2 seq 34642) 192.168.2.2 > 10.220.2.2
    ICMP echo request (len 50 id 2 seq 34898) 10.220.2.2 > 192.168.3.1
    ICMP echo reply (len 50 id 2 seq 34898) 192.168.3.1 > 10.220.2.2
    ICMP echo request (len 32 id 2 seq 35154) 10.220.2.2 > 192.168.3.1
    ICMP echo reply (len 32 id 2 seq 35154) 192.168.3.1 > 10.220.2.2
    ICMP echo request (len 32 id 2 seq 43602) 10.220.2.2 > 192.168.3.1
    ICMP echo reply (len 32 id 2 seq 43602) 192.168.3.1 > 10.220.2.2
    ICMP echo request (len 32 id 2 seq 49746) 10.220.2.2 > 192.168.3.1
    ICMP echo reply (len 32 id 2 seq 49746) 192.168.3.1 > 10.220.2.2
    ICMP echo request (len 32 id 2 seq 55634) 10.220.2.2 > 192.168.3.1
    ICMP echo reply (len 32 id 2 seq 55634) 192.168.3.1 > 10.220.2.2
    ICMP echo request (len 50 id 2 seq 25683) 10.220.2.2 > 192.168.2.2
    ICMP echo reply (len 50 id 2 seq 25683) 192.168.2.2 > 10.220.2.2
    ICMP echo request (len 50 id 2 seq 25939) 10.220.2.2 > 192.168.3.1
    ICMP echo reply (len 50 id 2 seq 25939) 192.168.3.1 > 10.220.2.2
    Kindly suggest what could be done.
    thanks.

  • How to Configure Transparent caching on Cat 6500 with CSM in routed mode

    I am trying to configure Transparent caching on Cat 6500 with CSM in routed mode, but facing some problems in it , also I have gone thru the example config on cisco site for transparent caching using CSM on Cat 6500 , but the above does not fit my clients requirement.
    The scenario is like
    Access Switches - Cat6500 with MSFC & CSM - Internet Router
    |
    Cache Engines and Real servers
    The clients as well as real servers are on seperate VLANs (L3) and the requirement is to load balance the internet traffic using cache engines.
    I'd really appreciate any helpful suggestions or any useful links/docs/info on this.
    Thanks
    kumar

    Hello Joerg,
    Thanks for the reply.
    I have already gone thru the sample config shown by this weblink, however this link refers to configuring transparent caching on the CSM in BRIDGED MODE ( i.e both the client and server vlans are having the same IP address ) but in our case , we have multiple L3 VLANS on the CAT6509 having IP addresses in different SUBNETS , and the Real servers to be used for caching also exist on one of these VLANS. Thus, the scenario described by the Weblink does not apply here. Also , in the configuration referred by the above weblink, the VLAN 100 is configured as client , however the endusers are shown to be on vlan200 which is configured as SERVER VLAN in the CSM.
    Dont you think there is something wrong here, I mean the endusers should be on VLAN 100 (Client) and real servers on VLAN 200 (SERVER).
    So, I have to configure CSM in routed mode ( i.e both the client and server vlans will have seperate IP addresses in different subnets ) and the endusers will be on all VLANS .
    Pls let me know , how I can implement this solution.
    Thanks again
    Sudhir

  • ACE routed mode design issue

    I am configuring ACE in routing mode ,
    Below is my ACE interface config.
    interface vlan 28
      description "CLIENT VLAN"
      ip address 192.168.10.11 255.255.255.248
      peer ip address 192.168.10.12 255.255.255.248
      mtu 1500
      mac-sticky enable
      access-group input ALL
      service-policy input remote_mgmt_allow_policy
      service-policy input POLICY
      no shutdown
    interface vlan 29
      description "SERVER VLAN"
      ip address 192.168.10.19 255.255.255.248
      peer ip address 192.168.10.20 255.255.255.248
      mtu 1500
      mac-sticky enable
      access-group input ALL
      service-policy input remote_mgmt_allow_policy
      service-policy input POLICY
      no shutdown
    When I  configuring my servers in vlan 29 and  point the default gateway to 192.168.10.19  it works fine no issues,but when this ACEs goes down and the standby becomes active ,my servers default gateway will be still pointing to 192.168.10.19  do i need to manually change it .20
    or can I configure HSRP,Please advise me on this

    Hi ,
    Yes the alias should be set as gateway for the servers.
    The alias is a shared address between the peers. This address will be on the ACTIVE ace. 
    Regards
    Dan

  • ASA In Data Centers, why not routed mode?

    Hi Guys,
    As i can see, Cisco is recommending for the ASAs to be in transparent mode in data centers, my question, why not routed mode?
    How to decide? what is the problem in having the routing on ASA?
    I know that transparent mode is easier to place, but in my case it is new design and i want to use the interface vlans on the ASA not core. so the gateway of each server will be the ASA.
    what is the problem here? why it is not recommended?
    I'm using ASA clustering as well over two DCs.
    In Cisco links they explain why to use Transparent mode, but i couldn't find what is the problems/limitation in using routed mode?
    Any clue?
    Thanks & Regards,
    Rami

    but in my case it is new design and i want to use the interface vlans on the ASA not core. so the gateway of each server will be the ASA.
    If that's the case use routed mode on your ASA.
    Cisco's design docs are a great place to start but there is nothing that says you have to follow them to the letter, you modify them to fit with what you need.
    Bear in mind as well that it's not an either or choice. With contexts you can have some in transparent mode and some in routed mode so you have flexibility.
    I don't know what design guides you are referring to but it may be that they include some L2 features eg.
    a long while back we wanted to RRI (Reverse Route Injection) from a CSM load balancer that was behind a firewall. For it to work the CSM had to be L2 adjacent to the 6500 which meant you couldn't use the FWSM in L3 mode.
    Not saying you want to do that but it is an example of where other parts of the design can dictate how you run your firewalls.
    Jon

  • Wmode transparent and blend mode problem

    Dear all,
    I'm stuck with this problem so far, got headache after searching many days on google without solution. Our designer using blend mode: screen (in flash) for some movies and the flash's transparent to save the file size display and then ưe are using html background. All'r working fine for wmode transparent but in Internet Explorer, it's not working to display the blend mode and appear the black background. You can check the image below to see what happen:
    Loading the movies within blend mode screen
    Transparent's working fine with the normal transparent
    Test blend mode with opaque wmode to see how it will display
    I've tested with IE7, 8, 9. I'm using window 7 Ultimate, 64bit, Flash player latest version. (And my clients, friends, also got that issues when seeing it with IE).
    My embed code:
    <object width="1000" height="600" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" > 
    <param value="high" name="quality"></param>
    <param value="intro.swf" name="movie"></param>
    <param value="opaque" name="wmode"></param>
    <embed width="1000" height="600" wmode="opaque" type="application/x-shockwave-flash" pluginspage="http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash" quality="high" src="intro.swf">
    </object>
    We can solve it manually that put the image background into the flash but it's not the good way to do it in our modern web industry.
    Any solution?

    dont why i can't submit in the bugbase, it's just hanged out though i submit all the required information T.T
    Update: the bug only with IE9. (i concerned IE 7, 8 because i've tested it by IE9 development tool, not real IE 7, 8). Today i've tried testing with real IE7, 8 and it's working fine.

Maybe you are looking for

  • Finder not updating when files change

    I've started experiencing a really irritating problem whereby the Finder does not automatically update the view of a directory when I save a file in it. It seems to ignore all file system changes. This never used to happen. In fact, when I first inst

  • Delete all the database table content

    Hello Friends, I have a z table with 5 fields (all the key fields) and I want to delete all the table content and load fresh content from internal table. I tried using syntax 'delete ztable' but sy-subrc value is coming as 4, means no table content i

  • Error : update record from wizard

    i m trying to build 3 page registration for my website using Developer Toolbox. First i insert records using Insert record from wizard and in the next step i want to update the same record(in the first step i m having upload and resize image). how to

  • Deficit of Stock w. vendor QI 96 SET : 213005200G 1101 O

    I would like to return delivery in QM because the goods of subcontract PO has defects. but the system show Deficit of stock as subject. I check MMBE the quantity is correct and its status is Q. why the system show this message? the quantity is correc

  • How do i make widgets transparent?

    How can I make my widgets transparent?