Search this Blog

Tuesday, July 13, 2010

Problems with FWSM 3.2(2)

We have FWSM with s/w 3.2(2). While we create the access list an error message appeared :

"ERROR: Unable to add, access-list config limit reached"

ThisFWSM single not multiple , we can't find the "resource acl-partition " command although it is found in the guide. Is this command applied only for multiple context? if yes , what are the method that can be used to solve this problem in single FW?

You can do "show resource usage".

Or "sh access-list | i element".

You are probably close to the 3.2 ACL limit (75K). Yes - the 'resource acl-partition' is supported only in multi-context mode. When you look at the Command Reference Guide, you will see that there is a dot only under the 'System' context in the Multiple Context mode. This implies that the command is only available via the System context:

Please click here for more details on Resource acl partition.

If you are seeing this issue on a single context FWSM, your only means of recourse are to reduce the number ACL entries that you have. This may be best accomplished by combining host access-lists entries into subnet entries. Any approach that you can use to make your access-lists "less specific" will oftentimes reduce the amount of resources that the ACL takes up.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

No comments :

Post a Comment

/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */