topic Re: Firepower - Max ACL Limits in Network Security

Firepower - Max ACL Limits

Antonio Macia — Tue, 12 Mar 2019 13:55:32 GMT

Hello,

What are the ACL limits on the Firepower family running ASA code? I've found documentation regarding the ASA hardware family but nothing related to the new Firepower appliances. I suppose the limitations would be much higher because of the additional amount of RAM these devices are provisioned, but I would appreciate any official document stating this.

Regards.

Re: Firepower - Max ACL Limits

Antonio Macia — Wed, 05 Sep 2018 13:52:44 GMT

Managed to get the info from Cisco. For those interested here are the figures per family:

Firepower 4110	3M
Firepower 4120	3M
Firepower 4140	3M
Firepower 4150	4M

Re: Firepower - Max ACL Limits

Asif Irfan — Sat, 03 Aug 2019 19:40:25 GMT

Could you share the cisco documentation reference regarding this limit?

3M is ACL or ACE?

Re: Firepower - Max ACL Limits

lukaszkhalil — Mon, 26 Feb 2024 10:13:47 GMT

Hello

Would it be possible for you to update this post with the max ACE for the newer platforms FP411x and FP93xx ?

Re: Firepower - Max ACL Limits

tvotna — Mon, 26 Feb 2024 15:09:56 GMT

Hopefully I can help you. Above published limits are not correct. E.g. we run multiple context mode ASA on Firepower 4145 with 16M ACL elements total ("show access-list | i element"). Also, max number of elements doesn't depend on the memory volume. It actually depends on the size of the array which holds MP-counters, which is explained here:

CSCwf72434 Add meaningful logs when the maximums system limit rules are hit

This means that you can have plenty of free memory available, but hit the ACL limit and console error: "ERROR: Insufficient memory to install the rules". Max size of the array per platform is not known. On 4145 we hit the limit when the number of ACL elements exceeded 16,5M.

HTH