Solved: Re: Firepower - Max ACL Limits

Antonio Macia · ‎08-28-2018

Hello,

What are the ACL limits on the Firepower family running ASA code? I've found documentation regarding the ASA hardware family but nothing related to the new Firepower appliances. I suppose the limitations would be much higher because of the additional amount of RAM these devices are provisioned, but I would appreciate any official document stating this.

Regards.

Antonio Macia · ‎09-05-2018

Managed to get the info from Cisco. For those interested here are the figures per family:

Firepower 4110	3M
Firepower 4120	3M
Firepower 4140	3M
Firepower 4150	4M

View solution in original post

Antonio Macia · ‎09-05-2018

Managed to get the info from Cisco. For those interested here are the figures per family:

Firepower 4110	3M
Firepower 4120	3M
Firepower 4140	3M
Firepower 4150	4M

Asif Irfan · ‎08-03-2019

Could you share the cisco documentation reference regarding this limit?

3M is ACL or ACE?

lukaszkhalil · ‎02-26-2024

Hello

Would it be possible for you to update this post with the max ACE for the newer platforms FP411x and FP93xx ?

tvotna · ‎02-26-2024

Hopefully I can help you. Above published limits are not correct. E.g. we run multiple context mode ASA on Firepower 4145 with 16M ACL elements total ("show access-list | i element"). Also, max number of elements doesn't depend on the memory volume. It actually depends on the size of the array which holds MP-counters, which is explained here:

CSCwf72434 Add meaningful logs when the maximums system limit rules are hit

This means that you can have plenty of free memory available, but hit the ACL limit and console error: "ERROR: Insufficient memory to install the rules". Max size of the array per platform is not known. On 4145 we hit the limit when the number of ACL elements exceeded 16,5M.

HTH