FWSM coming up without full config after a reboot

Thomas Cotton · ‎10-30-2012

We have a customer who has 4 x 'WS-SVC-FWM-1' modules installed within 2 x 6513 chassis. The FWSMs are all running version 3.1(16) with failover group 1 and 2 enabled.

After a few recent planned and un-planned power outages the FWSMs have come up without a full configuration. Is this a common fault? If so it there any kind of workaround that can be implemented?

Jennifer Halim · ‎10-30-2012

Normally if the FWSM doesn't come up with full config, most likely reason is it is not saved into memory when changes happens.

Also another possible reason is the configuration doesn't get replicated to the standby unit.

To ensure that config gets replicated and save correctly, pls issue:

wr standby

wr mem

That will ensure that config gets replicated to the standby unit, and once replication is complete, you issue wr mem, so it gets saved into both FWSM.

Thomas Cotton · ‎10-30-2012

Hi Jennifer,

I can confirm both modules had their config saved after the first outage but the problem still re-occured. Is there anything else to watch out for?

Jennifer Halim · ‎10-31-2012

Since you have failover group configured, I believe you have multiple context configured.

Which part of the config is missing after the reload?

How many context do you have configured and how big is the configuration?

Is it consistently missing the same part of the configuration?

Thomas Cotton · ‎11-01-2012

Hi,

Please see the below extract from a recent FWSM auidt by one of ours TDAs:

1. Each core has 2 FWSM installed. The FWSM model is WS-SVC-FWM-1 which is now end of life. http://www.cisco.com/en/US/prod/collateral/modules/ps2706/eol_c51-699134.html
2. Each FWSM has multiple contexts configured on it. There is an admin context which will be used for device management and two further contexts.

Each time the config has been lost it's been seemingly random parts that have vanished. The VPNs have to be re-created manually to bring it back to service. These FWSMs sit behind Bombguard hardware devices.

Thanks

Jennifer Halim · ‎11-01-2012

What is the VPN configuration doing on the FWSM? to manage the FWSM itself, or something else?