08-28-2018 08:18 AM - edited 03-12-2019 06:55 AM
Hello,
What are the ACL limits on the Firepower family running ASA code? I've found documentation regarding the ASA hardware family but nothing related to the new Firepower appliances. I suppose the limitations would be much higher because of the additional amount of RAM these devices are provisioned, but I would appreciate any official document stating this.
Regards.
Solved! Go to Solution.
09-05-2018 06:52 AM
Managed to get the info from Cisco. For those interested here are the figures per family:
Firepower 4110 |
3M |
Firepower 4120 |
3M |
Firepower 4140 |
3M |
Firepower 4150 |
4M |
09-05-2018 06:52 AM
Managed to get the info from Cisco. For those interested here are the figures per family:
Firepower 4110 |
3M |
Firepower 4120 |
3M |
Firepower 4140 |
3M |
Firepower 4150 |
4M |
08-03-2019 12:40 PM
Could you share the cisco documentation reference regarding this limit?
3M is ACL or ACE?
02-26-2024 02:13 AM
Hello
Would it be possible for you to update this post with the max ACE for the newer platforms FP411x and FP93xx ?
02-26-2024 07:09 AM
Hopefully I can help you. Above published limits are not correct. E.g. we run multiple context mode ASA on Firepower 4145 with 16M ACL elements total ("show access-list | i element"). Also, max number of elements doesn't depend on the memory volume. It actually depends on the size of the array which holds MP-counters, which is explained here:
CSCwf72434 Add meaningful logs when the maximums system limit rules are hit
This means that you can have plenty of free memory available, but hit the ACL limit and console error: "ERROR: Insufficient memory to install the rules". Max size of the array per platform is not known. On 4145 we hit the limit when the number of ACL elements exceeded 16,5M.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide