Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5410
Views
5
Helpful
3
Replies

FTDs and ACE limit

hoffa2000
Level 3
Level 3

‎11-26-2019 05:30 AM - edited ‎02-21-2020 09:43 AM

Hi

I've previously had problems with 5512-Xs running ASA having an ACE limit of 100K. Is ACE a relevant limit for 5516-Xs running FTD 6.4.0.4? What about FTD 2110? I've read somewhere the limit is 200K for ASA 5516-X running ASA code but nothing specific for FTD 5516-X.

The reason I ask is because I recently have had issues with two sets of 5516-Xs having just above 220K ACE entries for the main global access list generated by the FMC in the ASA code. I didn't think much of it at the time of the incidents but I'm starting to wonder. 

 

Regards

Fredrik

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-28-2019 03:55 AM

The recommended maximum AC Elements on ASA 5516-x running FTD is 125,000.

I don't have a number for Firepower 2110 but for 2120 it is 75,000

nspasov
Cisco Employee
Cisco Employee

‎11-28-2019 09:04 AM

What Marvin said. Also, I would recommend reaching out to TAC as they can help you validate if you are indeed starting to reach and exceed the recommended limits. In addition, there are ways you can optimize your rules which will in turn reduce your ACL elements.

I hope this helps!

Thank you for rating helpful posts!

0 Helpful

askaerr
Level 1
Level 1

‎04-30-2020 12:38 AM

From Cisco Live BRKSEC-3455 (https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKSEC-3455.pdf): Max Recommended AC element count limit is 50k for FPR 2110.

 

Kr,

A

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card