Hi
I am looking to disable ACL optimization on a single context as part of a strategy to 'clean up' the firewall rule base.I was wondering if anyone had done this before and what there experience was. I would specifically like to know if it is likely to have an impact on production traffic and how long this may take.
I have checked the partition resources and the number of ACL entries does not exceed the maximum, so I should ok there.
FWSM# sho np 3 acl count 2
-------------- CLS Rule Current Counts --------------
CLS Filter Rule Count : 0
CLS Fixup Rule Count : 12
CLS Est Ctl Rule Count : 0
CLS AAA Rule Count : 0
CLS Est Data Rule Count : 0
CLS Console Rule Count : 12
CLS Policy NAT Rule Count : 1
CLS ACL Rule Count : 9002
CLS ACL Uncommitted Add : 0
CLS ACL Uncommitted Del : 0
---------------- CLS Rule MAX Counts ----------------
CLS Filter MAX : 576
CLS Fixup MAX : 1537
CLS Est Ctl Rule MAX : 96
CLS Est Data Rule MAX : 96
CLS AAA Rule MAX : 1345
CLS Console Rule MAX : 384
CLS Policy NAT Rule MAX : 384
CLS ACL Rule MAX : 14801
Any advice would be appreciated.
Please let me know if you require any more information from me.
Kind regards
Richard