12-09-2010 07:19 AM - edited 03-11-2019 12:20 PM
Hi,
Is it possible in fwsm to delete the image that has been loaded in the application pratition e.g cf:5, so that FWSM looks like how its came from the store.
12-09-2010 09:50 AM
NO. You just do a "write erase" and reload without saving to wipe the config.
As far as the code you just have to upload the code that you need via tftp.
-KS
12-09-2010 10:06 PM
Thank you for the swift reply, I had a doubt regarding the same. I have installed 4.0.4 image on cf:4 and cf:5, is there any way to delete what i installed on cf:5.
12-10-2010 06:26 AM
Hi.
You can't delete the software on a partition. you can only install another one in place of the current one.
Regards,
Fadi.
12-10-2010 07:59 AM
One more doubt. I have implemented VSS with 12.2sxi4a and FWSM 4-1-3. The doubt regarding this is whether the configuration on active FWSM will be replicated on to the standby fwsm on standby chasis. I have not deployed failover between FWSM's and i have done a VSS FWSM integration with standlone FWSM.
12-10-2010 09:12 AM
Yes. It sure will. That is what failover is all about.
Any command that you add to the active unit's configuration it will get replicated over to the standby unit via the failover vlan.
You can see sample configs here: http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/exampl_f.html#wp1049436
If this answers your question pls. mark this thread answered.
Thanks,
Kureli
12-10-2010 09:48 PM
Thanks poonguzhali for the reply, But
my doubt is that , i am deploying FWSM in VSS with prescribed
IOS and fwsm software, according to the link : http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps9336/white_paper_c11_513360.html
if i am deploying Fwsm's in standalone mode in vss and publishing the vlan groups for both chasis as below
firewall switch 1 module 5 vlan-group 5
firewall switch 2 module 5 vlan-group 5
whether i could achieve fwsm failover with out giving below mentioned command in fwsm. Please note this is FWSM VSS integration scenerio.
failover lan interface faillink vlan 10
failover link statelink vlan 11
failover lan unit primary
failover preempt 5
failover interface ip faillink 192.168.253.1 255.255.255.252 standby 192.168.253.2
failover interface ip statelink 192.168.253.5 255.255.255.252 standby 192.168.253.6
failover interface-policy 50%
failover replication http
failover
I am thinking in this way: In VSS if i am putting FWSM on the primary 6509 and FWSM on seconday 6509 (using ios :12.2(33)SXI and 4.1.3), The fwsm's will act just like putting 2 FWSM's on a singe 6509 chasis. Please correct if i am wrong
...
12-11-2010 07:44 AM
Sreekanth,
You do need to configure failover between the two FWSMs if you want to achieve failover.
Otherwise there is no mechanism to sync config between the two FWSMs when config changes on one unit.
-KS
12-11-2010 09:16 AM
12-12-2010 12:10 AM
Hi poonguzhali,
I have one doublt regarding FWSM 4.1 ,We used to copy the access list and other configuration to fwsm using Telnet console to FWSM via session slot command from 6500 Switch, I have seen that when copying more than 5 access-list at a time to any context ,the telnet session as well the connectivity is lost for more that 5 minutes and the switch port on which i connected my laptop is not able ping the Switch SVI. Also the commands i copied are not reflected in the context configuration.I found this in both 4.0 and 4.1. What might be wrong.
12-12-2010 11:55 AM
Sreekanth,
Next time it would be nice if you would spin up a new thread for each new issue. This one started off with "restore to factory default" then touched on vss stand alone and failover now, you are talking about access-list copy paste and losing connectivity.
Also, pls. consider rating/marking the post answered when your initial query is answered.
Well I believe the ACL optimization is taking some time to complete.
Could you try to take all the acl and put them on a text file and then upload the file via tftp to the disk: and then "copy disk:/acess-list.txt run"?
You you have access-list optimization enabled? If so disable that and try it again.
Look for the command "ACCESS-LIST OPTIMIZATION ENABLED".
Here is the command ref: http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/command/reference/a1.html#wp1622153
-KS
12-13-2010 05:21 AM
Sorry fot that. I will make a new thread for it . Thanks poonguzahli for the help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide