Use TurboACL only on PIX Firewall platforms that have 16 MB or more of Flash memory. Consequently, TurboACL is not supported on the PIX 501 because it has 8 MB of Flash memory.

If TurboACL is configured, some access control list or access control list group modifications can trigger regeneration of the TurboACL internal configuration. Depending on the extent of TurboACL configuration(s), this could noticeably consume CPU resources. Consequently, we recommend modifying turbo-complied access lists during non-peak system usage hours.

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a3.html#wp1067755

Rgds,

AK

Thanks AK for your answer. I'm really interested in knowing if there will be any disruption in traffic flow as a result of applying the 'access-list compiled'command for the first time.

Based on my own experienced, I do not see any immediate impact, e.g access suddenly become slow, session get disconnected/dropped and so on.

The firewalls (x2) had closed to 3000 lines of ACLs. I purposely applied the 'access-list compiled' on the 1st box during office hour and with many users/sessions, but so far, no hiccup.

I am not sure about your environment. Maybe it's better to do it after office hour, midnight or weekend to minimize interruption, plus plenty of time to do troubleshooting.

When you apply access-list compiled, Firewall will do some kind of indexing to the ACLs. It will not hold/prevent the ACL's to do traffic filtering processes.

Rgds,

AK