Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
5
Helpful
2
Replies

ACE limitation on 6500 WS-SVC-FWM1

Go to solution
paul driver
VIP
VIP

‎11-07-2018 01:04 AM - edited ‎03-05-2019 11:02 AM

Hello

I have already posted this in the security forum and as of yet had no feedback so now i am trying R/S forum just in case someone could answer this.

 

Our own FW admins dont know and I cannot find any documentation on CCO, The answer I am looking for is on how the ace limitation on the above FSM is actually calculated.

What I mean is, What constitutes a single ace instance or multiple?

 

Example:
Does an object equal 1 instance or is a calculation also performed on what resides in that object
Same for an ip range, Does this count as just one instance or multiple depending on the size of the ip range specified


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎11-07-2018 01:00 PM

Hi Paul 

 

It's been a while since I have used the FWSM but object groups are expanded and then each line would be an individual entry. 

 

I did a quick search on this  site as I remember this coming up before and found this answer which may be of help - 

 

https://community.cisco.com/t5/firewalls/how-ace-s-are-counted-on-an-fwsm/td-p/1339992

 

Jon

View solution in original post

2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎11-07-2018 01:00 PM

Hi Paul 

 

It's been a while since I have used the FWSM but object groups are expanded and then each line would be an individual entry. 

 

I did a quick search on this  site as I remember this coming up before and found this answer which may be of help - 

 

https://community.cisco.com/t5/firewalls/how-ace-s-are-counted-on-an-fwsm/td-p/1339992

 

Jon

Go to solution
paul driver
VIP
VIP
In response to Jon Marshall

‎11-07-2018 01:20 PM

Hello 

Thanks Jon, This has given me a starting point to work with, Its just a shame that link doesn't work.

 

Whats your personal view on ip ranges would you say the same rule should apply to them also?, Infact thinking about it i guess I should be able to apply a fake rule with an ip range and see the ace total increment with this command sh np 3 acl count

+5 Jon

very much appreciated


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card