07-02-2009 06:09 AM - edited 03-08-2019 06:28 PM
When changing the activation keys on an FWSM, changes in the licensed interface count may seem confusing. This article's goal is to clear up the confusion. The "Maximum Interfaces" count shown in 'show version' is dependent upon BOTH the license itself (Default key or not) and the mode that the FWSM is in (single-mode or multi-mode). Below are the 4 different scenarios faced when using FWSM 3.x with different licenses:
The interface count is set to 256 since we can only support a maximum of 256 interfaces in a single context firewall.
FWSM Firewall Version 3.1(3)
Detected an old ASDM version.
You will need to upgrade it before using ASDM.
Compiled on Wed 27-Sep-06 02:59 by dalecki
FWSM up 2 mins 41 secs
Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash TOSHIBA THNCF128MBA @ 0xc321, 20MB
0: Int: Not licensed : irq 5
1: Int: Not licensed : irq 7
2: Int: Not licensed : irq 11
The Running Activation Key is not valid, using default settings:
Licensed features for this platform:
Maximum Interfaces : 256
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
Serial Number: SAD07300167
Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000
Configuration last modified by enable_15 at 08:47:42.710 UTC Tue Nov 25 2008
The interface count is set to 300 since we can only support a maximum of 100 interfaces per virtual context and you are given 3 contexts with the default key. The 3 contexts are 2 User configurable contexts and 1 Context designated as Admin. Therefore (2 x 100) + (1 x 100) = 300 interfaces.
FWSM Firewall Version 3.1(3) <system>
Detected an old ASDM version.
You will need to upgrade it before using ASDM.
Compiled on Wed 27-Sep-06 02:59 by dalecki
FWSM up 9 days 19 hours
Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash TOSHIBA THNCF128MBA @ 0xc321, 20MB
0: Int: Not licensed : irq 5
1: Int: Not licensed : irq 7
2: Int: Not licensed : irq 11
Licensed features for this platform:
Maximum Interfaces : 300
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
Serial Number: SAD07300167
Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000
Configuration last modified by enable_15 at 08:40:29.250 UTC Tue Nov 25 2008
The interface count is set back to 256 since we can only support a maximum of 256 interfaces in a single context firewall regardless of license.
FWSM Firewall Version 3.1(3)
Detected an old ASDM version.
You will need to upgrade it before using ASDM.
Compiled on Wed 27-Sep-06 02:59 by dalecki
FWSM up 3 mins 33 secs
Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash TOSHIBA THNCF128MBA @ 0xc321, 20MB
0: Int: Not licensed : irq 5
1: Int: Not licensed : irq 7
2: Int: Not licensed : irq 11
Licensed features for this platform:
Maximum Interfaces : 256
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 250
GTP/GPRS : Disabled
VPN Peers : Unlimited
Serial Number: SAD07300167
Running Activation Key: 0xa24e4470 0x7d4abc2f 0x1afdb59c 0xa63c0f66
Configuration last modified by enable_15 at 08:47:43.540 UTC Tue Nov 25 2008
The interface count is set to 1000. This is the most the FWSM can handle and is therefore now the maximum interface count.
FWSM Firewall Version 3.1(3) <system>
Detected an old ASDM version.
You will need to upgrade it before using ASDM.
Compiled on Wed 27-Sep-06 02:59 by dalecki
FWSM up 9 days 19 hours
Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash TOSHIBA THNCF128MBA @ 0xc321, 20MB
0: Int: Not licensed : irq 5
1: Int: Not licensed : irq 7
2: Int: Not licensed : irq 11
Licensed features for this platform:
Maximum Interfaces : 1000
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 250
GTP/GPRS : Disabled
VPN Peers : Unlimited
Serial Number: SAD07300167
Running Activation Key: 0xa24e4470 0x7d4abc2f 0x1afdb59c 0xa63c0f66
Configuration last modified by enable_15 at 08:40:28.790 UTC Tue Nov 25 2008
The limit per context is still 100 interfaces.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: