Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Somehow my FWSM is reporting SNMP requests blocked by an ACL, despite the ACL on the interface having only the two rules that permit all IP and all ICMP. Anyone encounter this before or know what's up?Sample logged message from an SNMP request:%FWSM-...
If I'm monitoring a port on SPAN, will traffic blocked by an access-list on that port still be copied by SPAN to the SPAN Destination port, or does SPAN monitoring take place after firewall filtering?
I'm running into an issue where my 6509 with FWSM installed is lets www requests through, but blocks DNS, despite being told to permit both.Most perversely, it's blocking DNS on my internal networks. I've got the FWSM set up in single context mode, w...
I'm attempting to copy a new startup config to my FWSM via ftp, but see only "protocol error"s. The 6500 hosting the FWSM can make the same copy command without issue, and the FWSM can ping the ftp server.Would anyone be so kind as to suggest some d...
Good thought. All the addresses on the system are NATted back to themselves, but having pointed SNMP at the ingress address, I didn't have the NAT bypass on its subnet. I'll have to give that a try.
Thanks. I'd found that out peicemeal along the way. Had I read that early on, it would have saved me a lot of trouble. That, and the whole deal with the system reserving power for a redundant supervisor card that we will never install. Humbug.
Apparently that doesn't work. Shutting power off to a non-existant card generates the message:% module is not present...and the 6509 continues to allocate power to it.
