We are looking at upgrading form cisco 3845s to 3945s as the 3945 is still in support for the duration that we need to keep it around.
One reason for going with the 3945 vs something like an ISR or ISR is ease of migrating the configs.
We have a number of ACLs and inspection statements (including reflexive ACLs) that are in place on the 3845 right now using the classic IOS/CBAC syntax as opposed to zone based FW.
I'm finding some conflicting information on the 3945s and would like to validate that the current ACL/inspect statements in the CBAC syntax will transfer over to the 3945s on a supported code release.
Right now, we have ACLs on the 3845s that use the classic CBAC syntax as shown below
ip access-list extended inlist deny ip x.x.x.x 0.0.0.255 any log-input deny ip x.x.x.x 0.0.0.255 any log-input deny ip x.x.x.x 0.0.0.255 any log-input permit icmp any any permit udp any eq domain any gt 1023 ... evaluate tmplist deny ip any any log-input ip access-list extended outlist deny ip x.x.x.x 0.0.0.255 any log-input deny ip x.x.x.x 0.0.0.255 any log-input deny ip x.x.x.x 0.0.0.255 any log-input permit icmp any any permit udp any eq domain any gt 1023 permit udp any any eq domain permit tcp any x.x.x.x 0.0.0.255 eq domain ... permit tcp x.x.x.x 0.0.0.255 any reflect tmplist deny ip any any log-input
and inspection policies that look like this
ip inspect alert-off ip inspect max-incomplete high 1000 ip inspect max-incomplete low 1000 ip inspect name PUBLIC_OUT fragment maximum 256 timeout 5 ip inspect name PUBLIC_OUT ftp ip inspect name PUBLIC_OUT icmp ip inspect name PUBLIC_OUT smtp ip inspect name PUBLIC_OUT tcp ip inspect name PUBLIC_OUT udp
And then those policies are applied to their respective interfaces.
Will the 3945 with a supported code release, and/or the latest code release, allow the above CBAC syntax to transfer over from our 3845s? It was my understanding that new newer ISR and ASR series routers only supported the zone based firewall, and in the interest in ease of portability and given that we only need these devices around for a year or two, I wanted to instead purchase 3945s as they are adequately spec'd for our circuits and my hope was to be able to transfer over the CBAC/inspection config exactly as it is now.
However, I can't fully understand if supported code releases on the 3945 support this older CBAC style or if it's all ZBFW now.
Thanks for the help!
... View more
We are running a WAAS server, version 126.96.36.19905 on a server 2008 VM
Recently, the postgreSQL DB has started to grow very rapidly, 10+ GB in a day sometimes. We tried growing the drive by 5 GB, and it used up that space within a few hours. Right now it has 233 MB free.
Does anyone happen to know what might cause this, or if there is any way to change the DB settings or try to determine the reason for such rapid growth? We have made no changes to the environment recently. I have pretty much no postgreSQL knowledge.
I did poke around the admin console a bit, and it looks like either a normal vacuum or full vacuum might help. The full vacuum says it will return space to the OS, but as the drive has 200 MB free, and the "controller" DB is 47 GB, a full vacuum is not possible due to the extra space needed as from what i understand it pretty much creates a new copy of the DB in the process. Would a normal vacuum help at all?
Really I'm just looking for reasons to determine why the DB suddenly has started growing, and how to manage the growth and/or gain disk space back. The server is a 25 user license only, and like I said there have been no changes recently made at all.
Please let me know if any additional information is needed. Thanks.
... View more