Preview Tool

Cisco Bug: CSCtd46152 - CSM inserting "inspect dns maximum-length 0" for default value on FWSM

Last Modified

Nov 10, 2016

Products (1)

  • Cisco Security Manager

Known Affected Releases

3.2(2) 3.3(0) 3.3(1)

Description (partial)


Upon importing the config from FWSM, if the maximum packet length for dns
inspection was not specified, CSM would try to push value 0 (inspect dns
maximum-length 0) even thought the default value is 512. This will result in a
failed deployment as value 0 is not supported by FWSM.


Not specifying maximum packet length for dns inspection.

policy-map global_policy
 class inspection_default
  inspect dns
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.