Guest

Preview Tool

Cisco Bug: CSCtd60672 - FWSM fails to compile ACL when custom partition size used with failover

Last Modified

Aug 08, 2014

Products (1)

  • Cisco Catalyst 6500 Series Firewall Services Module

Known Affected Releases

4.0(6)

Description (partial)

Symptom:

ACL compilation may fail on a Standby unit when enabling failover on it with the following error message:

Memory for compiling access rules exhausted, aborting the
current compilation and continuing to use the existing access rules.

Conditions:

Use custom partitions size with number of ACE's in a context  bigger then the average of ACE's you would be able to put in a context if no custom size was defined
For instance, if you have 12 partitions, we would need the context to hold more then 19219 ACE's while the total size of the partition is big enough to hold all of those ACE's.

Memory for compiling access rules exhausted, aborting the
current compilation and continuing to use the existing access rules.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.