Guest

Preview Tool

Cisco Bug: CSCtf17361 - FWSM not check resource limits when editing ACL used in service-policy

Last Modified

Feb 22, 2014

Products (1)

  • Cisco Catalyst 6500 Series Firewall Services Module

Known Affected Releases

3.2(9) 4.0(10) 4.0(4)

Description (partial)

# Release-note

Symptom:
 
 When applying service-policy, resource check does work as the following:

  ERROR: Unable to add, fixup config limit reached
  ERROR: Cannot add policy to rule engine

  However, the resource check does not  seem to work when editing ACL already used in service-policy. It is afraid that configuration  can be lost when rebooting FWSM with the config not checked saved.

 Condition:

The issue will happen only if all the ACEs are removed from the ACL, while it is still in use by a service-policy. Also, the issue will happen only if the last ace deleted from the acl to make it empty is an object-group ACE. For a regular ACE, it will prompt the error that acl is in use and cannot be removed.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.