Preview Tool

Cisco Bug: CSCtf17361 - FWSM not check resource limits when editing ACL used in service-policy

Last Modified

Feb 22, 2014

Products (1)

  • Cisco Catalyst 6500 Series Firewall Services Module

Known Affected Releases

3.2(9) 4.0(10) 4.0(4)

Description (partial)

# Release-note

 When applying service-policy, resource check does work as the following:

  ERROR: Unable to add, fixup config limit reached
  ERROR: Cannot add policy to rule engine

  However, the resource check does not  seem to work when editing ACL already used in service-policy. It is afraid that configuration  can be lost when rebooting FWSM with the config not checked saved.


The issue will happen only if all the ACEs are removed from the ACL, while it is still in use by a service-policy. Also, the issue will happen only if the last ace deleted from the acl to make it empty is an object-group ACE. For a regular ACE, it will prompt the error that acl is in use and cannot be removed.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.