Cisco Bug: CSCtf17361 - FWSM not check resource limits when editing ACL used in service-policy
Feb 22, 2014
- Cisco Catalyst 6500 Series Firewall Services Module
Known Affected Releases
3.2(9) 4.0(10) 4.0(4)
# Release-note Symptom: When applying service-policy, resource check does work as the following: ERROR: Unable to add, fixup config limit reached ERROR: Cannot add policy to rule engine However, the resource check does not seem to work when editing ACL already used in service-policy. It is afraid that configuration can be lost when rebooting FWSM with the config not checked saved. Condition: The issue will happen only if all the ACEs are removed from the ACL, while it is still in use by a service-policy. Also, the issue will happen only if the last ace deleted from the acl to make it empty is an object-group ACE. For a regular ACE, it will prompt the error that acl is in use and cannot be removed.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases