We are facing a problem with our FWSM. There are some rules that is configured (and enabled) what it seems not working properly.
Yesterday, I received complaints from the users they dont reach servers at 1521 port. I confirm the rule that allows that traffic is correct and enabled so I launched 2 captures, one on input interface (I can see the traffic) and other one in the output interface (no traffic there), I get very surprised.
The next step was to enabled the log on the policy (through ASDM). One minute after of it the customer tells me the issue is fixed and asking me what did I do, I didn't do nothing!!, only enables the log on the policy!.
The customer, and me, are worried about this, this is the second time it happens and I dont have an logic explanation about the FWSM behaviour. The version is 4.0(7) and ASDM is 6.1(5)F.
Someone has an idea about what's going on?.
Thanks a lot,
That is correct. sh tech is just for backup.
Your acl count is not high at all.
You can disable optimization now.
You can check the limitation here: http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/specs_f.html#wp1067359
for both single and multiple context.
Do you have access-list optimization enabled?