- Purple, 4500 points or more
Community Spotlight Award,
Member's Choice, February 2016
We have simple setup with 3 to 4 zones in FWSM with simple ip traffic flowing across the zones and no natting is configured also in the FWSM.I would like to know what would be the impact if we disable xlate in global configuration in FWSM and what is the command to do the same.
Is there any default count stored for xlate table in FWSM and what happens when we do clear xlate in FWSM.
Eventhough there is no NAT configured, it still creates the xlate entry in the xlate table. That is why the "xlate-bypass" feature is useful in this case, to surpress the creation of the xlate in the fwsm hardware so it does not hit the hardware limitation withini the fwsm. There is no impact at all to the production traffic.
This feature is only available in fwsm because it's processed in hardware, whereas ASA or PIX firewall process the xlate in software.
Hope that answers your question.