×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Understanding Licensed Interface Counts on the FWSM

Document

Thu, 02/24/2011 - 06:04
Jul 2nd, 2009
User Badges:
  • Cisco Employee,

Overview

When changing the activation keys on an FWSM, changes in the licensed interface count may seem confusing. This article's goal is to clear up the confusion. The "Maximum Interfaces" count shown in 'show version' is dependent upon BOTH the license itself (Default key or not) and the mode that the FWSM is in (single-mode or multi-mode). Below are the 4 different scenarios faced when using FWSM 3.x with different licenses:

Single Context Mode - Default Key (256 Interfaces)

The interface count is set to 256 since we can only support a maximum of 256 interfaces in a single context firewall.


</code></p><pre style="padding-left: 30px;">FWSM Firewall Version 3.1(3)<br/>Detected an old ASDM version.<br/>You will need to upgrade it before using ASDM.<br/><br/>Compiled on Wed 27-Sep-06 02:59 by dalecki<br/><br/>FWSM up 2 mins 41 secs<br/><br/>Hardware:   WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz<br/>Flash TOSHIBA THNCF128MBA @ 0xc321, 20MB<br/><br/> 0: Int: Not licensed        : irq 5<br/> 1: Int: Not licensed        : irq 7<br/> 2: Int: Not licensed        : irq 11<br/>The Running Activation Key is not valid, using default settings:<br/><br/>Licensed features for this platform:<br/>Maximum Interfaces          : 256<br/>Inside Hosts                : Unlimited<br/>Failover                    : Active/Active<br/>VPN-DES                     : Enabled<br/>VPN-3DES-AES                : Enabled<br/>Cut-through Proxy           : Enabled<br/>Guards                      : Enabled<br/>URL Filtering               : Enabled<br/>Security Contexts           : 2<br/>GTP/GPRS                    : Disabled<br/>VPN Peers                   : Unlimited<br/><br/>Serial Number: SAD07300167<br/>Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000<br/>Configuration last modified by enable_15 at 08:47:42.710 UTC Tue Nov 25 2008</pre><h2><span class="editsection"></span><span class="mw-headline">Multiple Context Mode - Default Key (300 Interfaces) </span></h2><p>The interface count is set to 300 since we can only support a maximum of 100 interfaces per virtual context and you are given 3 contexts with the default key. The 3 contexts are 2 User configurable contexts and 1 Context designated as Admin. Therefore (2 x 100) + (1 x 100) = 300 interfaces.</p><p></p><p><code>
FWSM Firewall Version 3.1(3) <system>
Detected an old ASDM version.
You will need to upgrade it before using ASDM.

Compiled on Wed 27-Sep-06 02:59 by dalecki

FWSM up 9 days 19 hours

Hardware:   WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash TOSHIBA THNCF128MBA @ 0xc321, 20MB

0: Int: Not licensed        : irq 5
1: Int: Not licensed        : irq 7
2: Int: Not licensed        : irq 11

Licensed features for this platform:
Maximum Interfaces          : 300
Inside Hosts                : Unlimited
Failover                    : Active/Active
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
Cut-through Proxy           : Enabled
Guards                      : Enabled
URL Filtering               : Enabled
Security Contexts           : 2
GTP/GPRS                    : Disabled
VPN Peers                   : Unlimited

Serial Number: SAD07300167
Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000
Configuration last modified by enable_15 at 08:40:29.250 UTC Tue Nov 25 2008

Single Context Mode - Non-Default Key (256 Interfaces)

The interface count is set back to 256 since we can only support a maximum of 256 interfaces in a single context firewall regardless of license.


</code></p><pre style="padding-left: 30px;">FWSM Firewall Version 3.1(3)<br/>Detected an old ASDM version.<br/>You will need to upgrade it before using ASDM.<br/><br/>Compiled on Wed 27-Sep-06 02:59 by dalecki<br/><br/>FWSM up 3 mins 33 secs<br/><br/>Hardware:   WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz<br/>Flash TOSHIBA THNCF128MBA @ 0xc321, 20MB<br/><br/> 0: Int: Not licensed        : irq 5<br/> 1: Int: Not licensed        : irq 7<br/> 2: Int: Not licensed        : irq 11<br/><br/>Licensed features for this platform:<br/>Maximum Interfaces          : 256<br/>Inside Hosts                : Unlimited<br/>Failover                    : Active/Active<br/>VPN-DES                     : Enabled<br/>VPN-3DES-AES                : Enabled<br/>Cut-through Proxy           : Enabled<br/>Guards                      : Enabled<br/>URL Filtering               : Enabled<br/>Security Contexts           : 250<br/>GTP/GPRS                    : Disabled<br/>VPN Peers                   : Unlimited<br/><br/>Serial Number: SAD07300167<br/>Running Activation Key: 0xa24e4470 0x7d4abc2f 0x1afdb59c 0xa63c0f66<br/>Configuration last modified by enable_15 at 08:47:43.540 UTC Tue Nov 25 2008</pre><h2><span class="editsection"></span><span class="mw-headline">Multi Context Mode - Non-Default Key (1000 Interfaces) </span></h2><p>The interface count is set to 1000. This is the most the FWSM can handle and is therefore now the maximum interface count.</p><p></p><p><code>
FWSM Firewall Version 3.1(3) <system>
Detected an old ASDM version.
You will need to upgrade it before using ASDM.

Compiled on Wed 27-Sep-06 02:59 by dalecki

FWSM up 9 days 19 hours

Hardware:   WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash TOSHIBA THNCF128MBA @ 0xc321, 20MB

0: Int: Not licensed        : irq 5
1: Int: Not licensed        : irq 7
2: Int: Not licensed        : irq 11

Licensed features for this platform:
Maximum Interfaces          : 1000
Inside Hosts                : Unlimited
Failover                    : Active/Active
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
Cut-through Proxy           : Enabled
Guards                      : Enabled
URL Filtering               : Enabled
Security Contexts           : 250
GTP/GPRS                    : Disabled
VPN Peers                   : Unlimited

Serial Number: SAD07300167
Running Activation Key: 0xa24e4470 0x7d4abc2f 0x1afdb59c 0xa63c0f66
Configuration last modified by enable_15 at 08:40:28.790 UTC Tue Nov 25 2008


The limit per context is still 100 interfaces.

Loading.

Actions

This Document

Related Content