Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM - Disable ACL Optimisation


I am looking to disable ACL optimization on a single context as part of a strategy to 'clean up' the firewall rule base.I was wondering if anyone had done this before and what there experience was. I would specifically like to know if it is likely to have an impact on production traffic and how long this may take.

I have checked the partition resources and the number of ACL entries does not exceed the maximum, so I should ok there.

FWSM# sho np 3 acl count 2

-------------- CLS Rule Current Counts --------------

CLS Filter Rule Count       :             0

CLS Fixup Rule Count        :            12

CLS Est Ctl Rule Count      :             0

CLS AAA Rule Count          :             0

CLS Est Data Rule Count     :             0

CLS Console Rule Count      :            12

CLS Policy NAT Rule Count   :             1

CLS ACL Rule Count          :          9002

CLS ACL Uncommitted Add     :             0

CLS ACL Uncommitted Del     :             0

---------------- CLS Rule MAX Counts ----------------

CLS Filter MAX              :           576

CLS Fixup MAX               :          1537

CLS Est Ctl Rule MAX        :            96

CLS Est Data Rule MAX       :            96

CLS AAA Rule MAX            :          1345

CLS Console Rule MAX        :           384

CLS Policy NAT Rule MAX     :           384

CLS ACL Rule MAX            :         14801

Any advice would be appreciated.

Please let me know if you require any more information from me.

Kind regards


CreatePlease login to create content