Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FWSM interfaces down


I have a problem with FWSM running version 3.2(5) on Catalyst 6506 with 12.2SXH(33)a. All the interfaces of the FWSM are in down/down state without any explicable reason. The output is in the attachment - FWSM2 is the problematic one, FWSM1 is working fine. Uptime is 16 days on both modules.

Both switches have this configuration:

firewall multiple-vlan-interfaces

firewall module 1 vlan-group 2,

firewall vlan-group 2 77-80,749,750

I have one more 6506 with FWSM both running the same versions - the module works just fine. The trunks between the two switches are up, the VLANs are in STP Forwarding State (I'm running MST btw), everything looks just fine. The more interesting thing is that I'm 99% sure this problem is reoccurring in time - it appears for a while then it disappears without any logical reason. I searched through the bug toolkit as the FWSM version is quite old but I couldn't find a bug matching this description. Anyone had a similar problem? I plan to do an upgrade tomorrow if I don't find another solution.

Kind Regards,



Re: FWSM interfaces down


It's strange you can access to FWSM cause the SXH IOS is not valid for FWSM support, you need the SXI IOS.

Go to this link:

Select the image you have and you'll see that IOS doesn't support FWSM.


Community Member

Re: FWSM interfaces down

I think you are referring to this feature:

VSS - Firewall Service Module (FWSM) support

This is for 6500 VSS systems and that's not my case. I have a 6509 with Sup10G and FWSM and believe me - it works.

Anyway, the problem disappeared after a restart. I realized that the FWSM was like that since that switch had a major crash 17 days ago as this was the uptime of the module and a single packet wasn't transmitted. If the problem appears again though I'll upgrade the software. Any observations on 4.x track? Is it stable, does it cause any issues with regular L2/L3 protocols?


Re: FWSM interfaces down

The latest 4.0 code is pretty solid and also gives you more room for ACL entries due to code optimizations.

Community Member

Re: FWSM interfaces down

Thanks for the information! Do you have any idea if it's necessary to upgrade the license I have for 3.2 to go to 4.x?

CreatePlease to create content