Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

FWSM memory partitions

Hi,

I have a questions on FWSM memory partition. I understand that there are 12 memory partitions and we can configure how many partitions we need.

If i set the number of partition to 6, then each partition will have more resources compared to if i set the number of partitions to 12.

Can i just set the number of partition to 1, then in this case, i have one big memory partition which all the contexts i created will use.

My client (running 3.X) has 6 partitions of equal size. One of the partition is running out of resource and the other partitions still have plenty of resources. I undertand that 4.x has some enhancement on resource allocation. I am just thinking if it might be easier just to have one large partition and any context just use that pool of resrouces. In this way, it will keep things simple..

Has anyone tried this before? Anything i should take note of if i do this?

Thanks

Eng Wee

Everyone's tags (1)
4 REPLIES
Hall of Fame Super Blue

Re: FWSM memory partitions

e-chuah wrote:

Hi,

I have a questions on FWSM memory partition. I understand that there are 12 memory partitions and we can configure how many partitions we need.

If i set the number of partition to 6, then each partition will have more resources compared to if i set the number of partitions to 12.

Can i just set the number of partition to 1, then in this case, i have one big memory partition which all the contexts i created will use.

My client (running 3.X) has 6 partitions of equal size. One of the partition is running out of resource and the other partitions still have plenty of resources. I undertand that 4.x has some enhancement on resource allocation. I am just thinking if it might be easier just to have one large partition and any context just use that pool of resrouces. In this way, it will keep things simple..

Has anyone tried this before? Anything i should take note of if i do this?

Thanks

Eng Wee

Eng

You can do this but i wouldn't recommend it. The whole idea of using memory partitions is to protect virtual firewalls from each other. If you have one big partition with all contexts in and one context consumes all resources then all contexts suffer.

Jon

Cisco Employee

Re: FWSM memory partitions

FWSM 4.x

Total Partitions        ACLs
     12          19219
     11          20821
     10          22714
     9          24985
     8          27761
     7          31232
     6          35693
     5          41642
     4          49971
     3          62464
     2          83285
     1          124928


There is also acl optimization in 4.x.
http://www.cisco.com/en/US/prod/collateral/modules/ps2706/product_bulletin_c25-478751.html


I agree with Jon. May be you can go to 3 partitions and point all the smaller contexts to one partition and give
the bigger context its own partition.

-KS


New Member

Re: FWSM memory partitions

kusankar & Jon,  Thanks for the reply. I managed to get hold of a FWSM and downloaded 4.x to test.  With 1 partition, you get 124928 rules in total excluding the backup tree with 2 partitions, you get 166570 rules in total excluding the backup tree. with 12 partitions, you get 230628 rules in total excluding the backup tree  This is because of the backup tree partition which is equivalent to the size of the biggest partition. So even with one partition, it doesn't mean you can have more context as the total number of rules are also reduced.   Rgds Eng Wee

Cisco Employee

Re: FWSM memory partitions

Looks like you would have to move this big context to a separate firewall. Have you looked at the ASA5580s?

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

-KS

1069
Views
0
Helpful
4
Replies
CreatePlease to create content