Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FWSM & names.

Hello.

We are using FWSM with software 4.1(1) and ASDM 6.2(1)F.

How can we disable the use of names for the routing table only?

Thanks.

Regards.

Andrea

5 REPLIES
Cisco Employee

Re: FWSM & names.

Unfortunately you can't disable "names" for routing table only. It is a global command and if you disable it, it will disable the name for everything that uses the name command.

Community Member

Re: FWSM & names.

Hello Jennifer and many thanks for your help.

Another two questions for you for the same device.

First, why FWSM takes more than two minutes to show NAT table using GUI?

Second, capture feature shows captured packets after some seconds from conversations?

Thanks.

Andrea

Cisco Employee

Re: FWSM & names.

First question: it really depends on how many existing xlates you might have in the NAT table, and also how is your connection between the FWSM to the GUI? It could be a combination of both that causes the delay.

Second question: capture should show the packets as soon as the traffic/packets are hitting the interfaces. If the traffic does not hit the actual interface, it will not show on the packet capture. It is the first thing that shows for packet going inbound to the interface, and it will be the last thing before packet left the interface going outbound.

Hope that answers your questions.

Community Member

Re: FWSM & names.

Hello Jennifer.

About the first question.

To show one thousand of rules, from Configuration/Firewall menù, FWSM sometimes takes more than two minutes. This happens from different computers: this is tedious.

About second question.

Sometimes, the same FWSM shows the captured packets after the connection is already closed.

Regards.

Andrea

Cisco Employee

Re: FWSM & names.

You might want to open a TAC case to get the 2 issues investigated closer.

For the first question, since you have a thousand rules, around 2 mins is actually already quite fast to retrieve all the 1000 lines of ACL. Those ACL needs to be retrieved from the FWSM and the connectivity between the FWSM and the GUI is via HTTPS, so it needs to transfer the 1000 lines of ACL from the FWSM towards the GUI.

419
Views
0
Helpful
5
Replies
CreatePlease to create content