Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Putting ACLs to FWSM more quickly?


If i can believe the documentation of the FWSM, there are only 2 possibilities to get ACLs to the FWSM configuration:

a) building the ACLs via the ASDM gui

b) using the command line interface

Both ways are rather intricately. Instead i would prefer the way you can put ACLs to the 6500 Router: using rsh e.g.

So i can create all of the ACLs in a textfile and transfer it to the Router/FWSM finally.

Is there a possibility to get ACLs to the FWSM that way?




Re: Putting ACLs to FWSM more quickly?


You can do this exactly by using the copy command ie:

copy tftp:// running-config

However, remember this is a 'merge' - it won't wipe out access lists (unless you put that command in there with a 'no' command) This is a good way to script large changes to your configuration.

You may want to turn on manual commit (access-list mode manual-commit) so that your changes aren't applied and you can make sure that everything looks correct after you transfer the acl changes to the firewall.

More information on the copy command here:


Please rate if this helps.

New Member

Re: Putting ACLs to FWSM more quickly?

Hi Jason!

Using "copy tftp..." or "configure net" works well.

But is there a possibility to do it remote without logging in to the FWSM manually?

On the Cat6000 e.g. there you can use rsh or rcp with a linux script. So i just have to start the script on a linux pc without manually logging in to the Router.

I have not found yet a way, to do it same way with FWSM. Is this feature missing?



New Member

Re: Putting ACLs to FWSM more quickly?

Anyone any idea?