Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Understanding Licensed Interface Counts on the FWSM

 

Overview

When changing the activation keys on an FWSM, changes in the licensed interface count may seem confusing. This article's goal is to clear up the confusion. The "Maximum Interfaces" count shown in 'show version' is dependent upon BOTH the license itself (Default key or not) and the mode that the FWSM is in (single-mode or multi-mode). Below are the 4 different scenarios faced when using FWSM 3.x with different licenses:

Single Context Mode - Default Key (256 Interfaces)

The interface count is set to 256 since we can only support a maximum of 256 interfaces in a single context firewall.

 

 

FWSM Firewall Version 3.1(3)
Detected an old ASDM version.
You will need to upgrade it before using ASDM.

Compiled on Wed 27-Sep-06 02:59 by dalecki

FWSM up 2 mins 41 secs

Hardware:   WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash TOSHIBA THNCF128MBA @ 0xc321, 20MB

0: Int: Not licensed        : irq 5
1: Int: Not licensed        : irq 7
2: Int: Not licensed        : irq 11
The Running Activation Key is not valid, using default settings:

Licensed features for this platform:
Maximum Interfaces          : 256
Inside Hosts                : Unlimited
Failover                    : Active/Active
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
Cut-through Proxy           : Enabled
Guards                      : Enabled
URL Filtering               : Enabled
Security Contexts           : 2
GTP/GPRS                    : Disabled
VPN Peers                   : Unlimited

Serial Number: SAD07300167
Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000
Configuration last modified by enable_15 at 08:47:42.710 UTC Tue Nov 25 2008

Multiple Context Mode - Default Key (300 Interfaces)

The interface count is set to 300 since we can only support a maximum of 100 interfaces per virtual context and you are given 3 contexts with the default key. The 3 contexts are 2 User configurable contexts and 1 Context designated as Admin. Therefore (2 x 100) + (1 x 100) = 300 interfaces.

 

 

FWSM Firewall Version 3.1(3) <system>
Detected an old ASDM version.
You will need to upgrade it before using ASDM.

Compiled on Wed 27-Sep-06 02:59 by dalecki

FWSM up 9 days 19 hours

Hardware:   WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash TOSHIBA THNCF128MBA @ 0xc321, 20MB

0: Int: Not licensed        : irq 5
1: Int: Not licensed        : irq 7
2: Int: Not licensed        : irq 11

Licensed features for this platform:
Maximum Interfaces          : 300
Inside Hosts                : Unlimited
Failover                    : Active/Active
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
Cut-through Proxy           : Enabled
Guards                      : Enabled
URL Filtering               : Enabled
Security Contexts           : 2
GTP/GPRS                    : Disabled
VPN Peers                   : Unlimited

Serial Number: SAD07300167
Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000
Configuration last modified by enable_15 at 08:40:29.250 UTC Tue Nov 25 2008

Single Context Mode - Non-Default Key (256 Interfaces)

The interface count is set back to 256 since we can only support a maximum of 256 interfaces in a single context firewall regardless of license.

 

 

FWSM Firewall Version 3.1(3)
Detected an old ASDM version.
You will need to upgrade it before using ASDM.

Compiled on Wed 27-Sep-06 02:59 by dalecki

FWSM up 3 mins 33 secs

Hardware:   WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash TOSHIBA THNCF128MBA @ 0xc321, 20MB

0: Int: Not licensed        : irq 5
1: Int: Not licensed        : irq 7
2: Int: Not licensed        : irq 11

Licensed features for this platform:
Maximum Interfaces          : 256
Inside Hosts                : Unlimited
Failover                    : Active/Active
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
Cut-through Proxy           : Enabled
Guards                      : Enabled
URL Filtering               : Enabled
Security Contexts           : 250
GTP/GPRS                    : Disabled
VPN Peers                   : Unlimited

Serial Number: SAD07300167
Running Activation Key: 0xa24e4470 0x7d4abc2f 0x1afdb59c 0xa63c0f66
Configuration last modified by enable_15 at 08:47:43.540 UTC Tue Nov 25 2008

Multi Context Mode - Non-Default Key (1000 Interfaces)

The interface count is set to 1000. This is the most the FWSM can handle and is therefore now the maximum interface count.

 

 

FWSM Firewall Version 3.1(3) <system>
Detected an old ASDM version.
You will need to upgrade it before using ASDM.

Compiled on Wed 27-Sep-06 02:59 by dalecki

FWSM up 9 days 19 hours

Hardware:   WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash TOSHIBA THNCF128MBA @ 0xc321, 20MB

0: Int: Not licensed        : irq 5
1: Int: Not licensed        : irq 7
2: Int: Not licensed        : irq 11

Licensed features for this platform:
Maximum Interfaces          : 1000
Inside Hosts                : Unlimited
Failover                    : Active/Active
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
Cut-through Proxy           : Enabled
Guards                      : Enabled
URL Filtering               : Enabled
Security Contexts           : 250
GTP/GPRS                    : Disabled
VPN Peers                   : Unlimited

Serial Number: SAD07300167
Running Activation Key: 0xa24e4470 0x7d4abc2f 0x1afdb59c 0xa63c0f66
Configuration last modified by enable_15 at 08:40:28.790 UTC Tue Nov 25 2008

 

The limit per context is still 100 interfaces.

3561
Views
0
Helpful
0
Comments