Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How many ACLs / access-lists entries can fit in a FWSM?

access-lists ACLs entries fit fwsm
0
Posted

How many ACLs / access-lists entries can fit in a FWSM?

0 CommentsAdd a Comment

1 Answer

0

A white paper located here details exactly how many ACEs can fit. You should be aware that FWSM ACLs are compiled into a form the hardware can process. Certain ACEs can expand into several nodes and as such it is very difficult to guarantee an exact maximum number. Here is some data that will give you an idea of the best case scenarios. One ACE corresponds to 2 nodes at least. SRM refers to “single routed mode”, while MM refers to “multimode”. Not all nodes are reserved for ACEs, as you can see from “show np 3 acl count”. To estimate how many ACEs can fit, look at the “CLS ACL Rule MAX” number (you need not divide that number by two). It is possible to fit more ACEs in the FWSM by using more than one ACL memory partition (see white paper), but this requires multiple virtual firewalls. 2.3(4) SRM: ———– FWSM(config)# sh np 3 acl stats —————————- ACL Tree Statistics —————————- Rule count : 0 Bit nodes (PSCB’s): 0 Leaf nodes : 0 Total nodes : 0 (m

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.