A-5
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Appendix A Specifications
Rule Limits
Rule Limits
The FWSM supports approximately 80K rules for the entire system in single mode, and 142K rules for
multiple mode.
In multiple context mode, each context supports at most 12,130 rules, but the actual number of rules
supported in a context might be less, depending on how many contexts you have. A context belongs to
one of 12 pools that offers a maximum of 12,130 rules. The FWSM assigns contexts to the pools in the
order they are loaded at startup. For example, if you have 12 contexts, each context is assigned to its own
pool, and can use 12,130 rules. If you add one more context, then context number 1 and the new context
number 13 are both assigned to pool 1, and can use 12,130 rules divided between them; the other
11 contexts continue to use 12,130 rules each. If you delete contexts, the pool membership does not shift,
so you might have some unequal distribution until you reboot, at which time the contexts are evenly
distributed.
Note Rules are used up on a first come, first served basis, so one context might use more rules than another
context.
Table A-5 lists the maximum number of each rule type.
Ta b l e A - 5 R u l e L i m i t s
Specification
Context Mode
Single Multiple (Maximum per Pool)
AAA Rules 3,942 606
1
1. For example, if you have 96 contexts evenly distributed among the 12 pools, so there are 8 contexts per pool, each context
can use 75 filter rules, if evenly divided.
ACEs
2
2. access control entries
63,078 9,704
Downloaded ACEs for network access
authorization
3,000 3,000
Established Rules 788 121
Filter Rules 3,942 606
ICMP
3
, Telnet, SSH, and HTTP
4
Rules
3. Internet Control Message Protocol
4. HyperText Transfer Protocol
2,365 363
Policy NAT ACEs 3,942 606
To Next Page
Loading...
Need help?
General