Cisco Cisco ASA 5506W-X with FirePOWER Services Technical Manual
Number of rules on sensor = (Number of Source Subnets or hosts) * (Number of
Destination S) * (Number of Source Ports) * (Number of Destination Ports) * (Number of
Custom URLs)* (Number of VLAN Tags)* (Number of URL Categories)*( Number of valid
source and destination zone pairs)
Destination S) * (Number of Source Ports) * (Number of Destination Ports) * (Number of
Custom URLs)* (Number of VLAN Tags)* (Number of URL Categories)*( Number of valid
source and destination zone pairs)
Note: For the calculations, any value in the field is substituted by 1.The value any in the rule
combination is considered as 1 and it does not increase or expand the rule.
combination is considered as 1 and it does not increase or expand the rule.
Troubleshooting Deployment Failure due to Rule Expansion
When there is a deployment failure after making addition to the access rule, follow the steps
mentioned below for the cases where the rule expansion limit has been reached
mentioned below for the cases where the rule expansion limit has been reached
Check the /var/log/action.queue.log for messages with the following keywords :
Error - too many rules - writing rule 28, max rules 9094
The above message indicates that there is a problem with the number of rules that are being
expanded. Check the configuration on the FMC to optimize the rules based on the scenario's
discussed above.
expanded. Check the configuration on the FMC to optimize the rules based on the scenario's
discussed above.
Related Information
Firepower Management Center Configuration Guide, Version 6.0
●
●