Cisco Cisco Catalyst 6500 Series Firewall Services Module

CSCth64565

In FWSM Version 3.2(10), entering the sunrpc-server command will only work with /32 masks 
defined if using Server IP host. If you want to use the network mask, then you need to define the 
network IP. If you are using the Server IP address and the network mask, it will not work. It will not 
trigger the sunrpc-server.

Workaround: Define mask /32 is using Server IP host. Define network IP is using network mask

CSCth95284

A FWSM that running Version 4.0(11) might crash at Thread Name: PAT XlateCache.

Workaround: None.

CSCti12787

After you upgrade an FWSM from Version 4.0(8) to Version 4.0(12) in an IPV6 environment, the 
CPU usage is high, about 99%.

Workaround: Temporarily downgrade to Version 4.0(8). The CPU usage should return to the 
normal baseline usage. 

CSCtc54126 

When using SIP inspection, the connection table continuously increases with stuck SIP media 
connections. The SIP inspection does not clear them automatically.

Workaround: Enter the clear xlate command to clear all connections.

CSCtf83964

With failover enabled, OSPF takes a long time to reach fully loaded state with OSPF neighbors.

Workaround: Use static routes.

CSCtf87102

When you have a large number of access lists (over 100,000) and access-list optimization is enabled, 
access lists may not compile as expected. 

Workaround: Disable access-list optimization.

CSCtf94490

The snmpget command is failing for the following parameter:

CISCO-UNIFIED-FIREWALL-MIB::cufwUrlfServerStatus

snmpwalk responds back with a value, but snmpget fails for the same OID.

For example:

# snmpwalk -On -v 2c -c SEGE sdhq-fwm-02-01

.1.3.6.1.4.1.9.9.491.1.3.3.1.1.5

.1.3.6.1.4.1.9.9.491.1.3.3.1.1.5.1.4.10.80.24.103.15868 = INTEGER:

online(1)

# snmpget -v 2c -c SEGE sdhq-fwm-02-01

.1.3.6.1.4.1.9.9.491.1.3.3.1.1.5.1.4.10.80.24.103.15868

CISCO-UNIFIED-FIREWALL-MIB::cufwUrlfServerStatus.ipv4."10.80.24.103".158

68 = No Such instance currently exists at this OID