Cisco Cisco Catalyst 6500 Series Firewall Services Module
17
Release Notes for the Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module, Software Release 4.0(x)
Resolved Caveats
•
CSCth64565
In FWSM Version 3.2(10), entering the sunrpc-server command will only work with /32 masks
defined if using Server IP host. If you want to use the network mask, then you need to define the
network IP. If you are using the Server IP address and the network mask, it will not work. It will not
trigger the sunrpc-server.
defined if using Server IP host. If you want to use the network mask, then you need to define the
network IP. If you are using the Server IP address and the network mask, it will not work. It will not
trigger the sunrpc-server.
Workaround: Define mask /32 is using Server IP host. Define network IP is using network mask
•
CSCth95284
A FWSM that running Version 4.0(11) might crash at Thread Name: PAT XlateCache.
Workaround: None.
•
CSCti12787
After you upgrade an FWSM from Version 4.0(8) to Version 4.0(12) in an IPV6 environment, the
CPU usage is high, about 99%.
CPU usage is high, about 99%.
Workaround: Temporarily downgrade to Version 4.0(8). The CPU usage should return to the
normal baseline usage.
normal baseline usage.
Resolved Caveats in Software Release 4.0(12)
•
CSCtc54126
When using SIP inspection, the connection table continuously increases with stuck SIP media
connections. The SIP inspection does not clear them automatically.
connections. The SIP inspection does not clear them automatically.
Workaround: Enter the clear xlate command to clear all connections.
•
CSCtf83964
With failover enabled, OSPF takes a long time to reach fully loaded state with OSPF neighbors.
Workaround: Use static routes.
•
CSCtf87102
When you have a large number of access lists (over 100,000) and access-list optimization is enabled,
access lists may not compile as expected.
access lists may not compile as expected.
Workaround: Disable access-list optimization.
•
CSCtf94490
The snmpget command is failing for the following parameter:
CISCO-UNIFIED-FIREWALL-MIB::cufwUrlfServerStatus
snmpwalk responds back with a value, but snmpget fails for the same OID.
For example:
# snmpwalk -On -v 2c -c SEGE sdhq-fwm-02-01
.1.3.6.1.4.1.9.9.491.1.3.3.1.1.5
.1.3.6.1.4.1.9.9.491.1.3.3.1.1.5.1.4.10.80.24.103.15868 = INTEGER:
online(1)
# snmpget -v 2c -c SEGE sdhq-fwm-02-01
.1.3.6.1.4.1.9.9.491.1.3.3.1.1.5.1.4.10.80.24.103.15868
CISCO-UNIFIED-FIREWALL-MIB::cufwUrlfServerStatus.ipv4."10.80.24.103".158
68 = No Such instance currently exists at this OID