Cisco Cisco Catalyst 6500 Series Firewall Services Module
20
Release Notes for the Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module, Software Release 4.0(x)
Resolved Caveats
Resolved Caveats in Software Release 4.0(10)
•
CSCtb34170
When the FWSM is configured with a static PAT command on the outside interface, if you remove
the command, traffic from inside to outside is blocked. This occurs even when nat-control is
disabled. To recover, you need to reload the FWSM.
the command, traffic from inside to outside is blocked. This occurs even when nat-control is
disabled. To recover, you need to reload the FWSM.
Workaround: None.
•
CSCtc36380
The FWSM corrupts the ICMP checksum of ICMP unreachable traffic that passes through the
FWSM. This causes the destination host to discard the packet because the checksum is not correct.
FWSM. This causes the destination host to discard the packet because the checksum is not correct.
Workaround: None.
The caveats listed in
were resolved in software Release 4.0(10), and were not previously
documented. If you are a registered Cisco.com user, view more information about each caveat using the
Bug Toolkit at the following website:
Bug Toolkit at the following website:
CSCtd86296
FWSM: Need to extend syslog message %FWSM-2-106024
CSCte25307
Telnet NOOP command sent to FWSM causes next character to be dropped
CSCte48165
Broken single ip address feature for more than 1 “virtual” protocols use
CSCte48563
NP3 pauses due to duplicate xlate created for identity traffic
CSCte51034
FWSM doesnt failover static routes pointing to its own interface
CSCte66339
policy-map names exceeding 16 characters leak memory upon ACE addition
CSCte70411
IPv6 object-group does not allow nested objects
CSCtf49704
FWSM software forced reloads in - Thread Name: websns_snd
Table 7
Resolved Caveats in Release 4.0(11) (continued)
Caveat ID
Description
Table 8
Resolved Caveats in Release 4.0(10)
Caveat ID
Description
CSCsk12223
FWSM running 3.1.6 crashes on Thread name ssh
CSCta64836
Firewall blade unexpectdly reloads with traffic
CSCta64957
No new connections on after failover with a particular NAT configuration
CSCta74788
Incorrect xlate replicated to standby for same security interface
CSCtb14966
SunRPC inspection drops GETPORT reply packet
CSCtb34170
Static PAT causing failure for traffic from inside
CSCtc02363
RTSP inspect incorrect IP address translation in URL headers
CSCtc36009
TCP reset option incorrectly appears in set connection timeout command
CSCtc36050
capture feature shows ICMP payload modified by firewall when it is not
CSCtc40207
Standby transparent FWSM might send arp request using active MAC
CSCtc68193
snmp query for any OID under 1.3.6.1.2.1. causes np xlate query