Cisco Cisco Catalyst 6500 Series Firewall Services Module Release Notes
2
Release Notes for the Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module, Software Release 4.1(x)
New Features
•
When you log in to the system execution space from the switch in multiple context mode, a feature
introduced in FWSM Release 3.2 lets you use authentication using a AAA server or local database.
Previously, the only method of authentication available was to use the login password defined in the
system configuration. The new authentication method is enabled by the aaa authentication telnet
console command in the admin context. If you upgrade to Release 3.2 and later, and have this
command already in the admin context configuration, then authentication for the system execution
space is enabled using the specified server or local database, even if you did not intend to enable it.
To use the login password instead, you must remove the aaa authentication telnet console
command in the admin context.
introduced in FWSM Release 3.2 lets you use authentication using a AAA server or local database.
Previously, the only method of authentication available was to use the login password defined in the
system configuration. The new authentication method is enabled by the aaa authentication telnet
console command in the admin context. If you upgrade to Release 3.2 and later, and have this
command already in the admin context configuration, then authentication for the system execution
space is enabled using the specified server or local database, even if you did not intend to enable it.
To use the login password instead, you must remove the aaa authentication telnet console
command in the admin context.
•
Do not configure both the timeout uauth 0 command and the aaa authentication clear-conn
command; if you do so, you cannot open any connections through the FWSM because the
connection immediately closes when AAA succeeds. This happens every time you try to open a
connection (because the FWSM is not caching uauth entries).
command; if you do so, you cannot open any connections through the FWSM because the
connection immediately closes when AAA succeeds. This happens every time you try to open a
connection (because the FWSM is not caching uauth entries).
•
In 3.x, when you used the set connection command for an access list (match access-list), then
connection settings were applied to each individual ACE; in 4.0 and later, connection settings are
applied to the access list as a whole.
connection settings were applied to each individual ACE; in 4.0 and later, connection settings are
applied to the access list as a whole.
New Features
This section includes the new features for FWSM releases.
Note
There are no new features in FWSM Releases 4.1(2) through 4.1(5) nor in Releases 4.1(7) through
4.1(10).
4.1(10).
•
•
New Features in Release 4.1(6)
lists the new feature for FWSM Release 4.1(6).
Table 1
New Feature for FWSM Release 4.1(6)
Feature
Description
Increased SNMP packet
size
size
Increased maximum SNMP response size to 1400, which makes it easier to poll multiple OIDs in
a single query. Past FWSM design restricted the packet size of SNMP responses to 484 bytes.
a single query. Past FWSM design restricted the packet size of SNMP responses to 484 bytes.