Cisco Cisco Catalyst 6500 Series Firewall Services Module Release Notes
3
Release Notes for the Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module, Software Release 4.1(x)
New Features
New Features in Release 4.1(1)
lists the new features for ASDM Versions 6.2(1)F through 6.2(3)F. These features were
introduced in Version 6.2(1)F. There are no new features for Version 6.2(2)F and 6.2(3)F. All features
apply to FWSM Version 4.1(1), as well.
apply to FWSM Version 4.1(1), as well.
Table 2
New Features for FWSM Version 4.1(1)
Feature
Description
Platform Features
Separate hostnames for
primary and secondary
blades
primary and secondary
blades
This feature lets you configure a separate hostname on the primary and secondary FWSMs. If the
secondary hostname is not configured, the primary and secondary hostnames are the same.
secondary hostname is not configured, the primary and secondary hostnames are the same.
We modified the following screen: Configuration > Device Setup > Device Name/Password.
Firewall Features
Creation of UDP
sessions with unresolved
ARP in the accelerated
path
sessions with unresolved
ARP in the accelerated
path
If you configure the FWSM to create the session in the accelerated path even though the ARP
lookup fails, then it will drop all further packets to the destination IP address until the ARP lookup
succeeds. Without this feature, each subsequent UDP packet goes through the session management
path before being dropped by the accelerated path, causing potential overload of the session
management path.
lookup fails, then it will drop all further packets to the destination IP address until the ARP lookup
succeeds. Without this feature, each subsequent UDP packet goes through the session management
path before being dropped by the accelerated path, causing potential overload of the session
management path.
We modified the following screen: Configuration > Firewall > Advanced > TCP Options.
DCERPC Enhancement:
Remote Create Instance
message support
Remote Create Instance
message support
In this release, DCERPC Inspection was enhanced to support inspection of RemoteCreateInstance
RPC messages.
RPC messages.
No screens were modified.
Reset Connection
marked for Deletion
marked for Deletion
You can now disable the sending of a reset (RST) packet for a connection marked for deletion.
Starting in this release, reset packets are not sent by default. You can restore the previous behavior,
so that when the FWSM receives a SYN packet on the same 5-tuple (source IP and port, destination
IP and port, protocol) which was marked for deletion, it will send a reset packet.
Starting in this release, reset packets are not sent by default. You can restore the previous behavior,
so that when the FWSM receives a SYN packet on the same 5-tuple (source IP and port, destination
IP and port, protocol) which was marked for deletion, it will send a reset packet.
We modified the following screen: Configuration > Firewall > Advanced > TCP Options.
PPTP-GRE Timeout
You can now set the timeout for GRE connections that are built as a result of PPTP inspection.
We modified the following screen: Configuration > Firewall > Advanced > Global Timeouts.
IPv6 support in ASDM
ASDM now supports configuration of IPv6.
Management Features
Turning on/off names in
Syslog messages
Syslog messages
This feature enables users to choose whether or not to apply name translation while generating
syslogs to the console, syslog server, and FTP syslog server.
syslogs to the console, syslog server, and FTP syslog server.
We modified the following screen: Configuration > Logging > Logging Setup.
Shared Management
Interface in Transparent
Mode
Interface in Transparent
Mode
You can now add a management VLAN that is not part of any bridge group. This VLAN is
especially useful in multiple context mode where you can share a single management VLAN across
multiple contexts.
especially useful in multiple context mode where you can share a single management VLAN across
multiple contexts.
We modified the following screen: Configuration > Interfaces > Add/Edit Interface.
Teardown Syslog
Enhancement
Enhancement
New syslogs were added for when a connection is torn down.
We introduced the following syslog messages: 302030 through 33.
SNMP Buffer
enhancement
enhancement
With this enhancement, SNMP requests will be handled more efficiently, so that the allocated
blocks for SNMP are freed up quickly, thus leaving enough blocks for other processes.
blocks for SNMP are freed up quickly, thus leaving enough blocks for other processes.
No screens were modified.