Cisco Cisco Catalyst 6500 Series Firewall Services Module Release Notes

 lists the new features for ASDM Versions 6.2(1)F through 6.2(3)F. These features were 

introduced in Version 6.2(1)F. There are no new features for Version 6.2(2)F and 6.2(3)F. All features 
apply to FWSM Version 4.1(1), as well.

Separate hostnames for 
primary and secondary 
blades

This feature lets you configure a separate hostname on the primary and secondary FWSMs. If the 
secondary hostname is not configured, the primary and secondary hostnames are the same.

We modified the following screen: Configuration > Device Setup > Device Name/Password.

Creation of UDP 
sessions with unresolved 
ARP in the accelerated 
path

If you configure the FWSM to create the session in the accelerated path even though the ARP 
lookup fails, then it will drop all further packets to the destination IP address until the ARP lookup 
succeeds. Without this feature, each subsequent UDP packet goes through the session management 
path before being dropped by the accelerated path, causing potential overload of the session 
management path.

We modified the following screen: Configuration > Firewall > Advanced > TCP Options.

DCERPC Enhancement: 
Remote Create Instance 
message support

In this release, DCERPC Inspection was enhanced to support inspection of RemoteCreateInstance 
RPC messages.

No screens were modified.

Reset Connection 
marked for Deletion

You can now disable the sending of a reset (RST) packet for a connection marked for deletion. 
Starting in this release, reset packets are not sent by default. You can restore the previous behavior, 
so that when the FWSM receives a SYN packet on the same 5-tuple (source IP and port, destination 
IP and port, protocol) which was marked for deletion, it will send a reset packet.

We modified the following screen: Configuration > Firewall > Advanced > TCP Options.

PPTP-GRE Timeout

You can now set the timeout for GRE connections that are built as a result of PPTP inspection.

We modified the following screen: Configuration > Firewall > Advanced > Global Timeouts.

IPv6 support in ASDM

ASDM now supports configuration of IPv6.

Turning on/off names in 
Syslog messages

This feature enables users to choose whether or not to apply name translation while generating 
syslogs to the console, syslog server, and FTP syslog server.

We modified the following screen: Configuration > Logging > Logging Setup.

Shared Management 
Interface in Transparent 
Mode

You can now add a management VLAN that is not part of any bridge group. This VLAN is 
especially useful in multiple context mode where you can share a single management VLAN across 
multiple contexts.

We modified the following screen: Configuration > Interfaces > Add/Edit Interface.

Teardown Syslog 
Enhancement

New syslogs were added for when a connection is torn down.

We introduced the following syslog messages: 302030 through 33.

SNMP Buffer 
enhancement

With this enhancement, SNMP requests will be handled more efficiently, so that the allocated 
blocks for SNMP are freed up quickly, thus leaving enough blocks for other processes.

No screens were modified.