30,000 per second for messages sent to the FWSM terminal or buffer
25,000 per second for messages sent to a syslog server
30,000 per second divided between all contexts for messages sent to the FWSM terminal or buffer
25,000 per second divided between all contexts for messages sent to a syslog server
TCP3 or UDP4 connections5 between any two hosts, including connections between one host and multiple other hosts, concurrent and rate6
100,000 per second
999,900 divided between all contexts
100,000 per second divided between all contexts
Telnet management connections, concurrent
5 per context
Maximum of 100 connections divided between all contexts.
1PDM sessions use two HTTPS connections: one for monitoring that is always present, and one for making configuration changes that is present only when you make changes. For example, the system limit of 32 PDM sessions represents a limit of 64 HTTPS connections.
5The FWSM might take up to 500 ms to remove a connection that is marked for deletion. Because any traffic on the connection is dropped during this period, you cannot initiate a new connection to the same destination using the same source and destination ports until the connection is deleted. Although most TCP applications do not resuse the same ports in back-to-back connections, RSH might reuse the same ports. If you use RSH or any other application that resuses the same ports in back-to-back connections, the FWSM might drop packets.
6Because Port Address Translation (PAT) requires a separate translation for each connection, the effective limit of connections using PAT is the translation limit (256,000), not the higher connection limit. To use the connection limit, you need to use NAT, which allows multiple connections using the same translation session.
Fixed System Resources
Table A-4 lists the fixed system resources of the FWSM.
3This limit includes the following inspection engines that are enabled by default, making the total number of configurable inspection engines 27: TFTP, Sun RPC over UDP, NetBIOS NameServer, XDMCP, and CUSeeMe. The OraServ and RealAudio inspection engines, which are also enabled by default, do not affect this limit.
4In FWSM Version 1.1, the number of TFTP sessions was limited to 1024 sessions.
The FWSM supports approximately 80K rules for the entire system in single mode, and 142K rules for multiple mode.
In multiple context mode, each context supports at most 12,130 rules, but the actual number of rules supported in a context might be less, depending on how many contexts you have. A context belongs to one of 12 pools that offers a maximum of 12,130 rules. The FWSM assigns contexts to the pools in the order they are loaded at startup. For example, if you have 12 contexts, each context is assigned to its own pool, and can use 12,130 rules. If you add one more context, then context number 1 and the new context number 13 are both assigned to pool 1, and can use 12,130 rules divided between them; the other 11 contexts continue to use 12,130 rules each. If you delete contexts, the pool membership does not shift, so you might have some unequal distribution until you reboot, at which time the contexts are evenly distributed.
Note Rules are used up on a first come, first served basis, so one context might use more rules than another context.
Table A-5 lists the maximum number of each rule type.