17-8
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 17 Monitoring and Troubleshooting the Firewall Services Module
Troubleshooting the Firewall Services Module
Disabling the Test Configuration
After you complete your testing, disable the test configuration that allows ICMP to and through the
FWSM and that prints debug messages. If you leave this configuration in place, it can pose a serious
security risk. Debug messages also slow the FWSM performance.
To disable the test configuration, follow these steps:
Step 1 To disable ICMP debug messages, enter the following command:
FWSM/contexta(config)# no debug icmp trace
Step 2 To disable logging, if desired, enter the following command:
FWSM/contexta(config)# no logging on
Step 3 To disable ICMP to the FWSM for all interfaces, enter the following command:
FWSM/contexta(config)# clear icmp
If you want to disable ICMP for a certain interface, use the no icmp permit interface_name command.
Step 4 To remove the ICMPTEST ACL, and also delete the related access-group commands, enter the
following command:
FWSM/contexta(config)# no access-list ICMPTEST
Step 5 (Optional) To disable the ICMP inspection engine, enter the following command:
FWSM/contexta(config)# no fixup protocol icmp
Reloading the Firewall Services Module
If you need to reload the FWSM, see the following sections:
• Reloading the FWSM from the FWSM CLI, page 17-8
• Reloading the FWSM from the Switch, page 17-9
Reloading the FWSM from the FWSM CLI
In multiple mode, you can only reload from the system execution space. To reload the FWSM from the
FWSM CLI, enter the following command:
FWSM# reload
To Next Page
Loading...
Need help?
General