Disabling The Test Configuration; Reloading The Firewall Services Module; Reloading The Fwsm From The Fwsm Cli - Cisco Catalyst 6500 Series Configuration Manual

Troubleshooting the Firewall Services Module

Disabling the Test Configuration

After you complete your testing, disable the test configuration that allows ICMP to and through the
FWSM and that prints debug messages. If you leave this configuration in place, it can pose a serious
security risk. Debug messages also slow the FWSM performance.
To disable the test configuration, follow these steps:
To disable ICMP debug messages, enter the following command:
Step 1
FWSM/contexta(config)# no debug icmp trace
To disable logging, if desired, enter the following command:
Step 2
FWSM/contexta(config)# no logging on
To disable ICMP to the FWSM for all interfaces, enter the following command:
Step 3
FWSM/contexta(config)# clear icmp
If you want to disable ICMP for a certain interface, use the no icmp permit interface_name command.
Step 4 To remove the ICMPTEST ACL, and also delete the related access-group commands, enter the
following command:
FWSM/contexta(config)# no access-list ICMPTEST
Step 5 (Optional) To disable the ICMP inspection engine, enter the following command:
FWSM/contexta(config)# no fixup protocol icmp

Reloading the Firewall Services Module

If you need to reload the FWSM, see the following sections:
•
•

Reloading the FWSM from the FWSM CLI

In multiple mode, you can only reload from the system execution space. To reload the FWSM from the
FWSM CLI, enter the following command:
FWSM# reload
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
17-8
Reloading the FWSM from the FWSM CLI, page 17-8
Reloading the FWSM from the Switch, page 17-9
Chapter 17 Monitoring and Troubleshooting the Firewall Services Module
OL-6392-01