The firewall E1000 register it is failed when we add the policy ,the frondose mistake information :
HRP_M[JNFW04BHW-acl-firewall-5000]rule 36 per udp source
address-set hwgnnew destination 22.214.171.124 0.0.0.255 destination-port port-set
any The number of SMT leafs in NP have reached maximum!
The firewall is basea on the NP truss ,because of the particularity of hardware ,when the ACL of 5000 series must appoint destination port ,it won’t support the way of Range .But the ACL of 2000 series firwall and 3000 series can no use to appoint destination port and can use the way of Range to dispensing in NP .
Because the new policy is no need to appoint destination port ,wo can add this policy in the ACL of 3000 series and don’t need to appoint destination port .At this way ,it will satisfy the need of operation .configuration as follows :
[JNFW04BHW-acl-adv-3000]rule 91 permit udp source address-set hwgnnew
destination address-set tdshqdbd
According to the configuration ,it will satisfy the need of the live network adding the equipmen of core network interworking
Based on the realization principle of the ACL of firewall ,the ACL of firewall 5000 series must develop destination port ,this is decided by the firewall based on NP truss.The new rule no need to appoint destination port ,so when we configure the address aggregation ,the configuration rule sa follows :
ip port-set any protocol udp
port 0 range 0 65535
When the address aggregation use on the ACL of 5000 series ,it will create 65535 items aggregation of destination port as a result of that firewall 5000 series don’t support the way of Range.
The ACL of firewall 5000 series can support 50000 rules and the port aggregation will create 65535 rules .If it is over the 50000 upper limit,it will fail to dispensing