FWSM config in CS-MARS

Unanswered Question
Mar 22nd, 2007

I'm configuring a couple of FWSM's (2.2 and 2.3) as devices in MARS. When I add the FWSM as a device, what do I enter as the device name and reporting / access IPs? Should the device name and / or IP info be the same as the FWSM's admin context? or should I be worried about using the name of the system context, etc.?

I gather once this is done (FWSM is defined as a device), the only "contexts" I need to define are the security contexts (i.e. I don't need to explicilty define an admin context within the list of defined contexts for the FWSM...?)

am I making sense? the docs are just too ambiguous

thanks

-randy

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
astroman Fri, 03/23/2007 - 12:38

It would depend on what you want to see in MARS, and want you want MARS to do.

Sending syslog messages from the contexts is easy enough...set logging parameters in each context, and 1-2-3 go.

Regarding your questions...how are the contexts configured, regarding IP addresses? Are there transit VLAN's? Where does MARS reside?

randytoni Fri, 03/23/2007 - 13:44

where I'm getting confused is at the onset of the fwsm config. sorry if I'm being a bit vague - the fw admins sent me the basic config info to plug into MARS so I can't speak to the entire fwsm or any particular context config. The MARS box can currently grab syslogs from anywhere and everywhere.

example -

system context hostname "fwsm1"

admin context "fwsmadmin", hostname adminhost"

security context "fwsmsec1" hostname "sechost"

Note that each context has a hostname associated with it which does not match the respective context name - not sure what the original logic was there - or if I even need to be concerned about the hostname parameter.

anyway, I want the admin context and the security context to report (syslog) to MARS.

I understand I need to add the cat-os switch as a device in MARS, then add the fwsm as a module under the cat-os switch device config - so do I then have to:

1) use the fwsm system context info (i.e. "fwsm1", etc.) to define the module, and then add both the admin context and the security context under the fwsm module definition, or

2) use the fwsm admin context info (i.e. "fwsmadmin") to define the fwsm module in MARS, and then add just define the security context as "context" under that fwsm module definition?

you may have gathered that I'm not a firewall guru by any stretch - just want the fwsm and all related contexts to be set up in logical meaningful (sane) way on the MARS config.

thanks

-randy

Actions

This Discussion