ASA5520 support in MARS and Security Manager

Answered Question
May 22nd, 2008

Hi,

i propose a solution for customer with ASA5520 and Cat450x-E. Do MARS & CSM fully support those devices? When we want to use NetFlow info from Cat4500 to MARS, do we need a NetFlow card or is the service implemented by default in Cat4500. Is MARS & CSM suitable solution for main configuring, incident monitoring and evaluation of ASA5520 & Cat4500?

I have this problem too.
0 votes

do we need a NetFlow card or is the service implemented by default in Cat4500. Is MARS & CSM suitable solution for main configuring, incident monitoring and evaluation of ASA5520 & Cat4500?

----------------------------

Yes, you need WS-F4531= card (Netflow is not available in Cat IOS as a service/command), which works with Cat 4500 Sup IV/V.

MARS is a monitoring device, and CSM is a management device. You can get critical NBA (Network Behaviour Analysis) alerts from MARS, and from CSM you can get configuration backups/audit/bulk administration (of security devices only).

Hope that helps.

Correct Answer by htarra about 8 years 8 months ago

CSM doesn't act as a Security Monitoring device!!! The CSM doesn't have this functionality, instead of it CS-MARS has.

Netflow events get mapped to the "Built/teardown/permitted IP connection" event type, which in turn is part of the "Info/AllSession" event type group. Look for the event type and the event type group in inspection rules to find out where they apply.

http://www.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_2/uglc/cfgcsm.htm#wp1253618

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
htarra Wed, 05/28/2008 - 08:11

CSM doesn't act as a Security Monitoring device!!! The CSM doesn't have this functionality, instead of it CS-MARS has.

Netflow events get mapped to the "Built/teardown/permitted IP connection" event type, which in turn is part of the "Info/AllSession" event type group. Look for the event type and the event type group in inspection rules to find out where they apply.

http://www.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_2/uglc/cfgcsm.htm#wp1253618

Correct Answer

do we need a NetFlow card or is the service implemented by default in Cat4500. Is MARS & CSM suitable solution for main configuring, incident monitoring and evaluation of ASA5520 & Cat4500?

----------------------------

Yes, you need WS-F4531= card (Netflow is not available in Cat IOS as a service/command), which works with Cat 4500 Sup IV/V.

MARS is a monitoring device, and CSM is a management device. You can get critical NBA (Network Behaviour Analysis) alerts from MARS, and from CSM you can get configuration backups/audit/bulk administration (of security devices only).

Hope that helps.

Actions

This Discussion