09-20-2010 07:09 AM - edited 03-10-2019 05:08 AM
Hi,
I have installed IME in a server to manage network module IPS of 6500 , and I would like to install in the same server the CSM to manage the FWSM of the same catalyst 6500. I have several questions:
- Can I have installed and running in the sane server IME and CSM?
- Does CSM contain the same functionality of IME and more?, I mean, it is enough with CSM to manage FWSM and IDS-2 network modules of 6500?
- Does CSM provide a better view of FWSM logs than other applications?. Which is the better tool to view the logs of FWSM, I mean is there a tool like checkpoint log view for FWSM?
- My customer has 2 catalyst 6500 and 1 FWSM installed in each 6500, both FWSM running in redundancy active/pasive mode, do I consume 1 or 2 licences of CSM?
Thanks
Regards,
Juan Luis.
Solved! Go to Solution.
09-20-2010 11:37 AM
Hi Juan,
- Can I have installed and running in the sane server IME and CSM?
Yes.
- Does CSM contain the same functionality of IME and more?, I mean, it is enough with CSM to manage FWSM and IDS-2 network modules of 6500?
IME provides different functions like archiving and managing images and upgrading them automatically, and taking automatic backups etc.
- Does CSM provide a better view of FWSM logs than other applications?. Which is the better tool to view the logs of FWSM, I mean is there a tool like checkpoint log view for FWSM?
CSM 4.0 has a tool where you can view, filter, grep etc syslogs from all the firewalls and IDSes.
- My customer has 2 catalyst 6500 and 1 FWSM installed in each 6500, both FWSM running in redundancy active/pasive mode, do I consume 1 or 2 licences of CSM?
CSM will be managing and viewing only the active unit. The standby will just be copying from the active. So 1 license for CSM.
I hope it answers your questions.
PK
09-20-2010 02:19 PM
Juan;
Let me provide some clarification:
- IME may be installed on the same workstation as the CSM client. IME cannot be installed on the same system as the CSM server component.
- CSM provides much more functionality than IME:
- With the latest release of CSM (4.0), as Panos indicated you can monitor device events (Cisco firewalls and Cisco IPS sensors) as well as maintain configuration policies for both device types.
Scott
09-20-2010 07:33 PM
I'd like to add:
>- With the latest release of CSM (4.0) ...
You will need a hulking behemoth of a server, if the deployment guide is to be believed. Ok, that might be a little over-dramatic, but the system requirements on 4.0 are outrageous, even the smallest deployment. Well worth taking a look before buying anything.
Honestly given the architecture described, I think the management products he's looking for are IME and ASDM. If you're only managing ONE set of failover FWSMs, ASDM will be more than sufficient.
The release notes indicate that you can't install IME and CSM on the same machine, but doesn't indicate whether they mean the CSM client or server. I guess they meant the server, as I have both running on the same box.
Plus, the biggest advantage of (ASDM + IME) over CSM is that both are free, while CSM is not.
09-21-2010 06:58 AM
Juan;
You can review the operational aspects of the CSM 4.0 event viewer here:
Scott
09-21-2010 07:32 AM
Juan;
No, CS-MARS is a completely separate product that is sold separately. You can find out more here:
It is an appliance-based solution.
Scott
09-20-2010 11:37 AM
Hi Juan,
- Can I have installed and running in the sane server IME and CSM?
Yes.
- Does CSM contain the same functionality of IME and more?, I mean, it is enough with CSM to manage FWSM and IDS-2 network modules of 6500?
IME provides different functions like archiving and managing images and upgrading them automatically, and taking automatic backups etc.
- Does CSM provide a better view of FWSM logs than other applications?. Which is the better tool to view the logs of FWSM, I mean is there a tool like checkpoint log view for FWSM?
CSM 4.0 has a tool where you can view, filter, grep etc syslogs from all the firewalls and IDSes.
- My customer has 2 catalyst 6500 and 1 FWSM installed in each 6500, both FWSM running in redundancy active/pasive mode, do I consume 1 or 2 licences of CSM?
CSM will be managing and viewing only the active unit. The standby will just be copying from the active. So 1 license for CSM.
I hope it answers your questions.
PK
09-20-2010 02:19 PM
Juan;
Let me provide some clarification:
- IME may be installed on the same workstation as the CSM client. IME cannot be installed on the same system as the CSM server component.
- CSM provides much more functionality than IME:
- With the latest release of CSM (4.0), as Panos indicated you can monitor device events (Cisco firewalls and Cisco IPS sensors) as well as maintain configuration policies for both device types.
Scott
09-20-2010 07:33 PM
I'd like to add:
>- With the latest release of CSM (4.0) ...
You will need a hulking behemoth of a server, if the deployment guide is to be believed. Ok, that might be a little over-dramatic, but the system requirements on 4.0 are outrageous, even the smallest deployment. Well worth taking a look before buying anything.
Honestly given the architecture described, I think the management products he's looking for are IME and ASDM. If you're only managing ONE set of failover FWSMs, ASDM will be more than sufficient.
The release notes indicate that you can't install IME and CSM on the same machine, but doesn't indicate whether they mean the CSM client or server. I guess they meant the server, as I have both running on the same box.
Plus, the biggest advantage of (ASDM + IME) over CSM is that both are free, while CSM is not.
09-21-2010 06:54 AM
OK
Thanks to all
The problem is may customer doesn´t like view logs with ASDM, he ussually use checkpoint logs view. I will use IME to manage 6500 IPS's modules and CSM to manager 6500 FWSM. I will try to install in the same box.
In addition the tool to view log in the CSM 4.0, does anybody know any tool to view log of FWSM more efficient?
Regards,
Juan Luis.
09-21-2010 06:58 AM
Juan;
You can review the operational aspects of the CSM 4.0 event viewer here:
Scott
09-21-2010 07:29 AM
Thanks again
CS-MARS is included in CSM 4.x?
Juan Luis.
09-21-2010 07:32 AM
Juan;
No, CS-MARS is a completely separate product that is sold separately. You can find out more here:
It is an appliance-based solution.
Scott
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide