cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
419
Views
0
Helpful
2
Replies

FWSM config in CS-MARS

randytoni
Level 1
Level 1

I'm configuring a couple of FWSM's (2.2 and 2.3) as devices in MARS. When I add the FWSM as a device, what do I enter as the device name and reporting / access IPs? Should the device name and / or IP info be the same as the FWSM's admin context? or should I be worried about using the name of the system context, etc.?

I gather once this is done (FWSM is defined as a device), the only "contexts" I need to define are the security contexts (i.e. I don't need to explicilty define an admin context within the list of defined contexts for the FWSM...?)

am I making sense? the docs are just too ambiguous

thanks

-randy

2 Replies 2

astroman
Level 1
Level 1

It would depend on what you want to see in MARS, and want you want MARS to do.

Sending syslog messages from the contexts is easy enough...set logging parameters in each context, and 1-2-3 go.

Regarding your questions...how are the contexts configured, regarding IP addresses? Are there transit VLAN's? Where does MARS reside?

randytoni
Level 1
Level 1

where I'm getting confused is at the onset of the fwsm config. sorry if I'm being a bit vague - the fw admins sent me the basic config info to plug into MARS so I can't speak to the entire fwsm or any particular context config. The MARS box can currently grab syslogs from anywhere and everywhere.

example -

system context hostname "fwsm1"

admin context "fwsmadmin", hostname adminhost"

security context "fwsmsec1" hostname "sechost"

Note that each context has a hostname associated with it which does not match the respective context name - not sure what the original logic was there - or if I even need to be concerned about the hostname parameter.

anyway, I want the admin context and the security context to report (syslog) to MARS.

I understand I need to add the cat-os switch as a device in MARS, then add the fwsm as a module under the cat-os switch device config - so do I then have to:

1) use the fwsm system context info (i.e. "fwsm1", etc.) to define the module, and then add both the admin context and the security context under the fwsm module definition, or

2) use the fwsm admin context info (i.e. "fwsmadmin") to define the fwsm module in MARS, and then add just define the security context as "context" under that fwsm module definition?

you may have gathered that I'm not a firewall guru by any stretch - just want the fwsm and all related contexts to be set up in logical meaningful (sane) way on the MARS config.

thanks

-randy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: