cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1146
Views
9
Helpful
7
Replies

question about IME and CSM

juanluis
Level 1
Level 1

Hi,

I have installed IME in a server to manage network module IPS of 6500 , and I would like to install in the same server the CSM to manage the FWSM of the same catalyst 6500. I have several questions:

- Can I have installed and running in the sane server IME and CSM?

- Does CSM contain the same functionality of IME and more?, I mean, it is enough with CSM to manage FWSM and IDS-2 network modules of 6500?

- Does CSM provide a better view of FWSM logs than other applications?. Which is the better tool to view the logs of FWSM, I mean is there a tool like checkpoint log view for FWSM?

- My customer has 2 catalyst 6500 and 1 FWSM installed in each 6500, both FWSM running in redundancy active/pasive mode, do I consume 1 or 2 licences of CSM?

Thanks

Regards,

Juan Luis. 

5 Accepted Solutions

Accepted Solutions

Panos Kampanakis
Cisco Employee
Cisco Employee

Hi Juan,

- Can I have installed and running in the sane server IME and CSM?

Yes.

- Does CSM contain the same functionality of IME and more?, I mean, it is enough with CSM to manage FWSM and IDS-2 network modules of 6500?

IME provides different functions like archiving and managing images and upgrading them automatically, and taking automatic backups etc.

- Does CSM provide a better view of FWSM logs than other applications?. Which is the better tool to view the logs of FWSM, I mean is there a tool like checkpoint log view for FWSM?

CSM 4.0 has a tool where you can view, filter, grep etc syslogs from all the firewalls and IDSes.

- My customer has 2 catalyst 6500 and 1 FWSM installed in each 6500, both FWSM running in redundancy active/pasive mode, do I consume 1 or 2 licences of CSM?

CSM will be managing and viewing only the active unit. The standby will just be copying from the active. So 1 license for CSM.

I hope it answers your questions.

PK

View solution in original post

Scott Fringer
Cisco Employee
Cisco Employee

Juan;

  Let me provide some clarification:

- IME may be installed on the same workstation as the CSM client.  IME cannot be installed on the same system as the CSM server component.

- CSM provides much more functionality than IME:

  • IME provides direct IPS configuration access and IPS event management; it does not perform configuration backups or image management and provides no connectivity to firewall devices.
  • IME cannot share configuration information between managed IPS sensors.
  • IME is limited to ten (10) IPS sensors.
  • If you use CSM to manage your IDSM-2 configuration policies, it would be best to not use IME for configuration changes as CSM will detect the Out-of-Band changes, and depending on CSM's settings, not deploy your policy changes.

- With the latest release of CSM (4.0), as Panos indicated you can monitor device events (Cisco firewalls and Cisco IPS sensors) as well as maintain configuration policies for both device types.

Scott

View solution in original post

I'd like to add:

>- With the latest release of CSM (4.0) ...

You will need a hulking behemoth of a server, if the deployment guide is to be believed.  Ok, that might be a little over-dramatic, but the system requirements on 4.0 are outrageous, even the smallest deployment.  Well worth taking a look before buying anything.

http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.0/deployment/guide/cmsdg40.html

Honestly given the architecture described, I think the management products he's looking for are IME and ASDM.  If you're only managing ONE set of failover FWSMs, ASDM will be more than sufficient.

The release notes indicate that you can't install IME and CSM on the same machine, but doesn't indicate whether they mean the CSM client or server.  I guess they meant the server, as I have both running on the same box.

Plus, the biggest advantage of (ASDM + IME) over CSM is that both are free, while CSM is not.

View solution in original post

Juan;

  No, CS-MARS is a completely separate product that is sold separately.  You can find out more here:

http://www.cisco.com/go/mars

  It is an appliance-based solution.

Scott

View solution in original post

7 Replies 7

Panos Kampanakis
Cisco Employee
Cisco Employee

Hi Juan,

- Can I have installed and running in the sane server IME and CSM?

Yes.

- Does CSM contain the same functionality of IME and more?, I mean, it is enough with CSM to manage FWSM and IDS-2 network modules of 6500?

IME provides different functions like archiving and managing images and upgrading them automatically, and taking automatic backups etc.

- Does CSM provide a better view of FWSM logs than other applications?. Which is the better tool to view the logs of FWSM, I mean is there a tool like checkpoint log view for FWSM?

CSM 4.0 has a tool where you can view, filter, grep etc syslogs from all the firewalls and IDSes.

- My customer has 2 catalyst 6500 and 1 FWSM installed in each 6500, both FWSM running in redundancy active/pasive mode, do I consume 1 or 2 licences of CSM?

CSM will be managing and viewing only the active unit. The standby will just be copying from the active. So 1 license for CSM.

I hope it answers your questions.

PK

Scott Fringer
Cisco Employee
Cisco Employee

Juan;

  Let me provide some clarification:

- IME may be installed on the same workstation as the CSM client.  IME cannot be installed on the same system as the CSM server component.

- CSM provides much more functionality than IME:

  • IME provides direct IPS configuration access and IPS event management; it does not perform configuration backups or image management and provides no connectivity to firewall devices.
  • IME cannot share configuration information between managed IPS sensors.
  • IME is limited to ten (10) IPS sensors.
  • If you use CSM to manage your IDSM-2 configuration policies, it would be best to not use IME for configuration changes as CSM will detect the Out-of-Band changes, and depending on CSM's settings, not deploy your policy changes.

- With the latest release of CSM (4.0), as Panos indicated you can monitor device events (Cisco firewalls and Cisco IPS sensors) as well as maintain configuration policies for both device types.

Scott

I'd like to add:

>- With the latest release of CSM (4.0) ...

You will need a hulking behemoth of a server, if the deployment guide is to be believed.  Ok, that might be a little over-dramatic, but the system requirements on 4.0 are outrageous, even the smallest deployment.  Well worth taking a look before buying anything.

http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.0/deployment/guide/cmsdg40.html

Honestly given the architecture described, I think the management products he's looking for are IME and ASDM.  If you're only managing ONE set of failover FWSMs, ASDM will be more than sufficient.

The release notes indicate that you can't install IME and CSM on the same machine, but doesn't indicate whether they mean the CSM client or server.  I guess they meant the server, as I have both running on the same box.

Plus, the biggest advantage of (ASDM + IME) over CSM is that both are free, while CSM is not.

OK

Thanks to all

The problem is may customer doesn´t like view logs with ASDM, he ussually use checkpoint logs view. I will use IME to manage 6500 IPS's modules and CSM to manager 6500 FWSM. I will try to install in the same box.

In addition the tool to view log in the CSM 4.0, does anybody know any tool to view log of FWSM more efficient?

Regards,

Juan Luis.

Juan;

  You can review the operational aspects of the CSM 4.0 event viewer here:

http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.0/user/guide/evntchap.html

Scott

Thanks again

CS-MARS is included in CSM 4.x?

Juan Luis.

Juan;

  No, CS-MARS is a completely separate product that is sold separately.  You can find out more here:

http://www.cisco.com/go/mars

  It is an appliance-based solution.

Scott

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: