Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

question about IME and CSM

Hi,

I have installed IME in a server to manage network module IPS of 6500 , and I would like to install in the same server the CSM to manage the FWSM of the same catalyst 6500. I have several questions:

- Can I have installed and running in the sane server IME and CSM?

- Does CSM contain the same functionality of IME and more?, I mean, it is enough with CSM to manage FWSM and IDS-2 network modules of 6500?

- Does CSM provide a better view of FWSM logs than other applications?. Which is the better tool to view the logs of FWSM, I mean is there a tool like checkpoint log view for FWSM?

- My customer has 2 catalyst 6500 and 1 FWSM installed in each 6500, both FWSM running in redundancy active/pasive mode, do I consume 1 or 2 licences of CSM?

Thanks

Regards,

Juan Luis. 

5 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: question about IME and CSM

Hi Juan,

- Can I have installed and running in the sane server IME and CSM?

Yes.

- Does CSM contain the same functionality of IME and more?, I mean, it is enough with CSM to manage FWSM and IDS-2 network modules of 6500?

IME provides different functions like archiving and managing images and upgrading them automatically, and taking automatic backups etc.

- Does CSM provide a better view of FWSM logs than other applications?. Which is the better tool to view the logs of FWSM, I mean is there a tool like checkpoint log view for FWSM?

CSM 4.0 has a tool where you can view, filter, grep etc syslogs from all the firewalls and IDSes.

- My customer has 2 catalyst 6500 and 1 FWSM installed in each 6500, both FWSM running in redundancy active/pasive mode, do I consume 1 or 2 licences of CSM?

CSM will be managing and viewing only the active unit. The standby will just be copying from the active. So 1 license for CSM.

I hope it answers your questions.

PK

Cisco Employee

Re: question about IME and CSM

Juan;

  Let me provide some clarification:

- IME may be installed on the same workstation as the CSM client.  IME cannot be installed on the same system as the CSM server component.

- CSM provides much more functionality than IME:

  • IME provides direct IPS configuration access and IPS event management; it does not perform configuration backups or image management and provides no connectivity to firewall devices.
  • IME cannot share configuration information between managed IPS sensors.
  • IME is limited to ten (10) IPS sensors.
  • If you use CSM to manage your IDSM-2 configuration policies, it would be best to not use IME for configuration changes as CSM will detect the Out-of-Band changes, and depending on CSM's settings, not deploy your policy changes.

- With the latest release of CSM (4.0), as Panos indicated you can monitor device events (Cisco firewalls and Cisco IPS sensors) as well as maintain configuration policies for both device types.

Scott

Community Member

Re: question about IME and CSM

I'd like to add:

>- With the latest release of CSM (4.0) ...

You will need a hulking behemoth of a server, if the deployment guide is to be believed.  Ok, that might be a little over-dramatic, but the system requirements on 4.0 are outrageous, even the smallest deployment.  Well worth taking a look before buying anything.

http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.0/deployment/guide/cmsdg40.html

Honestly given the architecture described, I think the management products he's looking for are IME and ASDM.  If you're only managing ONE set of failover FWSMs, ASDM will be more than sufficient.

The release notes indicate that you can't install IME and CSM on the same machine, but doesn't indicate whether they mean the CSM client or server.  I guess they meant the server, as I have both running on the same box.

Plus, the biggest advantage of (ASDM + IME) over CSM is that both are free, while CSM is not.

Cisco Employee

Re: question about IME and CSM

Juan;

  You can review the operational aspects of the CSM 4.0 event viewer here:

http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.0/user/guide/evntchap.html

Scott

Cisco Employee

Re: question about IME and CSM

Juan;

  No, CS-MARS is a completely separate product that is sold separately.  You can find out more here:

http://www.cisco.com/go/mars

  It is an appliance-based solution.

Scott

7 REPLIES
Cisco Employee

Re: question about IME and CSM

Hi Juan,

- Can I have installed and running in the sane server IME and CSM?

Yes.

- Does CSM contain the same functionality of IME and more?, I mean, it is enough with CSM to manage FWSM and IDS-2 network modules of 6500?

IME provides different functions like archiving and managing images and upgrading them automatically, and taking automatic backups etc.

- Does CSM provide a better view of FWSM logs than other applications?. Which is the better tool to view the logs of FWSM, I mean is there a tool like checkpoint log view for FWSM?

CSM 4.0 has a tool where you can view, filter, grep etc syslogs from all the firewalls and IDSes.

- My customer has 2 catalyst 6500 and 1 FWSM installed in each 6500, both FWSM running in redundancy active/pasive mode, do I consume 1 or 2 licences of CSM?

CSM will be managing and viewing only the active unit. The standby will just be copying from the active. So 1 license for CSM.

I hope it answers your questions.

PK

Cisco Employee

Re: question about IME and CSM

Juan;

  Let me provide some clarification:

- IME may be installed on the same workstation as the CSM client.  IME cannot be installed on the same system as the CSM server component.

- CSM provides much more functionality than IME:

  • IME provides direct IPS configuration access and IPS event management; it does not perform configuration backups or image management and provides no connectivity to firewall devices.
  • IME cannot share configuration information between managed IPS sensors.
  • IME is limited to ten (10) IPS sensors.
  • If you use CSM to manage your IDSM-2 configuration policies, it would be best to not use IME for configuration changes as CSM will detect the Out-of-Band changes, and depending on CSM's settings, not deploy your policy changes.

- With the latest release of CSM (4.0), as Panos indicated you can monitor device events (Cisco firewalls and Cisco IPS sensors) as well as maintain configuration policies for both device types.

Scott

Community Member

Re: question about IME and CSM

I'd like to add:

>- With the latest release of CSM (4.0) ...

You will need a hulking behemoth of a server, if the deployment guide is to be believed.  Ok, that might be a little over-dramatic, but the system requirements on 4.0 are outrageous, even the smallest deployment.  Well worth taking a look before buying anything.

http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.0/deployment/guide/cmsdg40.html

Honestly given the architecture described, I think the management products he's looking for are IME and ASDM.  If you're only managing ONE set of failover FWSMs, ASDM will be more than sufficient.

The release notes indicate that you can't install IME and CSM on the same machine, but doesn't indicate whether they mean the CSM client or server.  I guess they meant the server, as I have both running on the same box.

Plus, the biggest advantage of (ASDM + IME) over CSM is that both are free, while CSM is not.

Community Member

Re: question about IME and CSM

OK

Thanks to all

The problem is may customer doesn´t like view logs with ASDM, he ussually use checkpoint logs view. I will use IME to manage 6500 IPS's modules and CSM to manager 6500 FWSM. I will try to install in the same box.

In addition the tool to view log in the CSM 4.0, does anybody know any tool to view log of FWSM more efficient?

Regards,

Juan Luis.

Cisco Employee

Re: question about IME and CSM

Juan;

  You can review the operational aspects of the CSM 4.0 event viewer here:

http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.0/user/guide/evntchap.html

Scott

Community Member

Re: question about IME and CSM

Thanks again

CS-MARS is included in CSM 4.x?

Juan Luis.

Cisco Employee

Re: question about IME and CSM

Juan;

  No, CS-MARS is a completely separate product that is sold separately.  You can find out more here:

http://www.cisco.com/go/mars

  It is an appliance-based solution.

Scott

660
Views
9
Helpful
7
Replies
CreatePlease to create content