Experts: I need your help. We have Cisco Security Manager (CSM) installed in our production and added all production Firewalls. I haven't so much experienced to work on CSM and unaware about the functionality of CSM. As I know, we can manage all Firewalls from the central location and backup and restoration is also possible. But still few doubt at my end which I would like to clarify:
â¢ Can we configure syslog Server in CSM?
â¢ Can we review the logs of when and what time changes were reflected on Firewall and who has done.
â¢ Can we do the monitoring of Interfaces Traffic?
â¢ Can we set the scheduling to take the backup of Firewalls and located into Server automatically?
Yes. You can setup logging server and the logging level (Ex: informational, alerts). You can setup logging destination to Server, Console , ASDM as supported by device. You can share a logging policy and assign to a number of devices or all.
Can we review the logs of when and what time changes were reflected on Firewall and who has done.
CSM does not manage or have access to the logs on the device. However CSM will keep a log of all the changes done to a policy in CSM. CSM will also keep a transcript, a deployment delta and a full config of what got pushed to a device.
Can we do the monitoring of Interfaces Traffic?
NO. This can be done using Performance Monitor product and is not native to CSM. You can however cross launch any Device Manager from CSM to check the interface status, CPU, or other info etc.
Can we set the scheduling to take the backup of Firewalls and located into Server automatically?
CSM will have an archive of the device configs. Every time CSM deploys to a device it will copy the "sh run" and store on the CSM server. The default number of configs is 10 but can be increased to 100. This however will only happen at the time of deployment. Scheduled backup of configs can not be done in CSM. I believe this can be done using RME.
Thanks for the excellent answer and I give it a +5 from NYC.
As a follow up could you elaborate on the tie-in between MARS and CSM. What does this provide in terms of functionality? I was asked about CSM today and was at a loss for words as I haven't had much experience with it. Just curuous in terms of your experience what you would say about the product and how it would enhance a MARS deployment.
There are cross links between CSM and MARS that allow for connectivity between them flowing from Events to Policy (E>P) and from Policy to Events (P>E).
E>P allows MARS to pull information about the firewall rules table from CSM when looking at events from firewalls. It pinpoints which rule in the table fired the event. From this you can click the rule # and pull up the CSM console at the point where you can then edit the firewall rule table to adjust it if necessary.
It also pulls IPS information from CSM and allows for launching CSM for adjustment of the IPS signatures to help tune for false positives at the source. You can do an Event Action Filter, adjust the signature event count, and more.
Once either policy has been modified it can be pushed to a single device or a group of devices.
P>E allows you to run queries from CSM to MARS. Pull up a firewall policy then run a query off of one of the rules to see how many times it was hit on MARS. The query can be real-time or historical and will even be pre-popluated for everything except for time-range when doing historical queries. There are options to match flow or to match a specific rule.
It greatly helps with operational management of IPS and firewalls as an overall solution.
Contact your Channels team or your area Field Trainer for slides covering the interaction between the two products and how to configure it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...