cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10649
Views
10
Helpful
61
Replies

ASK THE EXPERT - CISCO SECURITY MANAGEMENT JUMPSTART

ciscomoderator
Community Manager
Community Manager

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get more information on CSM, MARS, ASDM, IME, CCP, and IronPort SMA with Cisco experts Raghu Kasavaraju and Ziad Sarieddine. Raghu, Product Manager for Cisco Security Manager, has 15 years of extensive experience in IT and he has spent the last 10 years in Information Security Operations, Consulting & Engineering roles. Currently, Raghu is the PM Lead for Cisco Security Manager 4.0 release. Ziad (CCIE Security # 23379) is a security management technologist with expertise in security solutions covering Firewall, IPS, and VPN. Prior to joining Cisco in 2006, Ziad spent 10+ years as a Lead Analyst / Senior Network Engineer designing and installing large networks at different companies.

Remember to use the rating system to let Ziad know if you have received an adequate response.

Ziad might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through November 6, 2009. Visit this forum often to view responses to your questions and the questions of other community members.

61 Replies 61

j.miller_32
Level 1
Level 1

I have the "CSMPR50-3.2-K9" license for Cisco Security Manager. This is for one installation on one server. Do we required another license for a back-up or HA Server?

cscStage J Millers personalized signature

Since the backup server or the server that will be used in an HA scenario will be considered as a standby server there is no requirement for another license. So you only need license for the primary Active server.

Regards,

Ziad

Eduardo Aliaga
Level 4
Level 4

Hi. I've using MARS for almost a year now and I find it's a very interesting tool with so many features that I'm still discovering them.

But, on the other side, it takes forever to configure MARS using the web portal to configure even simple tasks. Now I'm parsing non-native devices, and it takes really a long time to create the first position of a pattern, wait for the page to refresh, then create the second position, wait to refresh , and so on... and this only for parsing one log !!! Also I wish to copy the patterns in order to reuse them in other logs (cause now we have to parse every log from scratch)

In future versions, do you plan to change the MARS web management portal into an ASDM-like tool?? ASDM is by far the best management tool that Cisco has.

Another drawback is the "pink" screen of death. I've seen like four times the "pink screen" saying to contact Cisco TAC, and I wasn't configuring anything, only looking the configuration !!! Most of the times the problem seems to go away, but still I have doubts about the stability of the solution.

Hi Eduardo,

We are always striving to improve our user interface. Please feel free to contact me with specific changes to the UI.

Regarding the pink screen, please report the problem to TAC. They should be able to resolve the matter.

Warmest regards,

Anil

Hi, Anil

I sold some CSMARS in the past 1-2 years and deployed 5 of them in production(GC+LC). Every single one of my customers hope Cisco MARS/CSM BU can make the GUI of MARS and CSM the SAME LOOK AND FEEL as the ASDM/IME. This will absolutely increase a lot more sales on both of the security mgmt products. And customer love to use the SAME GUI(Local/Central) to manage/monitor the security components in a consistent manner.

Thanks.

Hello. About specific changes:

1) The interface should be like ASDM/IDM

2) In "Query Reports/Query" menu, it could be very useful if we could construct the query using SQL language.

3) In "Query Reports/Query" menu,

in order to build a query we have to open many different web pages (to select time, events, etc) and it takes a lot of time and effort. It would be easier if all options could be editable from within the same web page instead of opening a lot of pages.

4) In "Query Reports/Reports" menu, there should be a way to select multiple reports to delete them. Right now we can only delete reports one at a time.

5) In "Management menu" there should be a "Patterns management" submenu, so we could create "template" patterns and reuse them in different network devices.

6)To create a new "event type group" we have to create previously an "event type" for that "event type group". But to create/edit an "event type" we have to create previously an "event type group". So the result is that we have to create new "event type groups" and assign them bogus events. Only then we can create/edit actual "event types" and assign them the recently created "event type groups".

7) The ability to "mass" create "event type groups"

And I have many more. I'd be happy if you're interested in hearing more ideas for Cisco MARS

gspadden
Level 1
Level 1

Does CSM 3.3 support the ACL optimization feature found in FWSM 4.0 so that only the delta change is pushed to the FWSM. I ask because when CSM currently checks with the running config and it would be different from what CSM pushed to the FWSM. This could be supported in CSM if CSM does the same algorithm as the FWSM before the push and check with the FWSM.

When you turn on optimization on the FWSM, the FWSM will then be able to display the ACL in two ways.

1- Sh access-list (Original ACL)

2- show access-list [] optimization (Optimized ACL)

CSM uses the original ACL on the FWSM and not the optimized one when computing the diff to be deployed. So turning on ACL optimization on the FWSM should not be an issue for CSM and hence it is supported today. In other words there is no need to run similar optimization algorithm on the CSM side.

Running optimization algorithm in CSM and displaying the optimized table in CSM is not supported today. Is this what you had in mind please let me know??

That answers my question, thanks.

thaar.altaiey
Level 1
Level 1

Dear all

Does ASA 5520 support bandwidth management and proxy server (not only for voice, but i mean complete proxy server) like cyberoam and blue Coat. I want to manage the using of the internet connection per user, limit their bandwidth and their download like the services in blue coat and cyberoam. if these services are not found in ASA which CISCO Software (like LSM)can do these services. If these services can be applied by QoS, can you explain?

best regards

thaar al_taiey

Hi Thaar,

Help me understand your question better...are you asking if ASA can act as Proxy Server?...it yes, what kind of statistics it can provide from Per User Bandwidth management?..

Dear rkasavar,

thanks for your response.

Regarding Proxy server , Yes i want ASA to operate as Proxy server, can you give me a link to any document the describe this.

Regarding Per-user management, i want to manage my local users (2000 users), their bandwidth (ex. i want to give some of them a 10KB BW) and their download (ex. limit the download for each user to 100 MB)also i want to monitor my users internet using (ex. i want to know their chating details).

In summary i want the functions of Websense , Cybroam and Blue Coat to be implemented from ASA 5520 , please give me a link to any document the describe these in ASA or any other CISCO products.

Also I have another Q. Can i implement ASA 5520 functions in addtion to above services in the Core Switch (6509 and 4510R-E).

best regards

thaar

Thaar,

The ASA is not a web proxy or a web security appliance. Please look into our other product offerings such as the Cisco IronPort Security Appliance which is positioned to handle offerings similar to those of Websense and Bluecoat.

http://www.ironport.com/products/web_security_appliances.html

Regards,

Ziad

dzingirai_jr
Level 1
Level 1

Is it possible to configure ISG on a PDSN?

Thanks for your help.

Can i configure this on ASA 5520? can i configure the bandwidth (ex: 20KB)and the download (example 100MB)for specific local user in my network?

However, this service is only for CLI and not for web interface?

best regards

thaar al_taiey

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: