Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSPM 3.0 and PIX 515 problem

I'm trying to use CSPM 3.0 for managing a PIX 515 with three interfaces and 4 VPNs terminated on it. I have already configured the PIX with CLI and works fine, but I just acquired CSPM3.0 and want to use it for management. The problem is that after I succesfuly created my exact network topology and configured all policy rules, the command generation feature does not reflect the actual policy rules, even if I saved and updated the database. When I preview the commands generated (before publishing them on the PIX), I notice that these commands do not cover all policy rules that I configured. For example, I have a rule permiting all IP traffic from inside to outside, but the command generation shows an access list which denies ALL outbound traffic. This is just one example....there are many more.

any help please?

Thank you in advance.


  • Other Security Subjects
New Member

Re: CSPM 3.0 and PIX 515 problem


I have not used CPSM version 3 but I have done a lot of work with 2.3.

I found that that I had to spend a lot of time making sure that the network topology was correct in order for the correct rules to be generated. There were a few strange issues that I had with rules not being generated and most of the time I just had to play around with the topology until I had it right.

With your config do you get any errors/warnings when you do a save and update ? I found this fairly helpful.

While CSPM is a good product for managing multiple firewalls I find its adds too much management overhead to be valuable is a single firewall environment. Just my opinion

Regards Brett

This widget could not be displayed.