Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
57-3
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 57 Configuring Security Contexts on Firewall Devices
Checklist for Configuring Multiple Security Contexts
Step 2 Define an Admin context for administering the base security appliance.
This task is called out separately to ensure you define a context and IP address
specifically for administration of the security appliance. The process is the same as
defining a security context; however, during the process, be sure to check Admin
Context to designate this as the administration context.
In addition to being used to administer the appliance, the Admin context is used to
publish syslog and SNMP messages to monitoring devices, such as the Cisco
Security Monitoring, Analysis and Response System (CS-MARS), for further
processing.
Until you associate a specific management IP address with the Admin context, the IP
address used to manage the security appliance is the one you specified when defining
the device. When you specify a Management IP Address with the Admin context, it
takes precedence over the one on the Device Properties page.
Result: The Admin context is defined and associated with a physical interface.
For more information, see:
Add/Edit Security Context Dialog Box (PIX/ASA), page 57-7
Add/Edit Security Context Dialog Box (FWSM), page 57-5
Step 3 Define each security context, or virtual firewall, on the base appliance.
In this task, you define individual security contexts, naming each, assigning a
location for its configuration files, and allocating interfaces. Each security context
represents a virtual firewall, and its definition includes the interfaces and range of
associated VLAN IDs that are under its control.
Note While the Admin context can operate as a firewall device, it is typically used
as such only in single-context mode. Therefore, security contexts are treated
as separate entities in this checklist.
You cannot add new interfaces or modify the hardware Port value when defining a
security context—you simply select previously defined interfaces for allocation to
the context.
Result: Each security context is defined and associated with a physical interface; the
VLANs on which the security context will inspect traffic are also specified.
For more information, see:
Add/Edit Security Context Dialog Box (PIX/ASA), page 57-7
Add/Edit Security Context Dialog Box (FWSM), page 57-5
Step Task