Filter
Top Products
5-17
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 5 Managing Policies
Discovering Policies
an OS version for which a factory default configuration exists). You can discover the default
configuration only for devices that run in single-context mode or for individual security
contexts.
Tip: We recommend that you use the Factory Default Configuration settings when you add PIX,
ASA, and FWSM devices manually (as described in Adding Devices by Manual Definition,
page 3-25). You should discover the default configuration for single-context mode devices and for
each security context on a multiple-context mode device. For more information about
factory-default policies, see Default Firewall Configurations, page 45-2.
• Discover Policies for Security Contexts—Select this option for firewall devices running in
multiple-context mode if you want to discover policies for the security contexts defined on
them.
c. Select the types of policies you want to discover. For more information about the difference between
different types of policies, see Service Policies vs. Platform-Specific Policies, page 5-2.
• Inventory—Discovers basic device information (such as hostname and domain name),
interfaces, and security contexts on devices running in multiple-context mode. On Cisco IOS
routers, this option also discovers all interface-related policies, such as DSL, PPP, and PVC
policies.
• Platform Settings—Discovers platform-specific policies, such as routing policies.
• Firewall Services—Discovers firewall services policies, such as access rules and inspection
rules, on all platforms.
• RA VPN—Discovers IPSec and SSL remote access VPN policies, such as IKE proposals and
IPsec proposals.
• IPS—Discovers IPS policies, such as signatures and virtual sensors.
d. Click OK. The discovery task is initiated and the Discovery Status dialog box opens so you can view
the task status (see Discovery Status Dialog Box, page 5-21). You cannot perform other tasks in
Security Manager while discovery is in progress.
Step 3 If you want to perform bulk rediscovery, do the following:
a. In device view, do one of the following:
• Select a device group, or multiple devices, then right-click and select Discover Policies on
Device. Ensure that the Bulk Rediscovery dialog box opens.
Tip: If the dialog box is called Create Discovery Task, you need to close the dialog box and try
again. Ensure that a device group or more than one device is selected and reissue the command.
• Select Policy > Discover Policies on Device. This opens the Device Selector dialog box. Select
the devices you want to discover from the Available Devices list and click >> to move them to
the Selected Devices list. Click Next.
Note If you use the right-click command, Security Manager assumes you have selected the desired
devices. You can always click the Back button to go to the Device Selector screen and
change the device list.
b. Modify the discovery task name, if desired, and select discovery options. For detailed information,
see Create Discovery Task and Bulk Rediscovery Dialog Boxes, page 5-18.
The devices are organized in groups according to device type, with your device groups (if any)
shown within each type: