Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

7-21

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 7 Managing FlexConfigs

Understanding FlexConfig Policies and Policy Objects

ASA_svc_image Provides an ASA SSL VPN Client image. It copies the SVC image from

/CSCOpx/tftpboot/device-hostname on the CSM server to the device,

then configures the SVC image path. Make sure you fill out the device’s

hostname in Device Properties. If the image name is different than the

default, you can override it in Device Properties > Policy Object

Overrides > Text Objects > AsaSvcImageName. Unassign this

FlexConfig from the device after the image has been copied and

configured.

ASA_sysopt Uses the sysopt command to provide the following examples:

• Ensures that the maximum TCP segment size does not exceed the

value you set or that the minimum is not less than a specified size.

• Forces each TCP connection to remain in a shortened TIME_WAIT

state of at least 15 seconds after the final normal TCP close-down

sequence.

• Disables DNS inspection that alters the DNS A record address.

• Ignores the authentication key in RADIUS accounting responses.

• Enables the web browser to supply a username and password from

its cache when it reauthenticates with the virtual HTTP server on

the security appliance.

ASA_virtual Configures virtual HTTP and Telnet servers.

Table 7-7 Predefined Catalyst 6500/7600 FlexConfig Policy Objects

Name Description

Cat6K_ECLB_algorithm Sets the Ether Channel load balance algorithm for

modules.

Cat6K_ECLB_port_mode Applies an Ether Channel to the Catalyst trunk ports

where IPS sensors are plugged in. Make sure the ports are

configure in trunk mode.

Cat6K_ECLB_portchannel Sets the port channel to trunk mode and add

trunk-allowed VLANs.

Cat6K_firewall_multiple_vlan_interfaces Sets multiple VLAN interfaces mode if multiple SVIs

need to be provisioned.

Table 7-8 Predefined Cisco IOS FlexConfig Policy Objects

Name Description

IOS_add_bridge_interface_desc Loops through a list of bridge interfaces and adds the

description “this is a bridge interface.”

IOS_CA_server Configures a certificate authority server.

IOS_compress_config Compresses large Cisco IOS configurations.

Table 7-6 Predefined ASA FlexConfig Policy Objects (Continued)

Name Description

previous next