Filter
Top Products
10-14
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 10 Managing the Security Manager Server
Managing a Cluster of Security Manager Servers
• When importing devices, the server must have a sufficient Security Manager license to support the
number and types of devices that you are importing. Ensure that you install a professional license
before importing device types that require it. For information on installing licenses, see Installing
Security Manager License Files, page 10-16.
• When importing policies, whether during device or shared policy import, only the policy types
selected for management on the Security Manager Administration Policy Management page will be
visible. However, all policies are imported. If you select a previously deselected policy type for
management, those imported policies appear with their imported configurations. For more
information about selective policy management, see Customizing Policy Management for Routers
and Firewall Devices, page 5-10.
• When importing shared polices and policy objects, if a policy or object on the server has the same
name as an imported one, it is replaced by the imported policy or object. If there are locks on the
policy or object, the import for that policy or object will fail. The message will indicate that the
failure was due to a locking problem. To avoid problems, ensure that all users have submitted and
approved any changes to shared policies or policy objects before doing an import.
• When importing devices, any shared policies and policy objects assigned to the device are also
imported, and these policies and objects replace existing policies and objects under the same
conditions as used when importing shared policies.
• To import policies and their policy objects, you must have Modify Policy and Modify Object
privileges to the policy and object types. When importing devices, you must also have Modify
Device privileges. These privileges can be assigned for separate policies, objects, and devices when
using ACS for authorization control. Having system administrator, network administrator, or
security administrator privileges provide the required privileges.
• You can import a file only if it was exported from a server running the same release of Security
Manager.
• You cannot import a device if the device is already in the inventory. Thus, you cannot update device
policies from an import file. If you want to re-import a device, first delete it from the inventory.
• When importing devices that use AUS or Configuration Engine servers to manage configuration
deployment, the servers must either be included in the import file or already defined in the Security
Manager server, but not both. You will get duplicate display name errors if the import file includes
an AUS or Configuration Engine already defined in the inventory. You will get an “invalid server
selection” error if you try to import a device that has an AUS or Configuration Engine server
assigned to it, but the server is not included in the import file or defined in the inventory.
• You can import unmanaged devices.
• When importing IPS devices, the server must have the same signature levels as the imported devices.
For example, if you import two IPS devices, one running signature level 481 and the other 530, you
must have both 481 and 530 installed on the server. You might need to download signature packages
before importing IPS devices as described in Checking for IPS Updates and Downloading Them,
page 43-5.
• This procedure explains how to import .pol or .dev files. If you want to import a device inventory
from a CSV file, the procedure is explained in Adding Devices from an Inventory File, page 3-29.
The procedures are not similar.
Related Topics
• Overview of Security Manager Server Cluster Management, page 10-2
• Splitting a Security Manager Server, page 10-3
• Synchronizing Shared Policies Among Security Manager Servers, page 10-4