Filter
Top Products
11-19
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 11 Configuring Security Manager Administrative Settings
Device Communication Page
Device Authentication
Certificates (IPS)
Device Authentication
Certificates (Router)
PIX/ ASA/ FWSM Device
Authentication Certificates
Add Certificate button
How to handle device authentication certificates for SSL (HTTPS)
communications. You can configure different behaviors for different
types of devices, but the settings have the same meaning:
• Retrieve while adding devices—Security Manager automatically
obtains certificates from the devices while you add devices from
the network or from an export file.
• Manually add certificates—Security Manager does not
automatically accept certificates from the device. Click Add
Certificate to open the Add Certificate dialog box (see Add
Certificate Dialog Box, page 11-20) where you can manually add
the thumbprint before you try to add the device from the network
or from an export file. You can also add certificates for devices that
you create manually from the Device Properties Credentials page
to be successful. For more information, see Manually Adding SSL
Certificates for Devices that Use HTTPS Communications,
page 9-4.
• Do not use certificate authentication—Security Manager ignores
device authentication certificates. This option leaves your system
vulnerable to third-party interference with device validation. We
recommend that you do not use this option.
Accept Device SSL
Certificate after Rollback
For devices that use SSL, whether to obtain the certificate installed on
an IPS device, firewall device, FWSM, ASA, or Cisco IOS router from
the device when you roll back the configuration on the device.
HTTPS Port Number The default port number that the device uses for secure communication
with Security Manager (as well as other management applications that
use these protocols). This value overrides the HTTPS port number that
you configure in the HTTP policy for a device.
Note If you configure the local HTTP policy to be a shared policy and
assign the HTTP policy to multiple devices, the HTTPS port
number setting in the shared policy overrides the port number
configured in the Device Properties Credentials page for all
devices to which the policy is assigned.
In addition to providing access to the device through the Cisco web
browser user interface, the HTTPS port number is used by device
management applications (such as the Cisco Router and Security
Device Manager (SDM)) and monitoring tools to communicate with the
device.
Note The security appliance can support both SSL VPN connections
and HTTPS connections for device manager administrative
sessions simultaneously on the same interface. Both HTTPS
and SSL VPN use port 443 by default. Therefore, to enable both
HTTPS and SSL VPN on the same interface, you must specify
a different port number for either HTTPS or WebVPN. An
alternative is to configure SSL VPN and HTTPS on different
interfaces.
Table 11-9 Device Communication Page (Continued)
Element Description