Filter
Top Products
1-3
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 1 Getting Started with Security Manager
Product Overview
• Intelligent analysis of firewall policies—The conflict detection feature analyzes and reports rules
that overlap or conflict with other rules. The ACL hit count feature checks in real-time whether
specific rules are being hit or triggered by packets.
• Sophisticated rule table editing—In-line editing, ability to cut, copy, and paste rules and to change
their order in the rule table.
• Discover firewall policies from device—Policies that exist on the device can be imported into
Security Manager for future management.
• Flexible deployment options—Support for deployment of configurations directly to a device or to
a configuration file. You can also use Auto-Update Server (AUS), Configuration Engine, or Token
Management Server (TMS) for deployment.
• Rollback—Ability to roll back to a previous configuration if necessary.
• FlexConfig (template manager)—Intelligent CLI configlet editor to manage features available on
a device but not natively supported by Security Manager.
• Integrated device monitoring and reporting—Features for monitoring events on IPS, ASA, and
FWSM devices and correlating them to the related configuration policies, and for creating security
and usage reports. These features include the following stand-alone Security Manager applications:
–
Event Viewer—Event Viewer monitors your network for system log (syslog) events from ASA
and FWSM devices, as well as security contexts and SDEE events from IPS devices and virtual
sensors. Event Viewer collects these events and provides an interface by which you can view
them, group them, and examine their details in near real time.
–
Report Manager—Report Manager lets you collect, display and export a wide variety of
network usage and security information for ASA and IPS devices, and for ASA-hosted
remote-access IPsec and SSL VPNs. These reports aggregate security data such as top sources,
destinations, attackers, victims, as well as security information such as top bandwidth, duration,
and throughput users. Data is available for hourly, daily, and monthly periods. (Report Manager
aggregates information collected from devices monitored by the Event Manager service. Thus,
to view reports about a device, you must be monitoring that device in Event Viewer.)
Note Report Manager does not report FWSM events even though Event Viewer works with
FWSM.
–
Health and Performance Monitor—Health and Performance Monitor (HPM) periodically
polls monitored ASA devices, IPS devices, and ASA-hosted VPN services for key health and
performance data, including critical and non-critical issues, such as memory usage, interface
status, dropped packets, tunnel status, and so on. This information is used for alert generation
and email notification, and to display trends based on aggregated data, which is available for
hourly, daily, and weekly periods.
Note Health and Performance Monitor does not monitor FWSM devices.
Additional features let you monitor devices from Security Manager using other closely related
applications, including Cisco Security Monitoring, Analysis and Response System (CS-MARS),
Cisco Performance Monitor, and device managers such as ASDM (read-only versions of which are
included with Security Manager).