Filter
Top Products
1-24
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 1 Getting Started with Security Manager
Completing the Initial Security Manager Configuration
• Select a workflow mode. The default mode is non-Workflow mode with Ticket Management
enabled. In non-Workflow mode, users have more freedom to create and deploy configurations.
However, if your organization requires a more transaction-oriented approach to network
management, where separate individuals perform policy creation, approval, and deployment, you
can enable Workflow mode to enforce your procedures. If you are using Workflow mode, ensure that
you configure user permissions appropriately when you define user accounts to enforce your
required division of labor. For information on the types of workflow you can use, see Workflow and
Activities Overview, page 1-18. For information on how to change workflow modes, see Changing
Workflow Modes, page 1-26.
Tip You can disable Ticket Management in non-Workflow mode to make most activity management tasks
automatic.
• Configure default device communication settings. Security Manager uses the most commonly used
methods for accessing devices based on the type of device. For example, Security Manager uses SSH
by default when contacting Catalyst switches. If the default protocols work for the majority of your
devices, you do not need to change them. For devices that should use a non-default protocol, you
can change the protocol in the device properties for the specific devices. However, if you typically
use a protocol that is not the Security Manager default (for example, if you use a token management
server (TMS) for your routers), you should change the default setting. To change the default
communication settings, in Configuration Manager, select Tools > Security Manager
Administration, and select Device Communication from the table of contents. In the Device
Connection Settings group, select the most appropriate protocols for each type of device. You can
also change the default connection time out and retry settings. For more information about device
communication settings, see Device Communication Page, page 11-16
• Select the types of router and firewall policies you will manage with Security Manager. When you
manage IPS devices in Security Manager, you automatically manage the entire configuration.
However, with routers and firewall devices (ASA, PIX, and FWSM), you can select which types of
policies are managed by Security Manager. You can manage other parts of the device configuration
using other tools (including the devices’s CLI). By default, all security-related policies are managed.
To change which policies are managed, in Configuration Manager, select Tools > Security
Manager Administration > Policy Management. For detailed information about changing these
settings and what you should do before and after making the change, see Customizing Policy
Management for Routers and Firewall Devices, page 5-10.
• Decide whether you want to use the Event Viewer to manage firewall and IPS events. You can
configure the disk and location for collecting syslog events from devices, and the port number to use
for syslog communication. If you do not want to use Security Manager for event management, you
can turn off the feature, which is enabled by default. For more information on the configuration
options, see Event Management Page, page 11-22.
• Configure Security Manager for communication with Cisco Security Monitoring, Analysis and
Response System (CS-MARS). If you use CS-MARS for monitoring your network, you can identify
the servers to Security Manager and then access CS-MARS event information from within Security
Manager. For information on configuring this cross-communication, see Checklist for Integrating
CS-MARS with Security Manager, page 69-23.