Cisco Cisco Security Manager 4.0 Hoja De Datos
© 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 3 of 7
Data Sheet
Figure 3. Simplified NAT Policies
Feature Overview
Table 1 summarizes Cisco Security Manager 4.0 features and benefits.
Table 1.
Cisco Security Manager 4.0 Features and Benefits
Feature
Benefit
Firewall configuration
● Administrators can centrally configure policies for Cisco ASA 5500 Series appliances, Cisco PIX
®
appliances, Cisco Catalyst 6500 Series FWSMs, and Cisco ISR platforms running a Cisco IOS
®
Software security image.
● Administrators can deploy Zone-Based Firewall (ZBF) policy settings on supported device platforms.
● Botnet Traffic Filter support on the Cisco ASA platform enables application-layer inspection and blocks
● Botnet Traffic Filter support on the Cisco ASA platform enables application-layer inspection and blocks
“phone-home” activity by botnets.
● Content filtering support for a Cisco IOS Software-based device platform allows traffic filtering based on
deep content inspection.
● Cisco Security Manager software provides a single rule table for all platforms. Customers can manage
these different device platforms through one management tool.
● The policy query feature displays which rules match a specific source, destination, and service flow,
including wildcards. This feature allows administrators to define policies more efficiently.
● To ease configuration, device information can be imported from a device repository or configuration file,
or added in the software. Additionally, firewall policies can be discovered from the device itself. This
feature simplifies initial security management setup.
feature simplifies initial security management setup.
● Interface roles allow a user to apply a rule policy on groups of interfaces in a scalable manner. This
feature provides more flexibility in managing a group of devices centrally using Cisco Security Manager.
IPS configuration
● Cisco Security Manager enables administrators to easily and effectively manage IPS-based
configuration and update policies for Cisco IPS 4200 Series Sensors, the Cisco ASA Advanced
Inspection and Prevention Security Services Module (AIP-SSM), the Cisco ASA Advanced Inspection
and Prevention Security Services Card (AIP-SSC), the Cisco Catalyst 6500 Series Intrusion Detection
System Services Module 2 (IDSM-2), the Cisco IDS Network Module, the Cisco IPS Advanced
Integration Module (AIM), and Cisco IOS IPS.
Inspection and Prevention Security Services Module (AIP-SSM), the Cisco ASA Advanced Inspection
and Prevention Security Services Card (AIP-SSC), the Cisco Catalyst 6500 Series Intrusion Detection
System Services Module 2 (IDSM-2), the Cisco IDS Network Module, the Cisco IPS Advanced
Integration Module (AIM), and Cisco IOS IPS.
● The IPS solution in Cisco IPS Sensor Software Versions 7.0 and 6.2 combines an inline intrusion
prevention service with innovative technologies that improve accuracy. Cisco IPS Sensor Software
accurately identifies, classifies, and stops malicious traffic, including worms, spyware and adware,
accurately identifies, classifies, and stops malicious traffic, including worms, spyware and adware,