Cisco Cisco Security Manager 4.5 Guida All'Installazione
2
Deployment Planning Guide for Cisco Security Manager 4.5
OL-30766-01
Cisco Security Manager 4.5 Applications
Configuration Manager
Configuration Manager enables you to centrally manage security policies over 250 different types and
models of Cisco security devices. Security Manager supports integrated provisioning of firewall, IPS,
and VPN (most Site-to-site, Remote Access and SSL) services across:
models of Cisco security devices. Security Manager supports integrated provisioning of firewall, IPS,
and VPN (most Site-to-site, Remote Access and SSL) services across:
•
IOS/ISR/ASR routers
•
Catalyst switches
•
ASA and PIX security appliances
•
Catalyst Service Modules related to firewall, VPN, and IPS
•
IPS appliances and various service modules for routers and ASA devices
For a complete list of devices and OS versions supported by Security Manager, please refer to
on Cisco.com.
Event Viewer
The high-performance and easy-to-use integrated Event Viewer allows you to centrally monitor events
from IPS, ASA, and FWSM devices and correlate them to the related configuration policies. This helps
you identify problems and troubleshoot configurations. Then, using Configuration Manager, you can
make adjustments to the configurations and deploy them. Event Viewer supports event management for
Cisco ASA, IPS, and FWSM devices.
from IPS, ASA, and FWSM devices and correlate them to the related configuration policies. This helps
you identify problems and troubleshoot configurations. Then, using Configuration Manager, you can
make adjustments to the configurations and deploy them. Event Viewer supports event management for
Cisco ASA, IPS, and FWSM devices.
In addition to the Primary Event Data Store, events can be copied and stored in the Extended Event Data
Store. The Extended Event Data Store can be used to back up and archive a larger number of events. This
is useful for historical review and analysis of events where Event Viewer can gather event data from both
the Primary Event Data Store and the Extended Event Data Store. The Extended Event Data Store can
be enabled in Event Management in Security Manager’s Administration settings.
Store. The Extended Event Data Store can be used to back up and archive a larger number of events. This
is useful for historical review and analysis of events where Event Viewer can gather event data from both
the Primary Event Data Store and the Extended Event Data Store. The Extended Event Data Store can
be enabled in Event Management in Security Manager’s Administration settings.
For supported platforms and more information, refer to the “Monitoring and Diagnostics” part of the
on Cisco.com.
Syslog Relay
In addition to events being received by the Security Manager server, they can be forwarded to a
maximum of two external/remote controllers (syslog hosts). This feature, syslog relay, will forward the
received messages to another syslog host using the UDP syslog protocol.
maximum of two external/remote controllers (syslog hosts). This feature, syslog relay, will forward the
received messages to another syslog host using the UDP syslog protocol.
Retain the original source address of the message
This feature provides the option of preserving the original source IP address of the message. That is, if
the user wants to show the events received on the remote controller source IP address. This is the default
configuration.
the user wants to show the events received on the remote controller source IP address. This is the default
configuration.
Use CSM server IP address as source IP address
When this option is enabled in the config file, all syslog messages forwarded from the Security Manager
server will have the Security Manager server's IP address as the source IP address of the syslog message.
server will have the Security Manager server's IP address as the source IP address of the syslog message.
For configuration and setup details, refer to
on Cisco.com.