Техническое РуководствоСодержаниеCisco Security Manager 4.4 API Specification1(Version 1.1)1Version 1.0 Published: June 14, 20121Version 1.0 Revised: July 10, 2012 (added sample programs to Section 8)1Table of Contents2List of Figures4List of Tables81 Overview111.1 Scope111.2 Changes since previous version121.2.1 Unified Access Rules121.2.2 Security Policy Object121.2.3 Network object121.2.4 Return user/ticket that last modified a config rule.121.2.5 Add device status – up/down as part of the event service121.2.6 Exec command API call will be supporting custom timeouts.121.2.7 API enhancement to return list of all the shared Policies defined in CSM.121.2.8 Return the Device’s SysObjectID in the Device Object.131.2.9 CSM Audit Logs should differentiate between logins through API and CSM client.131.2.10 New Firewall Policies131.3 Audience131.4 References131.5 Glossary141.6 Conventions141.7 Overview of CSM Message Flows161.8 Licensing171.9 Prerequisites181.10 API Administration Settings181.11 Debug Settings192 Common Service API202.1 Object Model202.1.1 Object Identifier202.1.2 Base Object202.1.3 Device212.1.3.1 Interface232.1.3.2 Firewall Capabilities242.1.4 DeviceGroup242.1.5 Port Identifier252.1.6 BaseError262.2 Methods282.2.1 Common Request & Response282.2.1.1 Pagination282.2.2 Method login292.2.2.1 Request292.2.2.2 Response312.2.3 Method logout342.2.3.1 Request342.2.3.2 Response352.2.4 Method: ping352.2.4.1 Request362.2.4.2 Response363 CSM Configuration Service API383.1 Object Model383.1.1 Base Policy383.1.2 BasePolicyObject413.1.3 Policy Utility Classes433.1.4 PolicyObject Derived Classes453.1.4.1 NetworkPolicyObject453.1.4.2 IdentityUserGroupPolicyObject463.1.4.3 PortListPolicyObject483.1.4.4 ServicePolicyObject493.1.4.5 InterfaceRolePolicyObject513.1.4.6 TimeRangePolicyObject523.1.4.7 SLA Monitor Policy Object543.1.4.8 Standard ACE Policy Object563.1.4.9 Extended ACE Policy Object56Figure 35: ExtendedACEPolicyObject XML Schema573.1.4.10 ACL Policy Object583.1.4.11 SecurityGroupPolicyObject583.1.5 Policy Derived Classes603.1.5.1 DeviceAccessRuleFirewallPolicy603.1.5.1.1 Policy Config Device Response Example633.1.5.2 DeviceAccessRuleUnifiedFirewallPolicy663.1.5.3 DeviceStaticRoutingFirewallPolicy673.1.5.4 DeviceStaticRoutingRouterPolicy693.1.5.5 DeviceBGPRouterPolicy713.1.5.6 InterfaceNATRouterPolicy733.1.5.7 InterfaceNATStaticRulesRouterPolicy743.1.5.8 InterfaceNATDynamicRulesRouterPolicy773.1.5.9 DeviceNATTimeoutsRouterPolicy793.1.5.10 InterfaceNATAddressPoolFirewallPolicy813.1.5.11 DeviceNATTransOptionsFirewallPolicy823.1.5.12 InterfaceNATTransExemptionsFirewallPolicy833.1.5.13 InterfaceNATDynamicRulesFirewallPolicy853.1.5.14 InterfaceNATPolicyDynamicRulesFirewallPolicy873.1.5.15 InterfaceNATStaticRulesFirewallPolicy903.1.5.16 InterfaceNATManualFirewallPolicy933.1.5.17 InterfaceNAT64ManualFirewallPolicy983.1.5.18 InterfaceNATObjectFirewallPolicy993.1.5.19 InterfaceNAT64ObjectFirewallPolicy1023.2 Methods1033.2.1 Method GetServiceInfo1043.2.1.1 Request1043.2.1.2 Response1053.2.2 Method GetGroupList1063.2.2.1 Request1063.2.2.2 Response1073.2.3 Method GetDeviceListByCapability1103.2.3.1 Request1103.2.3.2 Response1113.2.4 Method GetDeviceListByGroup1133.2.4.1 Request1133.2.4.2 Response1143.2.5 Method GetDeviceConfigByGID1153.2.5.1 Request1153.2.5.2 Response1163.2.6 Method GetDeviceConfigByName1183.2.6.1 Request1183.2.6.2 Response1203.2.7 Method GetPolicyListByDeviceGID1213.2.7.1 Request1213.2.7.2 Response1233.2.8 Method GetPolicyConfigByName1243.2.8.1 Request1243.2.8.2 Response1263.2.9 Method GetPolicyConfigByDeviceGID1293.2.9.1 Request1293.2.9.2 Response1303.2.10 Method GetSharedPolicyNamesByType1303.2.10.1 REST Request:1303.2.10.2 Response Object:1324 CSM Events Service API1344.1 Methods1344.1.1 Method GetServiceInfo1344.1.2 Method EventSubcription1344.1.2.1 Request1344.1.2.2 Response1374.1.2.3 Syslog XML Event Notifications1404.1.2.4 Syslog PlainText Event Notifications1455 CSM Utility Service API1465.1 Object Model1465.2 Methods1465.2.1 Method GetServiceInfo1475.2.2 Method execDeviceReadOnlyCLICmds1485.2.2.1 Request1485.2.2.2 Response1506 API Scaling1537 CSM Client Protocol State Machine1547.1.1 Overview1547.1.2 Using the configuration and event service1568 Sample API Client Programs1588.1 CSM API pre-configuration checks1598.2 Login and ping test1628.3 Fetch CLI configuration of a firewall1658.4 Executing show access-list on a firewall device1698.5 Fetch CSM defined firewall policy1738.6 List shared policies assigned to all devices1768.7 List content of a given shared policy1828.8 Subscribing to change notifications – Deployment, OOB1869 Troubleshooting (Common Scenarios)19010 XML Schema19110.1 Common XSD19110.2 Config XSD19510.3 Event XSD21410.4 Utility XSD216Размер: 4,4 МБСтраницы: 217Язык: EnglishПросмотреть
Руководство ПользователяСодержаниеCisco Security Manager 4.11 API Specification1(Version 2.3)1Table of Contents2List of Figures5List of Tables111 Overview151.1 Scope151.2 Changes in Revision 1.1161.2.1 Unified Access Rules161.2.2 Security Policy Object161.2.3 Network object161.2.4 Return user/ticket that last modified a config rule161.2.5 Add device status – up/down as part of the event service161.2.6 Exec command API call will be supporting custom timeouts161.2.7 API enhancement to return list of all the shared Policies defined in CSM161.2.8 Return the Device’s SysObjectID in the Device Object161.2.9 CSM Audit Logs should differentiate between logins through API and CSM client.171.2.10 New Firewall Policies171.3 Changes in Revision 2.0171.3.1 Write API171.3.1.1 Policy Objects171.3.1.2 Policy171.3.1.3 Administration Page181.3.2 All CSM Server Mode Support181.3.3 Deployment API181.3.4 API to Read Policy Object181.3.5 Access-Rule Changes181.4 Changes in Revision 2.1191.4.1 CreateSharedPolicy191.4.2 DeleteSharedPolicy191.4.3 RenameSharedPolicy191.4.4 AssignSharedPolicy201.4.5 UnassignSharedPolicy201.4.6 InheritSharedPolicy201.5 Audience201.6 References201.7 Glossary201.8 Conventions211.9 Overview of CSM Message Flows221.10 Licensing231.11 Prerequisites241.12 API Administration Settings241.13 Debug Settings252 Common Service API262.1 Object Model262.1.1 Object Identifier262.1.2 Base Object262.1.3 Device272.1.3.1 Interface292.1.3.2 Firewall Capabilities302.1.4 DeviceGroup302.1.5 Port Identifier312.1.6 BaseError322.2 Methods342.2.1 Common Request & Response342.2.1.1 Pagination342.2.2 Method login352.2.2.1 Request362.2.2.2 Response382.2.3 Method logout402.2.3.1 Request402.2.3.2 Response412.2.4 Method: ping422.2.4.1 Request422.2.4.2 Response433 CSM Configuration Service API453.1 Object Model453.1.1 Base Policy453.1.2 BasePolicyObject483.1.3 Policy Utility Classes503.1.4 PolicyObject Derived Classes523.1.4.1 NetworkPolicyObject523.1.4.2 IdentityUserGroupPolicyObject533.1.4.3 PortListPolicyObject553.1.4.4 ServicePolicyObject563.1.4.5 InterfaceRolePolicyObject583.1.4.6 TimeRangePolicyObject593.1.4.7 SLA Monitor Policy Object613.1.4.8 Standard ACE Policy Object613.1.4.9 Extended ACE Policy Object62Figure 35: ExtendedACEPolicyObject XML Schema633.1.4.10 ACL Policy Object643.1.4.11 SecurityGroupPolicyObject643.1.5 Policy Derived Classes663.1.5.1 DeviceAccessRuleFirewallPolicy663.1.5.1.1 Policy Config Device Response Example693.1.5.2 DeviceAccessRuleUnifiedFirewallPolicy723.1.5.3 FirewallACLSettingsPolicy723.1.5.4 DeviceStaticRoutingFirewallPolicy743.1.5.5 DeviceStaticRoutingRouterPolicy763.1.5.6 DeviceBGPRouterPolicy783.1.5.7 InterfaceNATRouterPolicy803.1.5.8 InterfaceNATStaticRulesRouterPolicy803.1.5.9 InterfaceNATDynamicRulesRouterPolicy833.1.5.10 DeviceNATTimeoutsRouterPolicy853.1.5.11 InterfaceNATAddressPoolFirewallPolicy873.1.5.12 DeviceNATTransOptionsFirewallPolicy883.1.5.13 InterfaceNATTransExemptionsFirewallPolicy893.1.5.14 InterfaceNATDynamicRulesFirewallPolicy913.1.5.15 InterfaceNATPolicyDynamicRulesFirewallPolicy933.1.5.16 InterfaceNATStaticRulesFirewallPolicy963.1.5.17 InterfaceNATManualFirewallPolicy993.1.5.18 InterfaceNAT64ManualFirewallPolicy1033.1.5.19 InterfaceNATObjectFirewallPolicy1043.1.5.20 InterfaceNAT64ObjectFirewallPolicy1073.2 Methods1073.2.1 Method GetServiceInfo1093.2.1.1 Request1093.2.1.2 Response1103.2.2 Method GetGroupList1113.2.2.1 Request1113.2.2.2 Response1123.2.3 Method GetDeviceListByCapability1153.2.3.1 Request1153.2.3.2 Response1163.2.4 Method GetDeviceListByGroup1183.2.4.1 Request1183.2.4.2 Response1193.2.5 Method GetDeviceConfigByGID1203.2.5.1 Request1203.2.5.2 Response1213.2.6 Method GetDeviceConfigByName1223.2.6.1 Request1233.2.6.2 Response1243.2.7 Method GetPolicyListByDeviceGID1253.2.7.1 Request1253.2.7.2 Response1263.2.8 Method GetPolicyConfigByName1283.2.8.1 Request1283.2.8.2 Response1303.2.9 Method GetPolicyConfigByDeviceGID1333.2.9.1 Request1333.2.9.2 Response1343.2.10 Method GetSharedPolicyNamesByType1343.2.10.1 REST Request:1343.2.10.2 Response Object:1353.2.11 Method CreateCSMSession1363.2.11.1 Request1373.2.11.2 Response1383.2.12 Method ValidateCSMSession1393.2.12.1 Request1393.2.12.2 Response1403.2.13 Method SubmitCSMSession1423.2.13.1 Request1433.2.13.2 Response1433.2.14 Method DiscardCSMSession1433.2.14.1 Request1443.2.14.2 Response1443.2.15 Method ApproveCSMSession1453.2.15.1 Request1453.2.15.2 Response1463.2.16 Method OpenCSMSession1473.2.16.1 Request1473.2.16.2 Response1483.2.17 Method CloseCSMSession1483.2.17.1 Request1483.2.17.2 Response1493.2.18 Method AddPolicyObject1493.2.18.1 Request1493.2.18.2 Response1513.2.19 Method ModifyPolicyObject1523.2.19.1 Request1523.2.19.2 Response1533.2.20 Method DeletePolicyObject1543.2.20.1 Request1543.2.20.2 Response1553.2.21 Method GetPolicyObject1553.2.21.1 Request1553.2.21.2 Response1563.2.22 Method GetPolicyObjectByGID1593.2.22.1 Request1593.2.22.2 Response1603.2.23 Method GetListofDeployableDevices1603.2.23.1 Request1603.2.23.2 Response1613.2.24 Method DeployConfigByGID1633.2.24.1 Request1633.2.24.2 Response1663.2.25 Method GetDeployJobStatus1683.2.25.1 Request1683.2.25.2 Response1693.2.26 Method AddPolicyConfigByGID1703.2.26.1 Request1713.2.26.2 Response1723.2.27 Method AddPolicyConfigByName1743.2.27.1 Request1743.2.27.2 Response1753.2.28 Method ModifyPolicyConfigByGID1753.2.28.1 Request1763.2.28.2 Response1763.2.29 Method ModifyPolicyConfigByName1773.2.29.1 Request1773.2.29.2 Response1783.2.30 Method DeletePolicyConfigByGID1783.2.30.1 Request1783.2.30.2 Response1793.2.31 Method DeletePolicyConfigByName1793.2.31.1 Request1793.2.31.2 Response1803.2.32 Method ReorderPolicyConfigByGID1803.2.32.1 Request1803.2.32.2 Response1823.2.33 Method ReorderPolicyConfigByName1823.2.33.1 Request1823.2.33.2 Response1823.2.34 Method CreateSharedPolicy1833.2.34.1 Request1833.2.34.2 Response1843.2.35 Method DeleteSharedPolicy1853.2.35.1 Request1853.2.35.2 Response1873.2.36 Method RenameSharedPolicy1873.2.36.1 Request1873.2.36.2 Response1893.2.37 Method InheritSharedPolicy1893.2.37.1 Request1903.2.37.2 Response1913.2.38 Method AssignSharedPolicy1923.2.38.1 Request1933.2.38.2 Response1943.2.39 Method UnAssignSharedPolicy1953.2.39.1 Request1953.2.39.2 Response1963.3 Policy-Specific Handling1973.3.1 DeviceAccessRuleFirewallPolicy1973.3.2 FirewallACLSettingsPolicy1984 CSM Events Service API1994.1 Methods1994.1.1 Method GetServiceInfo1994.1.2 Method EventSubcription1994.1.2.1 Request1994.1.2.2 Response2024.1.2.3 Syslog XML Event Notifications2054.1.2.4 Syslog PlainText Event Notifications2105 CSM Utility Service API2115.1 Object Model2115.2 Methods2115.2.1 Method GetServiceInfo2125.2.2 Method execDeviceReadOnlyCLICmds2135.2.2.1 Request2135.2.2.2 Response2156 Error Code and Description2187 API Scaling2248 CSM Client Protocol State Machine2258.1.1 Overview2258.1.2 Using the configuration and event service2278.1.3 Using CSMSession and Write APIs2289 Sample API Client Programs2309.1 CSM API pre-configuration checks2309.2 Login and ping test2349.3 Fetch CLI configuration of a firewall2379.4 Executing show access-list on a firewall device2409.5 Fetch CSM defined firewall policy2449.6 List shared policies assigned to all devices2479.7 List content of a given shared policy2539.8 Subscribing to change notifications – Deployment, OOB25610 Troubleshooting (Common Scenarios)26111 XML Schema26211.1 Common XSD26211.2 Config XSD26711.3 Event XSD29911.4 Utility XSD300Размер: 3,9 МБСтраницы: 301Язык: EnglishПросмотреть
Руководство По УстановкеСодержаниеIntroduction1Cisco Security Manager 4.11 Applications1Configuration Manager2Event Viewer2Report Manager2Health and Performance Monitor3Image Manager3Dashboard3CSM Mobile3Syslog Relay4Common Services 4.2.24Local RBAC Using Common Services4Auto Update Server 4.115Related Applications5Cisco Secure Access Control Server (ACS) 4.2.x5Cisco CNS Configuration Engine 3.5 and 3.5(1)5Minimum Hardware and Software Requirements6Virtual Machine Hardware and Software Requirements9Recommended Hardware and Software Specifications9VM Support by Operating System10Small Deployment with VMware ESXi 5.1U2 and VMware ESXi versions up to ESXi 6.010Small Enterprise Deployment13Small Deployment with Hyper-V and Windows Server 2012 R216Medium Enterprise Deployment with VMware ESXi 5.1U2 and VMware ESXi versions up to ESXi 6.018Medium Enterprise Deployment20Large Enterprise Deployment22Large Retail Deployment24Deployment Scenarios27Factors that Affect Application Performance29Single Server Installation29Multiple Servers Installation30Installation in VMware’s Virtual Machine Environment31High-Availability/Disaster Recovery31Installation Guidelines31Installable Modules32IP address, Hostname and DNS name32Client Deployment32Security Manager Server Tuning32Disk Defragmentation33Windows Operating System’s Swap-File size33Sybase Database Registry Parameters33Understanding Security Manager Licensing34Licensing Examples35Размер: 607,3 КБСтраницы: 36Язык: EnglishПросмотреть
