Техническое РуководствоСодержаниеCisco Security Manager 4.4 API Specification1(Version 1.1)1Version 1.0 Published: June 14, 20121Version 1.0 Revised: July 10, 2012 (added sample programs to Section 8)1Table of Contents2List of Figures4List of Tables81 Overview111.1 Scope111.2 Changes since previous version121.2.1 Unified Access Rules121.2.2 Security Policy Object121.2.3 Network object121.2.4 Return user/ticket that last modified a config rule.121.2.5 Add device status – up/down as part of the event service121.2.6 Exec command API call will be supporting custom timeouts.121.2.7 API enhancement to return list of all the shared Policies defined in CSM.121.2.8 Return the Device’s SysObjectID in the Device Object.131.2.9 CSM Audit Logs should differentiate between logins through API and CSM client.131.2.10 New Firewall Policies131.3 Audience131.4 References131.5 Glossary141.6 Conventions141.7 Overview of CSM Message Flows161.8 Licensing171.9 Prerequisites181.10 API Administration Settings181.11 Debug Settings192 Common Service API202.1 Object Model202.1.1 Object Identifier202.1.2 Base Object202.1.3 Device212.1.3.1 Interface232.1.3.2 Firewall Capabilities242.1.4 DeviceGroup242.1.5 Port Identifier252.1.6 BaseError262.2 Methods282.2.1 Common Request & Response282.2.1.1 Pagination282.2.2 Method login292.2.2.1 Request292.2.2.2 Response312.2.3 Method logout342.2.3.1 Request342.2.3.2 Response352.2.4 Method: ping352.2.4.1 Request362.2.4.2 Response363 CSM Configuration Service API383.1 Object Model383.1.1 Base Policy383.1.2 BasePolicyObject413.1.3 Policy Utility Classes433.1.4 PolicyObject Derived Classes453.1.4.1 NetworkPolicyObject453.1.4.2 IdentityUserGroupPolicyObject463.1.4.3 PortListPolicyObject483.1.4.4 ServicePolicyObject493.1.4.5 InterfaceRolePolicyObject513.1.4.6 TimeRangePolicyObject523.1.4.7 SLA Monitor Policy Object543.1.4.8 Standard ACE Policy Object563.1.4.9 Extended ACE Policy Object56Figure 35: ExtendedACEPolicyObject XML Schema573.1.4.10 ACL Policy Object583.1.4.11 SecurityGroupPolicyObject583.1.5 Policy Derived Classes603.1.5.1 DeviceAccessRuleFirewallPolicy603.1.5.1.1 Policy Config Device Response Example633.1.5.2 DeviceAccessRuleUnifiedFirewallPolicy663.1.5.3 DeviceStaticRoutingFirewallPolicy673.1.5.4 DeviceStaticRoutingRouterPolicy693.1.5.5 DeviceBGPRouterPolicy713.1.5.6 InterfaceNATRouterPolicy733.1.5.7 InterfaceNATStaticRulesRouterPolicy743.1.5.8 InterfaceNATDynamicRulesRouterPolicy773.1.5.9 DeviceNATTimeoutsRouterPolicy793.1.5.10 InterfaceNATAddressPoolFirewallPolicy813.1.5.11 DeviceNATTransOptionsFirewallPolicy823.1.5.12 InterfaceNATTransExemptionsFirewallPolicy833.1.5.13 InterfaceNATDynamicRulesFirewallPolicy853.1.5.14 InterfaceNATPolicyDynamicRulesFirewallPolicy873.1.5.15 InterfaceNATStaticRulesFirewallPolicy903.1.5.16 InterfaceNATManualFirewallPolicy933.1.5.17 InterfaceNAT64ManualFirewallPolicy983.1.5.18 InterfaceNATObjectFirewallPolicy993.1.5.19 InterfaceNAT64ObjectFirewallPolicy1023.2 Methods1033.2.1 Method GetServiceInfo1043.2.1.1 Request1043.2.1.2 Response1053.2.2 Method GetGroupList1063.2.2.1 Request1063.2.2.2 Response1073.2.3 Method GetDeviceListByCapability1103.2.3.1 Request1103.2.3.2 Response1113.2.4 Method GetDeviceListByGroup1133.2.4.1 Request1133.2.4.2 Response1143.2.5 Method GetDeviceConfigByGID1153.2.5.1 Request1153.2.5.2 Response1163.2.6 Method GetDeviceConfigByName1183.2.6.1 Request1183.2.6.2 Response1203.2.7 Method GetPolicyListByDeviceGID1213.2.7.1 Request1213.2.7.2 Response1233.2.8 Method GetPolicyConfigByName1243.2.8.1 Request1243.2.8.2 Response1263.2.9 Method GetPolicyConfigByDeviceGID1293.2.9.1 Request1293.2.9.2 Response1303.2.10 Method GetSharedPolicyNamesByType1303.2.10.1 REST Request:1303.2.10.2 Response Object:1324 CSM Events Service API1344.1 Methods1344.1.1 Method GetServiceInfo1344.1.2 Method EventSubcription1344.1.2.1 Request1344.1.2.2 Response1374.1.2.3 Syslog XML Event Notifications1404.1.2.4 Syslog PlainText Event Notifications1455 CSM Utility Service API1465.1 Object Model1465.2 Methods1465.2.1 Method GetServiceInfo1475.2.2 Method execDeviceReadOnlyCLICmds1485.2.2.1 Request1485.2.2.2 Response1506 API Scaling1537 CSM Client Protocol State Machine1547.1.1 Overview1547.1.2 Using the configuration and event service1568 Sample API Client Programs1588.1 CSM API pre-configuration checks1598.2 Login and ping test1628.3 Fetch CLI configuration of a firewall1658.4 Executing show access-list on a firewall device1698.5 Fetch CSM defined firewall policy1738.6 List shared policies assigned to all devices1768.7 List content of a given shared policy1828.8 Subscribing to change notifications – Deployment, OOB1869 Troubleshooting (Common Scenarios)19010 XML Schema19110.1 Common XSD19110.2 Config XSD19510.3 Event XSD21410.4 Utility XSD216Размер: 4,4 МБСтраницы: 217Язык: EnglishПросмотреть
Руководство По УстановкеСодержаниеIntroduction1Cisco Security Manager 4.7 Applications1Configuration Manager2Event Viewer2Report Manager2Health and Performance Monitor2Image Manager3Dashboard3CSM Mobile3Syslog Relay3Common Services 4.2.24Local RBAC Using Common Services4Auto Update Server 4.74Related Applications5Cisco Secure Access Control Server (ACS) 4.2.x5Cisco CNS Configuration Engine 3.5 and 3.5(1)5Minimum Hardware and Software Requirements5Virtual Machine Hardware and Software Requirements9Recommended Hardware and Software Specifications9Small Deployment with VMware ESX 4.1 and VMware ESXi versions up to ESXi 5.510Small Enterprise Deployment12Medium Enterprise Deployment14Large Enterprise Deployment16Large Retail Deployment18Deployment Scenarios21Factors that Affect Application Performance23Single Server Installation23Multiple Servers Installation24Installation in VMware’s Virtual Machine Environment25High-Availability/Disaster Recovery25Installation Guidelines25Installable Modules25IP address, Hostname and DNS name26Client Deployment26Security Manager Server Tuning26Disk Defragmentation27Windows Operating System’s Swap-File size27Sybase Database Registry Parameters27Understanding Security Manager Licensing29Licensing Examples29Размер: 631,0 КБСтраницы: 30Язык: EnglishПросмотреть
Руководство ПользователяСодержаниеCisco Security Manager 4.7 API Specification1(Version 2.0)1Version 1.0 Published: June 14, 20121Version 1.0 Revised: July 10, 2012 (Added Sample Programs to Section 8)1Table of Contents2List of Figures5List of Tables101 Overview131.1 Scope131.2 Changes in Revision 1.1141.2.1 Unified Access Rules141.2.2 Security Policy Object141.2.3 Network object141.2.4 Return user/ticket that last modified a config rule141.2.5 Add device status – up/down as part of the event service141.2.6 Exec command API call will be supporting custom timeouts141.2.7 API enhancement to return list of all the shared Policies defined in CSM141.2.8 Return the Device’s SysObjectID in the Device Object141.2.9 CSM Audit Logs should differentiate between logins through API and CSM client.151.2.10 New Firewall Policies151.3 Changes in Revision 2.0151.3.1 Write API151.3.1.1 Policy Objects151.3.1.2 Policy151.3.1.3 Administration Page161.3.2 All CSM Server Mode Support161.3.3 Deployment API161.3.4 API to Read Policy Object161.3.5 Access-Rule Changes161.4 Audience171.5 References171.6 Glossary181.7 Conventions191.8 Overview of CSM Message Flows201.9 Licensing211.10 Prerequisites221.11 API Administration Settings221.12 Debug Settings232 Common Service API242.1 Object Model242.1.1 Object Identifier242.1.2 Base Object242.1.3 Device252.1.3.1 Interface272.1.3.2 Firewall Capabilities282.1.4 DeviceGroup282.1.5 Port Identifier292.1.6 BaseError302.2 Methods322.2.1 Common Request & Response322.2.1.1 Pagination322.2.2 Method login332.2.2.1 Request342.2.2.2 Response362.2.3 Method logout382.2.3.1 Request382.2.3.2 Response392.2.4 Method: ping402.2.4.1 Request402.2.4.2 Response413 CSM Configuration Service API433.1 Object Model433.1.1 Base Policy433.1.2 BasePolicyObject463.1.3 Policy Utility Classes483.1.4 PolicyObject Derived Classes503.1.4.1 NetworkPolicyObject503.1.4.2 IdentityUserGroupPolicyObject513.1.4.3 PortListPolicyObject533.1.4.4 ServicePolicyObject543.1.4.5 InterfaceRolePolicyObject563.1.4.6 TimeRangePolicyObject573.1.4.7 SLA Monitor Policy Object593.1.4.8 Standard ACE Policy Object593.1.4.9 Extended ACE Policy Object60Figure 35: ExtendedACEPolicyObject XML Schema613.1.4.10 ACL Policy Object623.1.4.11 SecurityGroupPolicyObject623.1.5 Policy Derived Classes643.1.5.1 DeviceAccessRuleFirewallPolicy643.1.5.1.1 Policy Config Device Response Example673.1.5.2 DeviceAccessRuleUnifiedFirewallPolicy703.1.5.3 FirewallACLSettingsPolicy703.1.5.4 DeviceStaticRoutingFirewallPolicy723.1.5.5 DeviceStaticRoutingRouterPolicy743.1.5.6 DeviceBGPRouterPolicy763.1.5.7 InterfaceNATRouterPolicy783.1.5.8 InterfaceNATStaticRulesRouterPolicy783.1.5.9 InterfaceNATDynamicRulesRouterPolicy813.1.5.10 DeviceNATTimeoutsRouterPolicy833.1.5.11 InterfaceNATAddressPoolFirewallPolicy853.1.5.12 DeviceNATTransOptionsFirewallPolicy863.1.5.13 InterfaceNATTransExemptionsFirewallPolicy873.1.5.14 InterfaceNATDynamicRulesFirewallPolicy893.1.5.15 InterfaceNATPolicyDynamicRulesFirewallPolicy913.1.5.16 InterfaceNATStaticRulesFirewallPolicy943.1.5.17 InterfaceNATManualFirewallPolicy973.1.5.18 InterfaceNAT64ManualFirewallPolicy1023.1.5.19 InterfaceNATObjectFirewallPolicy1033.1.5.20 InterfaceNAT64ObjectFirewallPolicy1063.2 Methods1063.2.1 Method GetServiceInfo1083.2.1.1 Request1083.2.1.2 Response1093.2.2 Method GetGroupList1103.2.2.1 Request1103.2.2.2 Response1113.2.3 Method GetDeviceListByCapability1143.2.3.1 Request1143.2.3.2 Response1153.2.4 Method GetDeviceListByGroup1173.2.4.1 Request1173.2.4.2 Response1183.2.5 Method GetDeviceConfigByGID1193.2.5.1 Request1193.2.5.2 Response1203.2.6 Method GetDeviceConfigByName1223.2.6.1 Request1223.2.6.2 Response1233.2.7 Method GetPolicyListByDeviceGID1253.2.7.1 Request1253.2.7.2 Response1273.2.8 Method GetPolicyConfigByName1283.2.8.1 Request1283.2.8.2 Response1303.2.9 Method GetPolicyConfigByDeviceGID1333.2.9.1 Request1333.2.9.2 Response1343.2.10 Method GetSharedPolicyNamesByType1343.2.10.1 REST Request:1343.2.10.2 Response Object:1353.2.11 Method CreateCSMSession1373.2.11.1 Request1373.2.11.2 Response1383.2.12 Method ValidateCSMSession1393.2.12.1 Request1393.2.12.2 Response1403.2.13 Method SubmitCSMSession1423.2.13.1 Request1433.2.13.2 Response1433.2.14 Method DiscardCSMSession1433.2.14.1 Request1443.2.14.2 Response1443.2.15 Method ApproveCSMSession1453.2.15.1 Request1453.2.15.2 Response1463.2.16 Method OpenCSMSession1473.2.16.1 Request1473.2.16.2 Response1483.2.17 Method CloseCSMSession1483.2.17.1 Request1483.2.17.2 Response1493.2.18 Method AddPolicyObject1493.2.18.1 Request1493.2.18.2 Response1513.2.19 Method ModifyPolicyObject1523.2.19.1 Request1533.2.19.2 Response1543.2.20 Method DeletePolicyObject1543.2.20.1 Request1543.2.20.2 Response1553.2.21 Method GetPolicyObject1563.2.21.1 Request1563.2.21.2 Response1563.2.22 Method GetPolicyObjectByGID1593.2.22.1 Request1593.2.22.2 Response1603.2.23 Method GetListofDeployableDevices1603.2.23.1 Request1603.2.23.2 Response1613.2.24 Method DeployConfigByGID1633.2.24.1 Request1633.2.24.2 Response1663.2.25 Method GetDeployJobStatus1683.2.25.1 Request1683.2.25.2 Response1693.2.26 Method AddPolicyConfigByGID1703.2.26.1 Request1713.2.26.2 Response1723.2.27 Method AddPolicyConfigByName1743.2.27.1 Request1743.2.27.2 Response1753.2.28 Method ModifyPolicyConfigByGID1753.2.28.1 Request1763.2.28.2 Response1763.2.29 Method ModifyPolicyConfigByName1773.2.29.1 Request1773.2.29.2 Response1783.2.30 Method DeletePolicyConfigByGID1783.2.30.1 Request1783.2.30.2 Response1793.2.31 Method DeletePolicyConfigByName1793.2.31.1 Request1793.2.31.2 Response1803.2.32 Method ReorderPolicyConfigByGID1803.2.32.1 Request1803.2.32.2 Response1823.2.33 Method ReorderPolicyConfigByName1823.2.33.1 Request1823.2.33.2 Response1823.3 Policy-Specific Handling1823.3.1 DeviceAccessRuleFirewallPolicy1833.3.2 FirewallACLSettingsPolicy1834 CSM Events Service API1844.1 Methods1844.1.1 Method GetServiceInfo1844.1.2 Method EventSubcription1844.1.2.1 Request1844.1.2.2 Response1874.1.2.3 Syslog XML Event Notifications1904.1.2.4 Syslog PlainText Event Notifications1955 CSM Utility Service API1965.1 Object Model1965.2 Methods1965.2.1 Method GetServiceInfo1975.2.2 Method execDeviceReadOnlyCLICmds1985.2.2.1 Request1985.2.2.2 Response2006 Error Code and Description2037 API Scaling2098 CSM Client Protocol State Machine2108.1.1 Overview2108.1.2 Using the configuration and event service2128.1.3 Using CSMSession and Write APIs2139 Sample API Client Programs2169.1 CSM API pre-configuration checks2179.2 Login and ping test2209.3 Fetch CLI configuration of a firewall2239.4 Executing show access-list on a firewall device2279.5 Fetch CSM defined firewall policy2309.6 List shared policies assigned to all devices2349.7 List content of a given shared policy2399.8 Subscribing to change notifications – Deployment, OOB24310 Troubleshooting (Common Scenarios)24811 XML Schema24911.1 Common XSD24911.2 Config XSD25411.3 Event XSD28711.4 Utility XSD289Размер: 5,1 МБСтраницы: 290Язык: EnglishПросмотреть