Cisco PIX® Device Manager delivers enterprise-class security management and monitoring services across network environments of all sizes with an intuitive, easy-to-use Web-based management interface. Bundled with Cisco Firewall Services Module and PIX Security Appliances, Cisco PIX Device Manager accelerates security deployment using intelligent wizards, rich administration tools, and versatile monitoring services that complement the advanced security features offered by Cisco Firewall Services Module (FWSM) Software 2.2 and 2.3. Its secure, Web-based design enables anytime, anywhere access to Cisco FWSM located in any part of a network. Release 4.1 supersedes 4.0 for Cisco FWSM. For PIX security appliances based on software 6.3, please continue to use PDM release 3.0.
STARTUP WIZARD SIMPLIFIES AND ACCELERATES CISCO FIREWALL SERVICES MODULE DEPLOYMENT
Cisco PIX Device Manager features a Startup Wizard that helps accelerate the security module deployment process by providing simple, step-by-step configuration panels that help users, novice or advanced, create robust configurations that allow traffic to flow securely through their networks.
PDM 4.1 FEATURES
Homepage Gives At-A-Glance View Into System Status
Cisco PIX Device Manager Version 4.1 introduces support for additional features for easy access to the FWSM configuration and monitoring services, while providing real-time system status information. This provides live traffic profiling and device monitoring screens that provide instant access to vital system information and network statistics (Figure 1).
Figure 1. Cisco PIX Device Manager Version 4.1
ROBUST MANAGEMENT SERVICES LOWER TOTAL COST OF OWNERSHIP
Cisco PIX Device Manager features a powerful set of management services that simplify security policy definition and ongoing policy maintenance by giving security operators the ability to create reusable network and service object groups, which can be referenced by multiple security policies. It also supports the rich access control features offered by Cisco FWSM Software such as Syslog by ACL. These access control features, coupled with easy-to-use ongoing policy management services, help ensure a lower total cost of ownership for businesses of all sizes.
ENTERPRISE-CLASS SECURITY SERVICES PROVIDE SECURED ROLE-BASED ADMINISTRATIVE ACCESS
Cisco PIX Device Manager provides an array of robust security services to prevent unauthorized administrative access to FWSM. It supports FWSM 2.3 features like ACL override feature. User traffic is permitted if it is permitted by the per-user access-list regardless of the permit status of interface access-list.
It supports a wide range of methods for authenticating administrators to a local authentication database on a Cisco FWSM or via a RADIUS/TACACS+ server. All communications between Cisco PIX Device Manager (running on an administrator's computer) and FWSM are encrypted using Secure Sockets Layer (SSL) with either 56-bit or the more secure 128-bit SSL encryption. Cisco PIX Device Manager also supports up to sixteen levels of customizable administrative access, granting administrators and operations personnel the appropriate permission levels for every Cisco FWSM they manage.
INTELLIGENT INTERFACE SIMPLIFIES INTEGRATION INTO COMPLEX NETWORK ENVIRONMENTS
Cisco PIX Device Manager provides easy access to managing the rich network integration features found in Cisco FWSM devices. It gives administrators complete control over Open Shortest Path First (OSPF) dynamic routing (Figure 2) and IEEE 802.1q-based VLAN interfaces (Figure 3). For novice users, it provides intelligent defaults and detailed online help to simplify network services configuration. Advanced users can take full advantage of the depth of feature support to integrate Cisco FWSM module into complex routing and switching environments.
Figure 2. OSPF Configuration
Figure 3. VLAN Configuration
This feature allows you to manage the resources for ACLs. These are referred to as the ACL memory pool or ACL tree instances which are used when compiling ACLs. This allows the administrator to be able to assign contexts to ACL memory pools. This feature is available in Multi-Mode.
Figure 4. Resource Manager for ACL Memory Pool in Cisco PDM
COMPREHENSIVE MONITORING AND REPORTING TOOLS PROVIDE BUSINESS-CRITICAL ANALYSIS
Cisco PIX Device Manager Version 4.1 offers in-depth monitoring and reporting services in addition to the at-a-glance monitoring capabilities on the new homepage. Versatile analysis tools create graphical summary reports that show real-time usage, security events, and network activity. Data from each graphical report can be displayed in customizable increments, where a user can choose a 10-second snapshot or analysis over an extended time line. The ability to simultaneously view multiple graphs allows users to perform detailed evaluations in parallel. Graphs can be conveniently bookmarked and data can be exported for future access.
Figure 5. Advanced Monitoring Options with Customizable Graphs
SYSTEM graphs-Provide detailed status information on the Cisco FWSM , including blocks used and free, current memory utilization, and CPU utilization.
Connection graphs-Track real-time session and performance monitoring data for connections; address translations; authentication, authorization, and accounting (AAA) transactions; URL filtering requests; and more, on a per-second basis. Connection graphs allow users to stay fully informed of their network connections and activities, without being overwhelmed.
Interface graphs-Provide real-time monitoring of bandwidth usage for each interface on the Cisco FWSM. Bandwidth usage is displayed for incoming and outgoing communications. Users can view packet rates, counts, and errors, as well as bit, byte, and collision counts.
Table 1 provides a summary of the features and benefits new to Cisco PIX Device Manager Version 4.1.
Table 1. New Features Summary
HTTPS Authentication Proxy
Provides a secured method of exchanging username and password between an HTTP client and FWSM by using HTTPS. HTTPS encrypts all the data, in this case username and password, and hence make the password secure
ACL Per User Override
User traffic is permitted if it is permitted by the per-user access-list regardless of the permit status of interface access-list
Resource Manager for ACLMemory Pool
ACL optimization for efficiency purposes. Give the administrator the ability to decide how many ACL memory pools to create instead of it being hard coded to 12
PDM Sessions Resource Limit
• It is a new limit entry that can be configured as part of a resource class for managing contexts. This new feature will enable users to set the number of PDM sessions for each context
• Increase http connection limit to support 32 simultaneous PDMs
• Enable resource management for PDM sessions
Same Security Intra Interface
Permits communication between two hosts connected to the same interface
Allows you to optionally deny any connections when the syslog queue is full and specify the amount of memory that can be allocated for the syslog messages per context
Inspects the TFTP protocol and dynamically creates connection and xlate if necessary to permit file transfer between a TFTP client and server
• Cisco PIX Device Manager Version 4.1 is included with Cisco FWSM Software Version 2.2 and higher.
• Cisco PIX Device Manager Version 2.1 is included with Cisco FWSM Software Version 1.1 and higher.
User System Requirements
• RAM: 256 MB
• Display resolution: 1024 x 768 pixels
• Display colors: 256 (16-bit high color recommended)
Table 2 lists the operating systems and browsers needed for Cisco PIX Device Manager Version 4.1.
Table 2. Cisco PIX Device Manager Version 4.1 Operating Systems and Browsers
Browser and JVM
• Windows 2000 (Service Pack 4) (English or Japanese version)
• Windows XP (English or Japanese version)
• Microsoft Internet Explorer 6.0 with JVM (VM 3809 or higher) or Java Plug-in v1.4.2 or 1.5.0
• Netscape Communicator 7.1 or 7.2 with Java Plug-in 1.4.2 or 15.0
Sun Solaris 2.8 or 2.9
Mozilla 1.7.3 with Java Plug-in 1.4.2
Red Hat Linux 9 or Red Hat Enterprise Linux WS, version 3
Mozilla 1.7.3 with Java Plug-in 1.4.2
Connection speed: 56 kbps (384 kbps recommended)
For more information, please visit the following links.