Guest

Cisco PIX Device Manager

Cisco PIX Device Manager Version 4.1

  • Viewing Options

  • PDF (316.9 KB)
  • Feedback
DATA SHEET

Cisco PIX® Device Manager delivers enterprise-class security management and monitoring services across network environments of all sizes with an intuitive, easy-to-use Web-based management interface. Bundled with Cisco Firewall Services Module and PIX Security Appliances, Cisco PIX Device Manager accelerates security deployment using intelligent wizards, rich administration tools, and versatile monitoring services that complement the advanced security features offered by Cisco Firewall Services Module (FWSM) Software 2.2 and 2.3. Its secure, Web-based design enables anytime, anywhere access to Cisco FWSM located in any part of a network. Release 4.1 supersedes 4.0 for Cisco FWSM. For PIX security appliances based on software 6.3, please continue to use PDM release 3.0.

STARTUP WIZARD SIMPLIFIES AND ACCELERATES CISCO FIREWALL SERVICES MODULE DEPLOYMENT

Cisco PIX Device Manager features a Startup Wizard that helps accelerate the security module deployment process by providing simple, step-by-step configuration panels that help users, novice or advanced, create robust configurations that allow traffic to flow securely through their networks.

PDM 4.1 FEATURES

Homepage Gives At-A-Glance View Into System Status

Cisco PIX Device Manager Version 4.1 introduces support for additional features for easy access to the FWSM configuration and monitoring services, while providing real-time system status information. This provides live traffic profiling and device monitoring screens that provide instant access to vital system information and network statistics (Figure 1).

Figure 1. Cisco PIX Device Manager Version 4.1

ROBUST MANAGEMENT SERVICES LOWER TOTAL COST OF OWNERSHIP

Cisco PIX Device Manager features a powerful set of management services that simplify security policy definition and ongoing policy maintenance by giving security operators the ability to create reusable network and service object groups, which can be referenced by multiple security policies. It also supports the rich access control features offered by Cisco FWSM Software such as Syslog by ACL. These access control features, coupled with easy-to-use ongoing policy management services, help ensure a lower total cost of ownership for businesses of all sizes.

ENTERPRISE-CLASS SECURITY SERVICES PROVIDE SECURED ROLE-BASED ADMINISTRATIVE ACCESS

Cisco PIX Device Manager provides an array of robust security services to prevent unauthorized administrative access to FWSM. It supports FWSM 2.3 features like ACL override feature. User traffic is permitted if it is permitted by the per-user access-list regardless of the permit status of interface access-list.
It supports a wide range of methods for authenticating administrators to a local authentication database on a Cisco FWSM or via a RADIUS/TACACS+ server. All communications between Cisco PIX Device Manager (running on an administrator's computer) and FWSM are encrypted using Secure Sockets Layer (SSL) with either 56-bit or the more secure 128-bit SSL encryption. Cisco PIX Device Manager also supports up to sixteen levels of customizable administrative access, granting administrators and operations personnel the appropriate permission levels for every Cisco FWSM they manage.

INTELLIGENT INTERFACE SIMPLIFIES INTEGRATION INTO COMPLEX NETWORK ENVIRONMENTS

Cisco PIX Device Manager provides easy access to managing the rich network integration features found in Cisco FWSM devices. It gives administrators complete control over Open Shortest Path First (OSPF) dynamic routing (Figure 2) and IEEE 802.1q-based VLAN interfaces (Figure 3). For novice users, it provides intelligent defaults and detailed online help to simplify network services configuration. Advanced users can take full advantage of the depth of feature support to integrate Cisco FWSM module into complex routing and switching environments.

Figure 2. OSPF Configuration

Figure 3. VLAN Configuration

RESOURCE MANAGEMENT

This feature allows you to manage the resources for ACLs. These are referred to as the ACL memory pool or ACL tree instances which are used when compiling ACLs. This allows the administrator to be able to assign contexts to ACL memory pools. This feature is available in Multi-Mode.

Figure 4. Resource Manager for ACL Memory Pool in Cisco PDM

COMPREHENSIVE MONITORING AND REPORTING TOOLS PROVIDE BUSINESS-CRITICAL ANALYSIS

Monitoring Tools

Cisco PIX Device Manager Version 4.1 offers in-depth monitoring and reporting services in addition to the at-a-glance monitoring capabilities on the new homepage. Versatile analysis tools create graphical summary reports that show real-time usage, security events, and network activity. Data from each graphical report can be displayed in customizable increments, where a user can choose a 10-second snapshot or analysis over an extended time line. The ability to simultaneously view multiple graphs allows users to perform detailed evaluations in parallel. Graphs can be conveniently bookmarked and data can be exported for future access.

Figure 5. Advanced Monitoring Options with Customizable Graphs

SYSTEM graphs-Provide detailed status information on the Cisco FWSM , including blocks used and free, current memory utilization, and CPU utilization.
Connection graphs-Track real-time session and performance monitoring data for connections; address translations; authentication, authorization, and accounting (AAA) transactions; URL filtering requests; and more, on a per-second basis. Connection graphs allow users to stay fully informed of their network connections and activities, without being overwhelmed.
Interface graphs-Provide real-time monitoring of bandwidth usage for each interface on the Cisco FWSM. Bandwidth usage is displayed for incoming and outgoing communications. Users can view packet rates, counts, and errors, as well as bit, byte, and collision counts.
Table 1 provides a summary of the features and benefits new to Cisco PIX Device Manager Version 4.1.

Table 1. New Features Summary

Product Features

Description

HTTPS Authentication Proxy

Provides a secured method of exchanging username and password between an HTTP client and FWSM by using HTTPS. HTTPS encrypts all the data, in this case username and password, and hence make the password secure

ACL Per User Override

User traffic is permitted if it is permitted by the per-user access-list regardless of the permit status of interface access-list

Resource Manager for ACL Memory Pool

ACL optimization for efficiency purposes. Give the administrator the ability to decide how many ACL memory pools to create instead of it being hard coded to 12

PDM Sessions Resource Limit

• It is a new limit entry that can be configured as part of a resource class for managing contexts. This new feature will enable users to set the number of PDM sessions for each context

• Increase http connection limit to support 32 simultaneous PDMs

• Enable resource management for PDM sessions

Same Security Intra Interface

Permits communication between two hosts connected to the same interface

Syslog Enhancements

Allows you to optionally deny any connections when the syslog queue is full and specify the amount of memory that can be allocated for the syslog messages per context

TFTP Fixup

Inspects the TFTP protocol and dynamically creates connection and xlate if necessary to permit file transfer between a TFTP client and server

LICENSING

• Cisco PIX Device Manager Version 4.1 is included with Cisco FWSM Software Version 2.2 and higher.

• Cisco PIX Device Manager Version 2.1 is included with Cisco FWSM Software Version 1.1 and higher.

User System Requirements

• RAM: 256 MB

• Display resolution: 1024 x 768 pixels

• Display colors: 256 (16-bit high color recommended)

Software

Table 2 lists the operating systems and browsers needed for Cisco PIX Device Manager Version 4.1.

Table 2. Cisco PIX Device Manager Version 4.1 Operating Systems and Browsers

Operating Systems

Browser and JVM

• Windows 2000 (Service Pack 4) (English or Japanese version)

• Windows XP (English or Japanese version)

• Microsoft Internet Explorer 6.0 with JVM (VM 3809 or higher) or Java Plug-in v1.4.2 or 1.5.0

• Netscape Communicator 7.1 or 7.2 with Java Plug-in 1.4.2 or 15.0

Sun Solaris 2.8 or 2.9
Mozilla 1.7.3 with Java Plug-in 1.4.2
Red Hat Linux 9 or Red Hat Enterprise Linux WS, version 3
Mozilla 1.7.3 with Java Plug-in 1.4.2

Network Connection

Connection speed: 56 kbps (384 kbps recommended)

ADDITIONAL INFORMATION

For more information, please visit the following links.

• Cisco FWSM: http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/index.html

• Cisco PIX Security Appliance Series: http://www.cisco.com/go/pix

• Cisco PIX Device Manager: http://www.cisco.com/go/pdm

• SAFE Blueprint from Cisco: http://www.cisco.com/go/safe

Text Box:  Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-4000	800 553-NETS (6387)Fax:	408 526-4100	European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel:	31 0 20 357 1000Fax:	31 0 20 357 1100	Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-7660Fax:	408 527-0883	Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital TowerSingapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed onthe Cisco Website at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa Rica · Croatia · Cyprus Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SAR · Hungary · India · Indonesia · Ireland · Israel Italy · Japan · Korea · Luxembourg · Malaysia · Mexico · The Netherlands · New Zealand · Norway · Peru · Philippines · Poland · Portugal Puerto Rico · Romania · Russia · Saudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden · Switzerland · Taiwan Thailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · ZimbabweCopyright  2005 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R) 	205226.BM_ETMG_KL_6.05Printed in the USA Text Box:  Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-4000	800 553-NETS (6387)Fax:	408 526-4100	European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel:	31 0 20 357 1000Fax:	31 0 20 357 1100	Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-7660Fax:	408 527-0883	Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital TowerSingapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed onthe Cisco Website at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa Rica · Croatia · Cyprus Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SAR · Hungary · India · Indonesia · Ireland · Israel Italy · Japan · Korea · Luxembourg · Malaysia · Mexico · The Netherlands · New Zealand · Norway · Peru · Philippines · Poland · Portugal Puerto Rico · Romania · Russia · Saudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden · Switzerland · Taiwan Thailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · ZimbabweCopyright  2005 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R) 	205226.BM_ETMG_KL_6.05Printed in the USA