Guest

Cisco Security Manager

Cisco Security Manager 3.2

  • Viewing Options

  • PDF (77.6 KB)
  • Feedback

Cisco® Security Manager is an enterprise-class management application designed to configure firewall, VPN, and intrusion prevention system (IPS) security services on Cisco network and security devices. Cisco Security Manager can be used in networks of all sizes-from small networks to large networks consisting of thousands of devices-by using policy-based management techniques. Cisco Security Manager works in conjunction with the Cisco Security Monitoring, Analysis, and Response System (MARS). Used together, these two products provide a comprehensive security management solution that addresses configuration management, security monitoring, analysis, and mitigation.

New Features Introduced in Release 3.2

• Enhanced Cisco Security Manager and MARS integration

– Ability to select syslog messages collected by Cisco Security MARS and launch to that specific rule in the Cisco Security Manager that generated the syslog

– Ability to select a rule in Cisco Security Manager and view historic or real-time syslog messages in Cisco Security MARS

– Ability to select an IPS signature in Cisco Security Manager and view historical or real-time events processed by Cisco Security MARS

– Ability to view IPS events in Cisco Security MARS and launch to that specific IPS signature in Cisco Security Manager

• Support for Cisco Firewall Services Module (FWSM) 3.2(2) and 3.2(3)

• Support for Cisco ASA Software Versions 7.2.2, 7.2.3, and 7.2.4

• Cisco ASA Software Versions 8.0/8.1 support: Firewall, firewall settings, and platform support for all features that are backward-compatible with Cisco ASA Software Version 7.2.2

• Support for NetFlow logging

• Support for Cisco ASA 5580-20 and 5580-40 appliances

• Support for Cisco 3200 Series, 2600XM Series, and 1861 routers

• Support for configuration of router access control lists (ACLs) [[what is the "R" in RACL?]], interfaces, VLANs, port security, and FlexConfigs on Cisco Catalyst 3550 Series, 3560 Series, 3560E Series, 3750 Series, 3750E Series, 3750 Metro Series, 4500 Series, 4948, and 4948 10GE switches

• Support for Cisco IPS 4270 Sensor Appliance

• Support for Cisco IOS Software Release 12.2(33) SRA and SRB on the Cisco 7600 Series platform

• Support for the Cisco Intrusion Prevention System Advanced Integration Module (IPS AIM) for Cisco 1841, 2800 Series, and 3800 Series Integrated Services Routers

• Expiring ACL rule notification

• Windows Vista support for Cisco Security Manager client

• Support for Internet Explorer 6.x and 7.x and Firefox 2.x

For a summary of Cisco Security Manager features and benefits, refer to the Cisco Security Manager data sheet at http://www.cisco.com/go/csmanager.

Licensing

There are three base versions of Cisco Security Manager Enterprise Edition: Standard-5, Standard-25, and Professional-50. The versions provide management for 5, 25, and 50 devices, respectively.
The Professional version supports incremental device license packages available in increments of 50, 100, 500, and 1000 devices. The Professional version also includes support for the management of Cisco Catalyst ® 6500 Series switches and associated services modules; the Standard versions do not include this support.

Note: The management software consumes a device license for:

• Each added physical device

• Each added Cisco Catalyst 6500 Series services module

• Each security context

• Each virtual sensor

Advanced Inspection and Prevention Security Services Modules (AIP-SSMs), IDS Network Modules, and IPS Advanced Integration Modules (IPS AIM) installed in the host device do not consume a license; however, additional virtual sensors (added after the first sensor) are counted.

In the case of a Firewall Services Module (FWSM), the module itself consumes a license and then an additional license for each added security context. For example, an FSWM with two security contexts would consume three licenses: one for the module, one for the admin context, and one for the second security context. If the Cisco Catalyst chassis itself is added to Cisco Security Manager, it too will consume a license.

The license allows the use of the software on a single server. A standby Cisco Security Manager server does not require a separate license if only one server is active at any one time.
Cisco Security Manager also includes a separate license file for CiscoWorks Resource Manager Essentials and Performance Monitor. You are entitled to use these applications for the same number of devices you have purchased for Cisco Security Manager.
Table 1 lists Cisco Security Manager part numbers.

Table 1. Cisco Security Manager Part Numbers

Product Part Number

Product Description

Software Application Support (SAS) Service (to receive technical support and future minor software updates)

CSMST5-3.2-K9

Cisco Security Manager 3.2 Enterprise Edition Standard-5 Media Kit: 5-device limit

CON-SAS-CSM32M5

CSMST25-3.2-K9

Cisco Security Manager 3.2 Enterprise Edition Standard-25 Media Kit: 25-device limit

CON-SAS-CSM32SM

CSMPR50-3.2-K9

Cisco Security Manager 3.2 Enterprise Edition Professional-50 Media Kit: 50-device base license

CON-SAS-CSM32P50

CSMPR-LIC-50

Cisco Security Manager Enterprise Edition Professional: Incremental 50-device license

CON-SAS-CSMPRI50

CSMPR-LIC-100

Cisco Security Manager Enterprise Edition Professional: Incremental 100-device license

CON-SAS-CSMPRI1C

CSMPR-LIC-500

Cisco Security Manager Enterprise Edition Professional: Incremental 500-device license

CON-SAS-CSMPRI5C

CSMPR-LIC-1000

Cisco Security Manager Enterprise Edition Professional: Incremental 1000-device license

CON-SAS-CSMPRI1K

CSMST-PR-U-3.2-K9*

Cisco Security Manager Enterprise Edition Upgrade from Standard-25 to Professional-50

CON-SAS-CSMPRU32

CSMST5-3.2-MR-K9**

Cisco Security Manager 3.2 Enterprise Edition Standard-5 Minor Upgrade Media Kit

CON-SAS-CSM32MU5

CSMST25-3.2-MR-K9**

Cisco Security Manager 3.2 Enterprise Edition Standard-25 Minor Upgrade Media Kit

CON-SAS-CSM32MR

CSMPR50-3.2-MR-K9**

Cisco Security Manager 3.2 Enterprise Edition Professional - 50 Minor Upgrade Media Kit

CON-SAS-CSM32MRK

* There is no upgrade part number provided to go from Cisco Security Manager Standard-5. However, you can combine an existing Standard-5 license with a new Standard-25 or Professional-50 license on the same server. The result is Standard-30 or Professional-55, respectively.
** The minor release upgrade kits do not include a Cisco Security Manager license and require the use of your previously obtained Cisco Security Manager 3.0 or 3.1 license.

Upgrade Options

Table 2 provides information on the upgrade paths available to customers currently using Cisco Security Manager 3.0.x or 3.1.x.

Table 2. Cisco Security Manager 3.0.x and 3.1.x Upgrade Options

User's Current Release

Security Manager Service Contract

What to Order for Cisco Security Manager 3.2

Cisco Security Manager 3.0.x or 3.1.x

Yes

Customers can request minor release upgrade kits at no charge from the Cisco Product Upgrade Tool at http://www.cisco.com/upgrade.

Requires a Cisco Security Manager 3.0 or 3.1 Software Application Support (SAS) service contract.

Cisco Security Manager 3.0.x or 3.1.x

No

Customers can order minor release upgrade kits using normal Cisco sales channels. See Table 1 for the minor release upgrade part numbers. The minor release upgrade kits do not include a Cisco Security Manager license and require the use of your previously obtained Cisco Security Manager 3.0 or 3.1 license.

Service Options

Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business.

Cisco Services

Cisco takes a lifecycle approach to services, and with its partners, provides a broad portfolio of security services so enterprises can design, implement, operate, and optimize network platforms that defend critical business processes against attack and disruption, protect privacy, and support policy and regulatory compliance controls.
Cisco services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, visit http://www.cisco.com/en/US/products/svcs/ps2961/ps2952/serv_group_home.html.

The Cisco Security Center provides a central location for early warning threat intelligence threat and vulnerability analysis, Cisco IPS signatures and mitigation techniques. Visit and bookmark the Cisco Security Center at www.cisco.com/security.

Cisco Security Intellishield Alert Manager Service provides a customizable, Web-based threat and vulnerability alert service that allows organizations to easily access timely, accurate, and credible information about potential vulnerabilities in their environment.

Cisco Software Application Support Services [SAS] keeps Cisco Security Manager up and running with around-the-clock access to technical support, and software updates.

Cisco Security Optimization Service helps organizations maintain peak network health. The network infrastructure is the foundation of the agile and adaptive business. The Cisco Security Optimization Service supports the continuously evolving security system to meet ever-changing security threats through a combination of planning and assessments, design, performance tuning, and ongoing support for system changes.

Cisco Security Manager software is eligible for technical support service coverage under a Cisco SAS service agreement, which features:

• Unlimited access to the Cisco Technical Assistance Center for award-winning support. Technical assistance is provided by Cisco software application experts who are trained in Cisco security software applications. Support is available 24 hours per day, 7 days per week, 365 days per year worldwide.

• Registered access to Cisco.com, a robust repository of application tools and technical documents to assist in diagnosing network security problems, understanding new technologies, and staying current with innovative software enhancements. Utilities, white papers, application design data sheets, configuration documents, and case management tools help expand your in-house technical capabilities.

• Access to application software bug fixes and maintenance and minor software releases.

Customers requiring Cisco technical support and minor updates to Cisco Security Manager will need to purchase a Cisco SAS service contract. Table 1 lists the SAS part numbers.

Availability

Customers can purchase Cisco Security Manager 3.2 through regular sales channels. The product is also available for evaluation by downloading from http://www.cisco.com/go/csmanager or by ordering an evaluation kit from the Collateral and Subscriptions Store at Cisco Marketplace at http://www.cisco.com/pcgi-bin/marketplace/welcome.pl.

For More Information

For more information about Cisco Security Manager 3.2, visit http://www.cisco.com/go/csmanager, contact your account manager or a Cisco Authorized Technology Provider, or send e-mail to ask-csmanager@cisco.com. More information on Cisco Security MARS can be found at http://www.cisco.com/go/mars.