Cisco Security Manager

Cisco Security Manager 3.2

  • Viewing Options

  • PDF (79.0 KB)
  • Feedback
Q. What is Cisco ® Security Manager?
A. Cisco Security Manager is an enterprise-class management application designed to configure security services on Cisco network/security devices. The product focuses on three security services: firewall, VPN, and IPS. Cisco Security Manager allows you to efficiently manage networks of all sizes-from small networks to large networks consisting of thousands of devices-by using policy-based management techniques. Cisco Security Manager works in conjunction with the Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS). Used together, these two products provide a comprehensive security management solution covering configuration management, security monitoring, analysis, and mitigation.
Q. Who should deploy Cisco Security Manager?
A. Cisco Security Manager is designed to meet the security configuration management needs of small to large enterprise environments using Cisco network/security devices. Cisco Security Manager is not geared specifically for service provider environments.
Q. What are the benefits of deploying Cisco Security Manager 3.2?
A. The Cisco Security Manager 3.2 data sheet provides a detailed listing of benefits you can expect to obtain by deploying Cisco Security Manager 3.2. The data sheet is available here
Q. What's new in Cisco Security Manager 3.2?
A. The Cisco Security Manager 3.2 release notes provide a summary of the new features. The release notes are available here
Q. What are the added benefits of using Cisco Security Manager and Cisco Security MARS together?
A. While each product has its own benefits, you can obtain additional benefits when using them together. From within Cisco Security Manager, you can request from Cisco Security MARS a list of the matching events for a given firewall rule or IPS signature. From within Cisco Security MARS, looking at a particular firewall- or IPS-related event, you can request the corresponding firewall rule or IPS signature from Cisco Security Manager. If you need to modify the rule or signature, a cross-launch to the Cisco Security Manager client focused on the specific rule or signature is available.
Q. What other Cisco applications work with Cisco Security Manager?
A. Cisco Security Manager can work with Cisco Secure Access Control Server (ACS) to provide fine-grained role-based access control (RBAC) for Cisco Security Manager users. You can precisely customize the permitted operations and set of devices available to a given user. Also, Cisco Security Manager can use the Cisco Configuration Engine as a deployment mechanism for Cisco IOS ® Software-based routers. The Cisco Configuration Engine allows deploying configuration changes to large numbers of routers using dynamically assigned addresses such as in a small office or teleworker environment.
Q. What devices and software versions are supported in Cisco Security Manager 3.2?
A. The "Supported Devices and Software Versions for Cisco Security Manager 3.2" document provides a detailed list of supported devices and software versions. This document is available here
Q. What are the orderable part numbers for Cisco Security Manager 3.2? How do I obtain an upgrade to Cisco Security Manager 3.2?
A. The Cisco Security Manager 3.2 product bulletin lists the orderable part numbers and upgrade information. The product bulletin is available here
Q. How is Cisco Security Manager 3.2 structured and licensed?
A. The Cisco Security Manager 3.2 product bulletin provides an extensive description of Cisco Security Manager product structuring, licensing, and ordering information. The product bulletin is available here
Q. What's included with Cisco Security Manager 3.2?
A. Cisco Security Manager 3.2 includes the following applications:

• Cisco Security Manager 3.2 for managing Cisco firewall, VPN, and IPS technologies

• Cisco Auto Update Server 3.2 for pull-based software and configuration deployments

• Cisco Performance Monitor 3.2 for health and performance monitoring of Cisco network devices1

• CiscoWorks Resource Manager Essentials (RME) 4.1 for performing detailed inventory management, software image management, and change audits

• CiscoWorks Common Services 3.1, which provides basic services such as user authentication and authorization, database, and backup/restore for all Cisco Security Manager applications

• A standalone Cisco Security Agent 5.2 to protect the Cisco Security Manager server.

Q. Does Cisco Security Manager manage Cisco Security Agents?
A. No. Cisco Security Agent is managed by the Management Center for Cisco Security Agents, which is a separate application.
Q. What server and client platforms are required to run Cisco Security Manager?
A. The Cisco Security Manager 3.2 installation guide documents the server and client platform requirements. The deployment guide provides additional information on recommended server and client hardware sizing based on the number and type of managed devices. These documents are available here
Q. Does Cisco Security Manager require a dedicated server?
A. Yes. Cisco Security Manager requires a dedicated server and does not support any network management applications that are not included with Cisco Security Manager. Refer to the deployment guide for specific recommendations on deploying Cisco Security Manager. The deployment guide is available here
Q. Does Cisco Security Manager support high-availability deployment options?
A. Cisco Security Manager 3.1 and later support high-availability and disaster recovery deployment configurations by using Symantec Veritas software solutions. A variety of configurations can be tailored to meet desired availability and recovery objectives, as well as budget constraints. Cisco includes a detailed high-availability and disaster recovery installation guide for Cisco Security Manager and agent software for Veritas Cluster Server at no extra charge. Customers are responsible for obtaining the necessary Symantec Veritas software.
Q. Do I have to buy additional copies of Cisco Security Manager for a high-availability deployment?
A. In a high-availability or disaster recovery deployment, Cisco Security Manager is only active on a single server at any given time. Therefore, a single purchased copy of Cisco Security Manager is sufficient.
Q. Is Cisco Security Manager 3.2 supported using VMware?
A. We plan to officially support Cisco Security Manager using VMware ESX Server 3.5 in an upcoming maintenance release of Cisco Security Manager 3.2.
Q. What support options are available for Cisco Security Manager?
A. Cisco Security Manager software is eligible for technical support service coverage under Cisco Software Application Support (SAS). For details on Cisco SAS coverage, please visit Cisco Software Application Support plus Upgrades (SASU) is not offered for Cisco Security Manager.
Q. What options are available to evaluate Cisco Security Manager?
A. Anyone with a valid account can download Cisco Security Manager and use the software for up to 90 days in evaluation mode. Go to and access the "Download Software" link. One limitation of the download is that it does not include CiscoWorks Resource Manager Essentials (RME).

For customers that wish to also evaluate CiscoWorks RME or that prefer a media format rather than a large download, an evaluation DVD can be ordered from Cisco Marketplace. Visit; navigate to the Collateral and Subscriptions Store and search for part number EVAL-CSMGR-3.2.

There is no separate evaluation license. The product operates automatically in evaluation mode in the absence of an installed permanent license file. Evaluation mode is equivalent to Cisco Security Manager Professional Edition with a 50-device limit, with the exception that the evaluation mode expires 90 days after installation.

If you decide to purchase Cisco Security Manager, you do not need to re-install it. Simply install the permanent license key once you receive it.

Q. I'm currently using CiscoWorks VPN/Security Management Solution (VMS). Are any upgrade incentives available?
A. Cisco Security Manager was first introduced in March 2006 with extensive upgrade programs in place for CiscoWorks VMS users. However, as of the release of Cisco Security Manager 3.2, these programs have been phased out.
Q. Where can I find a list of technical questions and answers concerning Cisco Security Manager?
A. Please refer to the document "FAQs and Troubleshooting Guide for Cisco Security Manager 3.x," available at
Q. What is the difference between Cisco Security Manager and CiscoWorks Network Compliance Manager (NCM)?
A. Cisco Security Manager and CiscoWorks NCM both support configuration management. However, Cisco Security Manager is highly optimized specifically for security management of Cisco devices, while CiscoWorks NCM provides general-purpose configuration management tools for Cisco and other vendor devices. Cisco Security Manager generally provides greater ease-of-use and operational savings when managing security features on Cisco devices. CiscoWorks NCM includes a full set of audit and compliance features, which is highly complementary to Cisco Security Manager. For more information about CiscoWorks NCM, visit
1Note: Cisco Performance Monitor 3.2 will be made available shortly after the release of Cisco Security Manager 3.2 as a download from