A. Cisco Security Manager is an enterprise-class management application designed to configure security services on Cisco network/security devices. The product focuses on three security services: firewall, VPN, and IPS. Cisco Security Manager allows you to efficiently manage networks of all sizes-from small networks to large networks consisting of thousands of devices-by using policy-based management techniques. Cisco Security Manager works in conjunction with the Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS). Used together, these two products provide a comprehensive security management solution covering configuration management, security monitoring, analysis, and mitigation.
Q. Who should deploy Cisco Security Manager?
A. Cisco Security Manager is designed to meet the security configuration management needs of small to large enterprise environments using Cisco network/security devices. Cisco Security Manager is not geared specifically for service provider environments.
Q. What are the benefits of deploying Cisco Security Manager 3.2?
Q. What are the added benefits of using Cisco Security Manager and Cisco Security MARS together?
A. While each product has its own benefits, you can obtain additional benefits when using them together. From within Cisco Security Manager, you can request from Cisco Security MARS a list of the matching events for a given firewall rule or IPS signature. From within Cisco Security MARS, looking at a particular firewall- or IPS-related event, you can request the corresponding firewall rule or IPS signature from Cisco Security Manager. If you need to modify the rule or signature, a cross-launch to the Cisco Security Manager client focused on the specific rule or signature is available.
Q. What other Cisco applications work with Cisco Security Manager?
A. Cisco Security Manager can work with Cisco Secure Access Control Server (ACS) to provide fine-grained role-based access control (RBAC) for Cisco Security Manager users. You can precisely customize the permitted operations and set of devices available to a given user. Also, Cisco Security Manager can use the Cisco Configuration Engine as a deployment mechanism for Cisco IOS
® Software-based routers. The Cisco Configuration Engine allows deploying configuration changes to large numbers of routers using dynamically assigned addresses such as in a small office or teleworker environment.
Q. What devices and software versions are supported in Cisco Security Manager 3.2?
Q. Does Cisco Security Manager support high-availability deployment options?
A. Cisco Security Manager 3.1 and later support high-availability and disaster recovery deployment configurations by using Symantec Veritas software solutions. A variety of configurations can be tailored to meet desired availability and recovery objectives, as well as budget constraints. Cisco includes a detailed high-availability and disaster recovery installation guide for Cisco Security Manager and agent software for Veritas Cluster Server at no extra charge. Customers are responsible for obtaining the necessary Symantec Veritas software.
Q. Do I have to buy additional copies of Cisco Security Manager for a high-availability deployment?
A. In a high-availability or disaster recovery deployment, Cisco Security Manager is only active on a single server at any given time. Therefore, a single purchased copy of Cisco Security Manager is sufficient.
Q. Is Cisco Security Manager 3.2 supported using VMware?
A. We plan to officially support Cisco Security Manager using VMware ESX Server 3.5 in an upcoming maintenance release of Cisco Security Manager 3.2.
Q. What support options are available for Cisco Security Manager?
Q. What options are available to evaluate Cisco Security Manager?
A. Anyone with a valid Cisco.com account can download Cisco Security Manager and use the software for up to 90 days in evaluation mode. Go to http://www.cisco.com/go/csmanager and access the "Download Software" link. One limitation of the download is that it does not include CiscoWorks Resource Manager Essentials (RME).
For customers that wish to also evaluate CiscoWorks RME or that prefer a media format rather than a large download, an evaluation DVD can be ordered from Cisco Marketplace. Visit http://www.cisco.com/pcgi-bin/marketplace/welcome.pl; navigate to the Collateral and Subscriptions Store and search for part number EVAL-CSMGR-3.2.
There is no separate evaluation license. The product operates automatically in evaluation mode in the absence of an installed permanent license file. Evaluation mode is equivalent to Cisco Security Manager Professional Edition with a 50-device limit, with the exception that the evaluation mode expires 90 days after installation.
If you decide to purchase Cisco Security Manager, you do not need to re-install it. Simply install the permanent license key once you receive it.
Q. I'm currently using CiscoWorks VPN/Security Management Solution (VMS). Are any upgrade incentives available?
A. Cisco Security Manager was first introduced in March 2006 with extensive upgrade programs in place for CiscoWorks VMS users. However, as of the release of Cisco Security Manager 3.2, these programs have been phased out.
Q. Where can I find a list of technical questions and answers concerning Cisco Security Manager?
Q. What is the difference between Cisco Security Manager and CiscoWorks Network Compliance Manager (NCM)?
A. Cisco Security Manager and CiscoWorks NCM both support configuration management. However, Cisco Security Manager is highly optimized specifically for security management of Cisco devices, while CiscoWorks NCM provides general-purpose configuration management tools for Cisco and other vendor devices. Cisco Security Manager generally provides greater ease-of-use and operational savings when managing security features on Cisco devices. CiscoWorks NCM includes a full set of audit and compliance features, which is highly complementary to Cisco Security Manager. For more information about CiscoWorks NCM, visit
1Note: Cisco Performance Monitor 3.2 will be made available shortly after the release of Cisco Security Manager 3.2 as a download from Cisco.com.