Cisco® Security Manager is an enterprise-class management application designed to configure firewall, VPN, and intrusion prevention system (IPS) security services on Cisco network and security devices. Cisco Security Manager can be used in networks of all sizes-from small networks to large networks consisting of thousands of devices-by using policy-based management techniques. Cisco Security Manager works in conjunction with the Cisco Security Monitoring, Analysis, and Response System (MARS). Used together, these two products provide a comprehensive security management solution that addresses configuration management, security monitoring, analysis, and mitigation.
New Features Introduced in Release 3.3
• Support for Cisco Firewall Services Module (FWSM) 3.1.(13), 3.1(14), 3.2(9), 3.2(10), 4.0(3), and 4.0(4)
• Support for Cisco ASA Software Versions 7.2.5, 8.0.5, and 8.1.2
• Support for new ASA 8.2 related features such as Botnet Traffic filter, SSL VPN AnyConnect Essentials and SSL VPN RAS shared license
• Support for Cisco 861, 861W, 887, 888SRST, 891, 892 Integrated Service Router (ISR) platforms
• Support for Cisco Integrated Service Router Generation 2 including 1900,2900, and 3900 platforms-this needs CSM version 3.3.1 or higher
• Support for ASR 1002, 1004 and 1006 platforms
• Support for Zone-Based Firewall (ZBF) on the ISR and ASR platforms
• Support for Group Encrypted Transport VPN (GETVPN) on ISR and ASR platforms
• Support for Cisco IPS 6.2 (IPv4 only) and IPS 7.0 OS versions on the IPS sensor modules
• Support for IPS 7.0 Global correlation features including Network participation and Reputation subscription
• Support for Cisco ASA-AIP-SSC05 IPS security services card on the ASA 5500 platform
• Support for Cisco NME IPS module on the ISR platforms
• Support for Cisco IOS Software Release 12.4(15)T , 12.4(20)T, 12.4(22)T on the ISR platforms
• Support for Cisco IOS Software Release 12.2(33)XNA , 12.2(33)XNB, 12.2(33)XNC on the ASR platforms
• Support for Cisco IOS Software Release 12.2(33)SXI on the Cisco Catalyst Switches
• Support for Content Filtering for IOS-based platforms
• Support for NTLMv2 based authentication
• Bulk Import/Export of policy objects
• Bulk Add for offline devices
• Bulk import for device level overrides
• Performance enhancements for policy navigation and policy object manager
There are three base versions of Cisco Security Manager Enterprise Edition: Standard-5, Standard-25, and Professional-50. The versions provide management for 5, 25, and 50 devices, respectively.
The Professional version supports incremental device license packages available in increments of 50, 100, 500, and 1000 devices. The Professional version also includes support for the management of Cisco Catalyst
® 6500 Series switches and associated services modules; the Standard versions do not include this support.
Note: The management software consumes a device license for:
• Each added physical device
• Each added Cisco Catalyst 6500 Series services module
• Each security context
• Each virtual sensor
Advanced Inspection and Prevention Security Services Modules (AIP-SSMs), IDS Network Modules, and IPS Advanced Integration Modules (IPS AIM) installed in the host device do not consume a license; however, additional virtual sensors (added after the first sensor) are counted.
In the case of a Firewall Services Module (FWSM), the module itself consumes a license and then an additional license for each added security context. For example, an FSWM with two security contexts would consume three licenses: one for the module, one for the admin context, and one for the second security context. If the Cisco Catalyst chassis itself is added to Cisco Security Manager, it too will consume a license.
The license allows the use of the software on a single server. A standby Cisco Security Manager server does not require a separate license if only one server is active at any one time.
Cisco Security Manager also includes a separate license file for CiscoWorks Resource Manager Essentials and Performance Monitor. You are entitled to use these applications for the same number of devices you have purchased for Cisco Security Manager.
Table 1 lists Cisco Security Manager part numbers.
Table 1. Cisco Security Manager Part Numbers
Product Part Number
Software Application Support (SAS) Service (to receive technical support and future minor software updates)
Cisco Security Manager Enterprise Edition Upgrade from Standard-25 to Professional-50
Cisco Security Manager 3.3 Enterprise Edition Standard-5 Minor Upgrade Media Kit
Cisco Security Manager 3.3 Enterprise Edition Standard-25 Minor Upgrade Media Kit
Cisco Security Manager 3.3 Enterprise Edition Professional - 50 Minor Upgrade Media Kit
* There is no upgrade part number provided to go from Cisco Security Manager Standard-5. However, you can combine an existing Standard-5 license with a new Standard-25 or Professional-50 license on the same server. The result is Standard-30 or Professional-55, respectively.
** The minor release upgrade kits do not include a Cisco Security Manager license and require the use of your previously obtained Cisco Security Manager 3.1 or 3.2 license.
Table 2 provides information on the upgrade paths available to customers currently using Cisco Security Manager 3.1.x or 3.2.x.
Table 2. Cisco Security Manager 3.1.x and 3.2.x Upgrade Options
Requires a Cisco Security Manager 3.1 or 3.2 Software Application Support (SAS) service contract.
Cisco Security Manager 3.1.x or 3.2.x
Customers can order minor release upgrade kits using normal Cisco sales channels. See Table 1 for the minor release upgrade part numbers. The minor release upgrade kits do not include a Cisco Security Manager license and require the use of your previously obtained Cisco Security Manager 3.1 or 3.2 license.
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business.
Cisco takes a lifecycle approach to services, and with its partners, provides a broad portfolio of security services so enterprises can design, implement, operate, and optimize network platforms that defend critical business processes against attack and disruption, protect privacy, and support policy and regulatory compliance controls.
• The Cisco Security Center provides a central location for early warning threat intelligence threat and vulnerability analysis, Cisco IPS signatures and mitigation techniques. Visit and bookmark the Cisco Security Center at http://www.cisco.com/security.
• Cisco Security Intellishield Alert Manager Service provides a customizable, Web-based threat and vulnerability alert service that allows organizations to easily access timely, accurate, and credible information about potential vulnerabilities in their environment.
• Cisco Software Application Support Services [SAS] keeps Cisco Security Manager up and running with around-the-clock access to technical support, and software updates.
• Cisco Security Optimization Service helps organizations maintain peak network health. The network infrastructure is the foundation of the agile and adaptive business. The Cisco Security Optimization Service supports the continuously evolving security system to meet ever-changing security threats through a combination of planning and assessments, design, performance tuning, and ongoing support for system changes.
Cisco Security Manager software is eligible for technical support service coverage under a Cisco SAS service agreement, which features:
• Unlimited access to the Cisco Technical Assistance Center for award-winning support. Technical assistance is provided by Cisco software application experts who are trained in Cisco security software applications. Support is available 24 hours per day, 7 days per week, 365 days per year worldwide.
• Registered access to Cisco.com, a robust repository of application tools and technical documents to assist in diagnosing network security problems, understanding new technologies, and staying current with innovative software enhancements. Utilities, white papers, application design data sheets, configuration documents, and case management tools help expand your in-house technical capabilities.
• Access to application software bug fixes and maintenance and minor software releases.
Customers requiring Cisco technical support and minor updates to Cisco Security Manager will need to purchase a Cisco SAS service contract. Table 1 lists the SAS part numbers.