Guest

Cisco Security Manager

Cisco Security Manager 4.2

  • Viewing Options

  • PDF (174.0 KB)
  • Feedback

PB687430

Cisco® Security Manager is an enterprise-class security management solution that helps organizations easily configure, monitor, and troubleshoot any Cisco security deployment. Cisco Security Manager can be used to manage network services such as firewall, intrusion prevention system (IPS), site-to-site virtual private network (VPN), and remote-access VPN services.

Cisco Security Manager also supports security features across a wide range of Cisco devices, including firewalls, IPS sensors, integrated services routers (ISRs), and aggregation services routers (ASRs), as well as Cisco Catalyst ® switches and service blades such as the Firewall Services Module (FWSM) and the Intrusion Detection System Services Module (IDSM).
For more information, please visit http://www.cisco.com/go/csmanager.

New Features in Cisco Security Manager 4.2

• Support for identity-based firewall policies, including the ability to define access rules using Active Directory users and user groups, then using them in device-specific and shared policies.

• Support for the Cisco Catalyst 6500 Series ASA Services Module, a high-speed, integrated network security module for Cisco Catalyst 6500 Series switches.

• Ability to manage Cisco ISR Web Security with Cisco ScanSafe, which provides market-leading web security for the Cisco Integrated Services Router Generation 2 (ISR G2) family.

• Generic router support to enable the discovery and management of new Cisco Integrated Services Router (ISR), Aggregation Services Router (ASR), and Edge Services Router (ESR) models in backward-compatibility mode. Please see the list of supported models and versions.

• Simplified PAT enhancements, including the ability to explicitly define a second IP or object/object-group for inclusion in the PAT Pool, and the ability to use round robin algorithms to assign PAT ports.

• Ability for Cisco Security Manager 3.3.1 customers to directly upgrade to Cisco Security Manager 4.2. This requires the purchase of new upgrade SKUs.

For more details regarding Cisco Security Manager, please see the Cisco Security Manager 4.2 data sheet.

Cisco Security Manager 4.2 Hardware and Operating System Requirements

Cisco Security Manager 4.2 requires modern server hardware and software to deliver an optimized user experience. While some customers may have the ability to use their existing hardware and system software to run Version 4.2, review of the Cisco Security Manager 4.2 hardware and software requirements is highly recommended. Table 1 lists the requirements for Cisco Security Manager 4.2.

Table 1. Server Hardware and Software Requirements for Cisco Security Manager 4.2

Recommended Server Hardware for Cisco Security Manager 4.2

Recommended server

Cisco UCS C210 M2 or above

CPU

Intel Quadcore Xeon 5500 Series or above

Memory

16 GB or above

HDD

4 x 500 GB

HDD partitioning

Windows + Cisco Security Manager: minimum 500 GB

Log storage for events

Minimum 1 TB

HDD RAID

RAID 10

Network adapter

1 Gbps

Recommended Server Software

Operating system

Windows 2008 Enterprise Server R2, 64-bit

Disk optimization

Diskeeper 2010 Server

Antivirus

Real-time protection disabled

Physical and eDelivery Licenses

Cisco Security Manager 4.2 and associated licenses are available for both physical and electronic delivery. Customers can continue to order traditional physical delivery part numbers, and will be shipped the appropriate DVD or paper license keys. In addition, a new eDelivery option is now available. This option enables customers to download Cisco Security Manager directly from Cisco.com and receive license keys via email. The eDelivery option can greatly reduce the time between the ordering and deployment of Cisco Security Manager.

Cisco Security Manager Server Licenses

Cisco Security Manager 4.2 is available in two feature levels: Standard and Professional. Enterprise customers will greatly benefit from the scalability and broader device support offered by Cisco Security Manager 4.2 Professional. Meanwhile, small commercial customers will find Cisco Security Manager 4.2 Standard to be an exceptional value. Device managers such as Adaptive Security Device Manager (ASDM) for the Cisco ASA 5500 Series best serve small business customers who do not need to manage security policies across multiple devices. Table 2 lists basic part numbers for Cisco Security Manager 4.2 Standard and Professional.

Table 2. Part Numbers for Cisco Security Manager 4.2 Standard and Professional

Physical Part Number

eDelivery Part Number

Description

CSMST5-4.2-K9

L-CSMST5-4.2-K9

Cisco Security Manager 4.2 Standard - 5-Device Limit

CSMST10-4.2-K9

L-CSMST10-4.2-K9

Cisco Security Manager 4.2 Standard - 10-Device Limit

CSMST25-4.2-K9

L-CSMST25-4.2-K9

Cisco Security Manager 4.2 Standard - 25-Device Limit

CSMPR50-4.2-K9

L-CSMPR50-4.2-K9

Cisco Security Manager 4.2 Professional - 50-Device Limit

CSMPR100-4.2-K9

L-CSMPR100-4.2-K9

Cisco Security Manager 4.2 Professional - 100-Device Limit

CSMPR250-4.2-K9

L-CSMPR250-4.2-K9

Cisco Security Manager 4.2 Professional - 250-Device Limit

Computation of Device Count for Licensing

The management software consumes a device license for:

• Each added physical device

• Each added Cisco Catalyst 6500 Series services module

• Each security context

• Each virtual sensor

Advanced Inspection and Prevention Security Services Modules (AIP-SSMs), IDS Network Modules (IDSMs), and IPS Advanced Integration Modules (IPS AIMs) installed in the host device do not consume a license; however, additional virtual sensors (added after the first sensor) are counted.
In the case of an FWSM, the module itself consumes a license, and then an additional license is required for each added security context. For example, an FSWM with two security contexts would consume three licenses: one for the module, one for the admin context, and one for the second security context. If the Cisco Catalyst chassis itself is added to Cisco Security Manager, it too will consume a license.
Device counts are computed in the same manner as with Cisco Security Manager 3.x releases. There has been no change to this logic in Cisco Security Manager 4.2.

Cisco Security Manager Professional Incremental Device Licenses

Customers with large security estates can increase the number of devices supported by Cisco Security Manager Professional, using incremental device licenses. (These licenses cannot be used with Cisco Security Manager Standard.) Incremental device licenses are stackable, and several licenses may be activated on a single Cisco Security Manager Professional server. For instance, a CSMPR50-4.2-K9 customer who also purchases CSMPR-LIC-100 will have the ability to manage a total of 150 devices. Incremental device licenses that were purchased for Cisco Security Manager 3.x will continue to work with Cisco Security Manager 4.2. Table 3 lists the incremental part numbers.

Table 3. Incremental Part Numbers for Cisco Security Manager 4.2 Professional

Physical Part Number

eDelivery Part Number

Description

CSMPR-LIC-50

L-CSMPR-LIC-50

Cisco Security Manager 4.2 Professional - Incremental 50-Device License

CSMPR-LIC-100

L-CSMPR-LIC-100

Cisco Security Manager 4.2 Professional - Incremental 100-Device License

CSMPR-LIC-250

L-CSMPR-LIC-250

Cisco Security Manager 4.2 Professional - Incremental 250-Device License

Upgrading from Cisco Security Manager 4.1 to Cisco Security Manager 4.2

Cisco Security Manager 4.0/4.1 customers with a valid Cisco SMARTnet ® or Software Application Support (SAS) contract can upgrade to Cisco Security Manager 4.2 for free. Customers who do not have SAS support for the product are required to purchase the Server upgrade licenses listed in Table 4.

Table 4. Part Numbers for Upgrading from Cisco Security Manager 4.0 to 4.2

Physical Part Number

eDelivery Part Number

Description

CSMST5-4.2-M-K9

L-CSMST5-4.2-M-K9

Cisco Security Manager 4.2 STD-5 Minor Upgrade License

CSMST10-4.2-M-K9

L-CSMST10-4.2-M-K9

Cisco Security Manager 4.2 STD-10 Minor Upgrade License

CSMST25-4.2-M-K9

L-CSMST25-4.2-M-K9

Cisco Security Manager 4.2 STD-25 Minor Upgrade License

CSMPR50-4.2-M-K9

L-CSMPR50-4.2-M-K9

Cisco Security Manager 4.2 PRO-50 Minor Upgrade License

CSMP100-4.2-M-K9

L-CSMP100-4.2-M-K9

Cisco Security Manager 4.2 PRO-100 Minor Upgrade License

CSMP250-4.2-M-K9

L-CSMP250-4.2-M-K9

Cisco Security Manager 4.2 PRO-250 Minor Upgrade License

Please note that these licenses are not for upgrading from earlier versions of Cisco Security Manager to Version 4.2.

Upgrading from Cisco Security Manager 3.x to Cisco Security Manager 4.2

Cisco Security Manager 3.3.1 customers can upgrade directly to Cisco Security Manager 4.2. This requires the purchase of one of the SKUs listed in Table 5. There is no direct upgrade path for customers using an earlier version than Cisco Security Manager 3.3.1. It is recommended that customers using an earlier version migrate to Cisco Security Manager 3.3.1. Please note that the Version 3.x to Version 4.0 upgrade is not covered under the Cisco SAS service. Customers are highly encouraged to stay current, as new features and new device support is only available in the latest release. Incremental device licenses purchased for Cisco Security Manager 3.x will continue to work with Cisco Security Manager 4.0.

Table 5. Part Numbers for Upgrading from Cisco Security Manager 3.3.x to Cisco Security Manager 4.2

Physical Part Number

eDelivery Part Number

Description

CSMPR50-U-4.2-K9

L-CSMPR50-U-4.2-K9

Cisco Security Manager 3.x to 4.2 Upgrade - PRO-50 License

CSMST5-U-4.2-K9

L-CSMST5-U-4.2-K9

Cisco Security Manager 3.x to 4.2 Upgrade - STD-25 License

CSMST25-U-4.2-K9

L-CSMST25-U-4.2-K9

Cisco Security Manager 3.x to 4.2 Upgrade - STD-5 License

Upgrading from Cisco Security Manager 4.2 Standard to 4.2 Professional

Occasionally, customers will find that they have outgrown the capabilities of Cisco Security Manager Standard, and will need to upgrade to Cisco Security Manager Professional. This is typical for customers who originally purchased Cisco Security Manager Standard, but over time need to manage Catalyst security blades, or whose deployment grows beyond the 25-device limit of Cisco Security Manager Standard. The professional license obtained using this upgrade mechanism will be equivalent in functionality to a CSMPR50-4.2-K9 license. Table 6 lists part numbers for upgrading from Cisco Security Manager Standard to Professional.

Table 6. Part Numbers for Upgrading from Cisco Security Manager Standard to Cisco Security Manager Professional

Physical Part Number

eDelivery Part Number

Description

CSMSTPR-U-4.2-K9

L-CSMSTPR-U-4.2-K9

Upgrade from Cisco Security Manager Standard 25-Device Limit to Cisco Security Manager Professional

Please note that this license is not for upgrading from earlier versions of Cisco Security Manager to Version 4.2.

Cisco Security Manager Support Service Licenses

Customers are highly encouraged to purchase the appropriate Cisco Software Application Support (SAS) service, which entitles them to receive technical support and minor software updates for Cisco Security Manager 4.2.

Physical Part Number

eDelivery Part Number

Support Part Number

CSMST5-4.2-K9

L-CSMST5-4.2-K9

CON-SAS-CSMS542

CSMST10-4.2-K9

L-CSMST10-4.2-K9

CON-SAS-CSMS1042

CSMST25-4.2-K9

L-CSMST25-4.2-K9

CON-SAS-CSMS2542

CSMPR50-4.2-K9

L-CSMPR50-4.2-K9

CON-SAS-CSMPC42

CSMPR100-4.2-K9

L-CSMPR100-4.2-K9

CON-SAS-CSMPL42

CSMPR250-4.2-K9

L-CSMPR250-4.2-K9

CON-SAS-CSMP2542

CSMPR-LIC-50

L-CSMPR-LIC-50

CON-SAS-CSMPRI50

CSMPR-LIC-100

L-CSMPR-LIC-100

CON-SAS-CSMPRI1C

CSMPR-LIC-250

L-CSMPR-LIC-250

CON-SAS-CSMPR250

CSMSTPR-U-4.2-K9

L-CSMSTPR-U-4.2-K9

CON-SAS-CSMSTPRU

CSMPR50-U-4.2-K9

L-CSMPR50-U-4.2-K9

CON-SAS-CSMPR42U 

CSMST5-U-4.2-K9

L-CSMST5-U-4.2-K9

CON-SAS-CSMS5U2

CSMST25-U-4.2-K9

L-CSMST25-U-4.2-K9

CON-SAS-CSMS25U2

Choosing the Right Cisco Security Manager License: New Customer Scenario

1. Selection of Cisco Security Manager Base Product Version

a. If you need to manage Cisco Catalyst 6500 or FWSM/IDSM blades, choose CSMPR-50-4.2-K9 or its eDelivery version.

b. Based on the number of devices you need to manage using Cisco Security Manager (after accounting for future growth prospects), obtain:

i. CSMST5-4.2-K9 or its eDelivery version for networks of five or fewer devices.
ii. CSMST10-4.2-K9 or its eDelivery version for networks of 10 or fewer devices.
iii. CSMST25-4.2-K9 or its eDelivery version for networks of 25 or fewer devices.
iv. CSMPR50-4.2-K9/CSMPR100-4.2-K9/CSMPR250-4.2-K9 or their eDelivery versions for larger networks. In addition, consider incremental licenses.

c. If you obtained a standard license for 25 devices, but need to manage more than 25 devices, obtain CSMSTPR-U-4.2-K9 or its eDelivery version to upgrade to the Professional version of the product with the ability to manage 50 devices.

2. Incremental licenses allow you to manage more devices. Based on the size of the network you need to manage, obtain:

a. CSMPR-LIC-50 or its eDelivery version to add management of 50 additional devices.

b. CSMPR-LIC-100 or its eDelivery version to add management of 100 additional devices.

c. CSMPR-LIC-250 or its eDelivery version to add management of 250 additional devices.

d. For larger networks:

i. Purchase multiple units of incremental licenses if you want to install these on the same Cisco Security Manager server.
ii. Purchase base licenses and/or incremental licenses if you want to install multiple Cisco Security Manager servers to obtain better performance.
3. In addition to the base and incremental licenses, you must purchase equivalent support contracts.

Choosing the Right Cisco Security Manager License: Existing Customer Scenario

1. If you are a Cisco Security Manager 3.x customer, upgrade to the equivalent Cisco Security Manager 3.3.1 version first, and then upgrade to 4.2. Please refer to the section above on upgrading from Cisco Security Manager 3.x for more details about upgrading from Version 3.x to Version 4.2.
2. If you have Cisco Security Manager 4.0/4.1 and have a valid SAS support for that version, you are entitled to upgrade to Cisco Security Manager 4.2 at no additional cost.
3. If you are upgrading from Cisco Security Manager 4.0/4.0.1 to Cisco Security Manager 4.2 and you have not purchased a SAS contract, then obtain:

a. CSMST5-4.2-M-K9 or its eDelivery version if you currently own CSMST5-4.0-K9.

b. CSMST10-4.2-M-K9 or its eDelivery version if you currently own CSMST10-4.0-K9.

c. CSMST25-4.2-M-K9 or its eDelivery version if you currently own CSMST25-4.0-K9.

d. CSMPR50-4.2-M-K9/CSMP100-4.2-M-K9/CSMP250-4.2-M-K9 or its eDelivery version if you currently own CSMPR50-4.2-K9/CSMPR100-4.2-K9/CSMPR250-4.2-K9.

4. Any incremental device licenses you already own for Cisco Security Manager 3.x or 4.x will be applicable for Cisco Security Manager 4.2. You do not need to obtain new incremental licenses to manage the same number of devices. If you intend to enable event management for larger networks, you may need to deploy multiple Cisco Security Manager servers, which involves obtaining additional base product licenses.

Cisco Services

Cisco takes a lifecycle approach to services and, with its partners, provides a broad portfolio of security services so enterprises can design, implement, operate, and optimize network platforms that defend critical business processes against attack and disruption, protect privacy, and support policy and regulatory compliance controls.
Cisco services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, visit: http://www.cisco.com/en/US/products/svcs/ps2961/ps2952/serv_group_home.html.

Cisco Security Intelligence Operations (SIO) provides a central location for early warning threat and vulnerability intelligence and analysis, Cisco IPS signatures, and mitigation techniques. Visit and bookmark Cisco SIO at http://www.cisco.com/security.

Cisco Security IntelliShield Alert Manager Service provides a customizable, web-based threat and vulnerability alert service that allows organizations to easily access timely, accurate, and credible information about potential vulnerabilities in their environment.

Cisco Software Application Support (SAS) Service keeps Cisco Security Manager up and running with around-the-clock access to technical support and software updates.

Cisco Security Optimization Service helps organizations maintain peak network health. The network infrastructure is the foundation of an agile and adaptive business. The Cisco Security Optimization Service supports the continuously evolving security system to meet ever-changing security threats through a combination of planning and assessments, design, performance tuning, and ongoing support for system changes.

Cisco Security Manager software is eligible for technical support service coverage under a Cisco SAS service agreement, which features:

• Unlimited access to the Cisco Technical Assistance Center (TAC) for award-winning support. Technical assistance is provided by Cisco software application experts trained in Cisco security software applications. Support is available 24 hours a day, 7 days a week, 365 days a year worldwide.

• Registered access to Cisco.com, a robust repository of application tools and technical documents that can assist you in diagnosing network security problems, understanding new technologies, and staying current with innovative software enhancements. Utilities, white papers, application design data sheets, configuration documents, and case management tools help expand your in-house technical capabilities.

• Access to application software bug fixes and maintenance, as well as minor software releases.

Customers requiring Cisco technical support and minor updates to Cisco Security Manager will need to purchase a Cisco SAS service agreement.

Availability

Customers can purchase Cisco Security Manager 4.2 through regular sales channels. It is also available for evaluation by downloading it from http://www.cisco.com/go/csmanager or by ordering an evaluation kit from the Collateral and Subscriptions Store at Cisco Marketplace at http://www.cisco.com/pcgi-bin/marketplace/welcome.pl.

For More Information

For more information about Cisco Security Manager 4.2, visit http://www.cisco.com/go/csmanager, contact your account manager or a Cisco Authorized Technology Provider, or send an email to ask-csmanager@cisco.com.