-
null
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The following topics describe the user interface information for pages related to device inventory management:
•Device Delete Validation Page
•Create a Clone of Device Dialog Box
•Edit Device Groups Dialog Box
•Add Devices to Group Dialog Box
•Device Server Assignment Dialog Box
Use the Create Filter dialog box to filter and display a subset items in a selector or a table. Creating filters helps you find items more easily when viewing large lists.
For more information on filtering, see these topics:
•Filtering Items in Selectors, page 2-14
Navigation Path
Do one of the following:
•Select Create Filter from the Filter field in a selector tree.
•Select Advanced Filter from the Filter field above a table.
Field Reference
Use the New Device wizard to add devices to the device inventory. Devices must be added to the inventory before you can manage them.
The New Device wizard guides you through the process of adding devices to the inventory. You can add devices from many different sources, and the path through the wizard differs significantly based on the method you are using. You select the method on the first page of the wizard.
To start the wizard, from Device view, select File > New Device, or click the Add button in the device selector.
The following topics describe the pages in the wizard. The first page is common to all methods. The subsequent pages depend on your selection on the first page.
•Adding devices from the network:
–Device Information Page - Add Device from Network
•Adding devices from configuration files:
–Device Information Page—Configuration File
•Adding devices manually:
–Device Information Page—New Device
•Adding devices from an export file:
–Device Information Page—Add Device from File
Use the Choose Method page of the New Device wizard to select how you want to add devices to the device inventory.
Navigation Path
To start the New Device wizard, from Device view, select File > New Device, or click the Add button in the device selector.
Related Topics
•Adding Devices from the Network, page 5-8
•Adding Devices from Configuration Files, page 5-10
•Adding Devices by Manual Definition, page 5-11
•Adding Devices from an Inventory File, page 5-12
Use the New Device wizard's Device Information page for adding devices from the network to specify the device's identifying information.
Navigation Path
To start the New Device wizard, from Device view, select File > New Device, or click the Add button in the device selector.
Related Topics
•Understanding the Device View, page 5-1
•Adding Devices from the Network, page 5-8
•Discovering Policies, page 6-11
•Device Communication Page, page A-11
Field Reference
|
|
---|---|
|
|
IP Type |
You can add only devices that have static IP addresses. If you want to add a device that uses dynamic addresses (supplied by a DHCP server), determine the current IP address for the device, use that address, and after adding the device, update its properties to change the IP Type to Dynamic and to identify the AUS or Configuration Engine that is managing the device. |
Hostname |
The DNS hostname for the device. Enter the DNS hostname if the IP address is not known. Note You must enter either the DNS hostname or the IP address, or both. |
Domain Name |
The DNS domain name for the device. |
IP Address |
The management IP address of the device. The IP address must be in the dotted quad format, for example, 10.64.3.8. Note You must enter either the IP address or the DNS hostname, or both. |
Display Name |
The name to display in the Security Manager Device selector. If you enter a hostname or IP address, it is entered automatically in this field, but you can change it. The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following characters: _ -. : and space. Note Two devices cannot have the same display name. |
OS Type |
The family of the operating system running on the device. You must be careful to select the correct type, because your selection affects how Security Manager tries to log into the device and obtain its configuration. The options are: •IOS 12.3+—For Cisco routers running Cisco IOS Software Release 12.3 or higher. Do not select this for Catalyst 6500/7600 or other Catalyst devices. •IOS - 12.2, 12.1—For Cisco routers running Cisco IOS Software Releases 12.2 or 12.1. Do not select this for ASRs, Catalyst 6500/7600, or other Catalyst devices. •IOS - Catalyst Switch/7600—For all Catalyst switches and 7600 devices. •ASA—For all ASA devices. •FWSM—For all FWSM devices. •IPS—For all devices running the IPS software. •PIX—For all PIX devices. |
Transport Protocol |
The protocol Security Manager should use when connecting to the device. Select a protocol that is configured on the device and for which you can supply credentials. Each device type has a default protocol that is the method normally used with the device. |
System Context |
Whether to discover the system execution space of a PIX Firewall 7, ASA, or FWSM device that is running in multiple-context mode. If you are discovering a device that hosts multiple security contexts, whether you select this checkbox has important implications in how you can configure the device in Security Manager. What gets discovered on the device also depends on whether you select the Discover Policies for Security Contexts checkbox. •Both System Context and Discover Policies for Security Contexts selected—This is the recommended selection. Security Manager discovers the system execution space and all of the security contexts defined on the device, and lists them in the device selector. The base display name represents the system execution space (for example, 10.10.11.24), whereas the security contexts are represented by nodes with the context name appended to the device name (for example, 10.10.11.24_admin), unless you changed the default naming convention configured on the Discovery page (see Discovery Page, page A-16). •System Context selected, Discover Policies for Security Contexts deselected—The system execution space is discovered and added to the device selector. You can then discover the policies for the security contexts at a later time. This method might be appropriate if you have one group of people who discover inventory and another group that discovers policies. •Neither checkbox selected—Only the Admin context gets discovered and added to the device selector. You cannot discover the other security contexts or manage them. |
|
|
Discover |
The type of elements that should be discovered and added to the inventory. You have these options: •Policies and Inventory—Discover policies, interfaces, and service modules (if applicable). This is the default and recommended option. When policy discovery is initiated, the system analyzes the configuration on the device, then imports the configured service and platform policies. When inventory discovery is initiated, the system analyzes the interfaces on the device and then imports the interface list. If the device is a composite device, all the service modules in the device are discovered and imported. If you select this option, the checkboxes below are activated and you can use them to control the types of policies that are discovered. Note During discovery, if you import an ACL that is inactive, it is shown as disabled in Security Manager. If you deploy the same ACL, it will be removed by Security Manager. •Inventory Only—Discovers interfaces and service modules (if applicable). •No Discovery—All discovery is skipped. No policy, interface, or service module information for the device is added to the device inventory. |
Platform Settings |
Whether to discover the platform settings, which are also called platform-specific policy domains. Platform-specific policy domains exist on firewall devices and Cisco IOS routers. These domains contain policies that configure features that are specific to the selected platform. For more information, see Service Policies vs. Platform-Specific Policies, page 6-2. |
Firewall Policies |
Whether to discover firewall policies, which are also called firewall services. Firewall services include policies such as access rules, inspection rules, AAA rules, web filter rules, and transparent rules. For details see, Chapter 11, "Managing Firewall Services" |
IPS Policies |
Whether to discover IPS policies such as signatures and virtual sensors. For more information, see Chapter 16, "Managing IPS Devices" and Chapter 12, "Managing IPS Services". |
RA VPN Policies |
Whether to discover IPSec and SSL remote access VPN policies such as IKE proposals and IPsec proposals. For more information, see Chapter 10, "Managing Remote Access VPNs". |
Discover Policies for Security Context |
Whether to discover policies for security contexts. Security contexts apply to PIX Firewall, ASA, or FWSM devices. This field is active only if you select Static for IP Type and System Context. |
Use the New Device wizard's Device Information page for adding devices from configuration files to select the configuration files and to specify policy discovery options.
Navigation Path
To start the New Device wizard, from Device view, select File > New Device, or click the Add button in the device selector.
Related Topics
•Understanding the Device View, page 5-1
•Adding Devices from Configuration Files, page 5-10
•Discovering Policies, page 6-11
Field Reference
|
|
---|---|
Device Type selector |
Organizes the devices by device-type and device-family. Select the device type for the new device. You must select the correct device type for the configuration file you are adding. |
System Object ID |
The system object identifiers for the device type you selected from the Device Type selector. Select the correct ID for your device. |
Configuration Files |
The configuration files from the devices you are adding to the inventory. You can specify more than one configuration file, but they must all be for the same device type. Separate the file names with commas. Click Browse to select the files from the Security Manager server, or manually type in the file names (including the full path). For information on selecting files, see Selecting or Specifying a File or Directory on the Server File System, page 2-19. |
Options |
The additional options available on the device. Select IPS if the IPS feature is available on the device. |
Target OS Version (Routers only.) |
The OS version on which you want to base the router's configuration. •Select Default to read the OS version from the configuration file. •Select a specific release number if you want to ensure the desired release is used. If the desired release is not listed, select the release number that is closet but lower than the release running on the device. You might have to select a specific release when discovering configuration files for Aggregation Services Routers (ASR) or for configuration files that include zone-based firewall policies. |
|
|
Discover |
The type of elements that should be discovered and added to the inventory. You have these options: •Policies and Inventory—Discover policies, interfaces, and service modules (if applicable). This is the default and recommended option. When policy discovery is initiated, the system analyzes the configuration file, then imports the configured service and platform policies. When inventory discovery is initiated, the system analyzes the interfaces defined in the file and then imports the interface list. If you select this option, the checkboxes below are activated and you can use them to control the types of policies that are discovered. Note During discovery, if you import an ACL that is inactive, it is shown as disabled in Security Manager. If you deploy the same ACL, it will be removed by Security Manager. •Inventory Only—Discovers interfaces and service modules (if applicable). •No Discovery—All discovery is skipped. No policy, interface, or service module information for the device is added to the device inventory. |
Platform Settings |
Whether to discover the platform settings, which are also called platform-specific policy domains. Platform-specific policy domains exist on firewall devices and Cisco IOS routers. These domains contain policies that configure features that are specific to the selected platform. For more information, see Service Policies vs. Platform-Specific Policies, page 6-2. |
Firewall Policies |
Whether to discover firewall policies, which are also called firewall services. Firewall services include policies such as access rules, inspection rules, AAA rules, web filter rules, and transparent rules. For details see, Chapter 11, "Managing Firewall Services" |
IPS Policies |
Whether to discover IPS policies such as signatures and virtual sensors. For more information, see Chapter 16, "Managing IPS Devices" and Chapter 12, "Managing IPS Services". |
RA VPN Policies |
Whether to discover IPSec and SSL remote access VPN policies such as IKE proposals and IPsec proposals. For more information, see Chapter 10, "Managing Remote Access VPNs". |
Finish button |
Saves your wizard definitions and closes the wizard. The Discovery Status dialog box opens to display the status of the configuration file import and discovery (see Discovery Status Dialog Box, page D-12). |
Use the New Device wizard's Device Information page for adding new devices (that do not yet exist in the network) to specify the device's identifying information.
Navigation Path
To start the New Device wizard, from Device view, select File > New Device, or click the Add button in the device selector.
Related Topics
•Understanding the Device View, page 5-1
•Adding Devices by Manual Definition, page 5-11
Field Reference
|
|
---|---|
|
|
Device Type selector |
Organizes the devices by device-type and device-family. Select the device type for the new device. |
System Object ID |
The system object identifiers for the device type you selected from the Device Type selector. Select the correct ID for your device. |
|
|
IP Type |
Whether the IP address for the device is static (defined on the device) or dynamic (supplied by a DHCP server). Depending on the IP type you select, the displayed fields differ. |
Hostname (Static IP only) |
The DNS hostname for the device. Enter the DNS hostname if the IP address is not known. The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and hyphen (-). Note You must enter either the DNS hostname or the IP address, or both. Two devices cannot have the same DNS hostname and domain name combination. |
Domain Name (Static IP only) |
The DNS domain name for the device. The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; period (.) and hyphen (-). |
IP Address (Static IP only) |
The management IP address of the device. The IP address must be in the dotted quad format, for example 10.64.3.8. Note You must enter either the IP address or the DNS hostname, or both. |
Display Name |
The name to display in the Security Manager Device selector. If you enter a hostname or IP address, it is entered automatically in this field, but you can change it. The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following characters: _ -. : and space. Note Two devices cannot have the same display name. |
|
|
OS Type |
The type of operating system. Based on the device type, the OS type is selected automatically. |
Image Name |
The name of the image that will run on the device. |
Target OS Version |
The target OS version for which you want to apply the configuration. This selection determines the type of commands used when Security Manager generates configuration files. |
Options |
The additional options available on the device. Select IPS if the IPS feature is available on the device. |
Contexts |
Whether the device hosts a single security context (Single) or multiple security contexts (Multi). This field is displayed only if the OS type is an FWSM, ASA, or PIX Firewall 7.0. |
Operational Mode |
The mode in which the device is operating. This field is displayed only if the OS type is FWSM, ASA, or PIX Firewall 7.0. The options available are: Transparent, Routed, or Mixed. Mixed applies only to FWSM 3.1 and higher devices when you select Multi for Contexts. |
This group is named differently depending on the device type you select: •Auto Update—For PIX Firewall and ASA devices. •Configuration Engine—For Cisco IOS Routers. Use these fields to identify the server that manages the device, if any. A server is required for a device with a dynamic IP address. You cannot define a server for Catalyst 6500/7600 or FWSM devices. |
|
Server |
The Auto Update Server or Configuration Engine that manages the device. You can add servers to the list by selecting Add Servers, which opens the Server Properties dialog box (see Server Properties Dialog Box). You can also edit the properties of a server by selecting Edit Server, which opens the Available Servers dialog box (see Available Servers Dialog Box). For more information on managing this list of servers, see Adding, Editing, or Deleting Auto Update Servers or Configuration Engines, page 5-14 |
Device Identity |
The string value that uniquely identifies the device in Auto Update Server or the Configuration Engine. |
|
|
Manage in Cisco Security Manager |
Whether Security Manager manages the device. This check box is selected by default. If the only function of the device you are adding is to serve as a VPN end point, deselect this check box. Security Manager will not manage configurations nor will it upload or download configurations on this device. |
Security Context of Unmanaged Device |
Whether to manage a security context whose parent (the PIX Firewall, ASA, or FWSM device) is not managed by Security Manager. This field is active only if the device you selected in the Device selector is a firewall device, such as PIX Firewall, ASA, or FWSM and that firewall device supports security contexts. You can partition a PIX Firewall, ASA, or FWSM into multiple security firewalls, also known as security contexts. Each context is an independent system with its own configuration and policies. You can manage these standalone contexts in Security Manager, even though the parent device is not managed by Security Manager. For more information, see Configuring Security Contexts on Firewall Devices, page 14-82. Note If you select this check box, the available target OS version for the security module is displayed in the Target OS Version field. |
Finish button |
Saves your wizard definitions and closes the wizard. When you click Finish, the system performs device validation tasks. If your entries are valid, the device definitions are saved and the wizard closes. The device is added to the inventory and it appears in the Device selector. If errors are found, the system generates error messages and displays the wizard page where the error occurs. |
Use the Server Properties dialog box to specify the properties of an Auto Update Server or Configuration Engine.
Depending on how you open this dialog box, the title of the dialog box might specify the type of server (for example, Auto Update Server Properties or Configuration Engine Properties). The dialog boxes are essentially identical.
Tip Security Manager cannot determine the software version running on a Configuration Engine when you add it. However, Security Manager cannot deploy configurations correctly to all versions of Configuration. Ensure that your Configuration Engines are running a supported release, such as 3.0. For more information on supported versions of Configuration Engine, see the supported devices document at http://www.cisco.com/en/US/products/ps6498/products_device_support_tables_list.html.
Navigation Path
To open this dialog box, do one of the following:
•Select Add Server... from the Server field in the Auto Update Server or Configuration Engine groups on the Device Information page of the New Device wizard when adding a device manually. The selection might also be named Add Auto Update Server or Add Configuration Engine.
•Select Add Server... from the Server field in the Auto Update Server or Configuration Engine groups on the Device Properties—General page. The selection might also be named Add Auto Update Server or Add Configuration Engine.
•Click Create, or select a server and click Edit, in the Available Servers dialog box (see Available Servers Dialog Box).
Related Topics
•Device Information Page—New Device
•Device Information Page - Add Device from Network
•Adding, Editing, or Deleting Auto Update Servers or Configuration Engines, page 5-14
•Viewing or Changing Device Properties, page 5-17
Field Reference
Use the Available Servers dialog box to add, edit, or delete an Auto Update Server or Configuration Engine.
Depending on how you open this dialog box, the title of the dialog box might specify the type of servers listed (for example, Available Auto Update Servers or Available Configuration Engines). The dialog boxes are essentially identical.
Navigation Path
To open this dialog box, do one of the following:
•Select Edit Server... from the Server field in the Auto Update Server or Configuration Engine groups on the Device Information page of the New Device wizard when adding a device manually. The selection might also be named Edit Auto Update Server or Edit Configuration Engine.
•Select Edit Server... from the Server field in the Auto Update Server or Configuration Engine groups on the Device Properties—General page. The selection might also be named Edit Auto Update Server or Edit Configuration Engine.
Related Topics
•Device Information Page—New Device
•Device Information Page - Add Device from Network
•Adding, Editing, or Deleting Auto Update Servers or Configuration Engines, page 5-14
•Viewing or Changing Device Properties, page 5-17
Field Reference
|
|
---|---|
Display Name |
The name that is displayed in Security Manager for the server. |
Type |
The type of server: AUS or CE (Configuration Engine). This field is not displayed if the title of the dialog box specifies the server type. |
IP Address |
The IP address of the server. |
Server Name |
The DNS hostname of the server. |
Domain Name |
The DNS domain name of the server. |
Create button |
Opens the Server Properties dialog box where you can add a new server (see Server Properties Dialog Box). |
Edit button |
Opens the Server Properties dialog box where you can edit the information for the selected server (see Server Properties Dialog Box). |
Delete button |
Deletes the selected server. You are asked to confirm the deletion. |
Use the New Device wizard's Device Information page for adding devices from an inventory file to select the file and to specify policy discovery options. The inventory file must be on the Security Manager server; you cannot use an inventory file on a client system.
The formats you can use for the inventory file are explained in Exporting the Device Inventory from the Security Manager Client, page 5-26. Typically, the inventory file will have been exported from another Security Manager server, from a CiscoWorks Common Services server, or it will be the seed file used to populate the inventory of a Cisco Security Monitoring, Analysis and Response System (CS-MARS) server.
Navigation Path
To start the New Device wizard, from Device view, select File > New Device, or click the Add button in the device selector.
Related Topics
•Understanding the Device View, page 5-1
•Adding Devices from an Inventory File, page 5-12
•Discovering Policies, page 6-11
•Device Communication Page, page A-11
Field Reference
|
|
---|---|
Import Devices From |
The inventory file that contains the devices you want to import. Click Browse to select the file on the Security Manager server. When selecting the file, you must also select the correct file type so that Security Manager can correctly evaluate the comma-separated values (CSV) file. |
After you select a file, Security Manager evaluates its contents and displays the list of devices defined in the file in the table in the upper pane of the page. Security Manager automatically selects all devices whose status is Ready to Import. Typically, these are the devices that do not already exist in the device inventory. The table contains the following columns. |
|
Import |
Select this checkbox to add the device to the inventory. You can select or deselect a folder to select or deselect all devices within the folder. |
Display Name |
The name that will be displayed in the Security Manager Device selector. |
Host Name |
The host name defined on the device. |
Transport |
The transport protocol that should be used to connect to the device. |
Status |
Whether Security Manager can import the device. Devices can be imported only if they have the status Ready to Import. For detailed information on a device's status, select it and read the expanded status information in the Status text box in the lower right corner of the page. |
Device Type |
The type of device. |
Below the device import table is a pane that displays the details for the device selected in the table. The Identity information repeats the table fields. The Status text box displays an extended explanation of the import status. The Discover Device Settings and Transport groups let you specify how Security Manager should import the device. If you select a folder instead of a device, the settings you select apply to all devices in the folder. The settings are explained below. |
|
|
|
Perform Device Discovery |
Whether to discover policies directly from the device: •If the inventory file is in Security Manager format, you must select Perform Device Discovery to discovery inventory and policies (otherwise, the device is added without being evaluated). If you are adding offline or standby devices, you can leave this option deselected to easily add the device to the inventory. •All other inventory file types require device discovery. |
System Context |
Whether the selected device is the system execution space on a device running in multiple context mode (that is, more than one security context is defined on the device). If the device is the system execution space, you must select this option for discovery to complete correctly. |
Discover |
The type of elements that should be discovered and added to the inventory. You have these options: •Policies and Inventory—Discover policies, interfaces, and service modules (if applicable). This is the default and recommended option. When policy discovery is initiated, the system analyzes the configuration on the device, then imports the configured service and platform policies. When inventory discovery is initiated, the system analyzes the interfaces on the device and then imports the interface list. If the device is a composite device, all the service modules in the device are discovered and imported. If you select this option, the checkboxes below are activated and you can use them to control the types of policies that are discovered. Note During discovery, if you import an ACL that is inactive, it is shown as disabled in Security Manager. If you deploy the same ACL, it will be removed by Security Manager. •Inventory Only—Discovers interfaces and service modules (if applicable). |
Platform Settings |
Whether to discover the platform settings, which are also called platform-specific policy domains. Platform-specific policy domains exist on firewall devices and Cisco IOS routers. These domains contain policies that configure features that are specific to the selected platform. For more information, see Service Policies vs. Platform-Specific Policies, page 6-2. |
Firewall Policies |
Whether to discover firewall policies, which are also called firewall services. Firewall services include policies such as access rules, inspection rules, AAA rules, web filter rules, and transparent rules. For details see, Chapter 11, "Managing Firewall Services" |
IPS Policies |
Whether to discover IPS policies such as signatures and virtual sensors. For more information, see Chapter 16, "Managing IPS Devices" and Chapter 12, "Managing IPS Services". |
RA VPN Policies |
Whether to discover IPSec and SSL remote access VPN policies such as IKE proposals and IPsec proposals. For more information, see Chapter 10, "Managing Remote Access VPNs". |
Discover Policies for Security Contexts |
For devices running in multiple-context mode, where more than one security context is defined on the device, whether to discover those security contexts. |
The transport settings determine the method Security Manager will use to contact the device. Each device type has a default method, but you can select your preferred transport method. The device must be configured to respond to the method you select. If you are not performing device discovery, the device is not contacted. |
|
Protocol |
The protocol Security Manager should use when connecting to the device. |
Server |
For devices that use them, the name of the Auto Update Server (AUS) or Configuration Engine server the device uses to obtain configuration updates. The server must already be defined in Security Manager, or you must select the server from the import list, to import devices that use these servers. |
Device Identity |
For devices that use servers, the string value that uniquely identifies the device in the Auto Update Server or the Configuration Engine. |
Next button Finish button |
Click Next to continue to an optional page where you can select a device group for the added files. Otherwise, click Finish. If you are performing device discovery, the Discovery Status page appears, displaying the status of the device import and discovery. Security Manager attempts to log into each device and obtain the type of information you selected. The login attempts must be successful for the devices to be added to the inventory. If you are adding devices that contain modules, for example, a Catalyst switch with an FWSM, you are prompted for module discovery information. |
Use the Device Credentials page of the New Device wizard to add credentials for the device. For information about device credentials, see Understanding Device Credentials, page 5-5.
You are prompted for credentials only when adding devices manually or from the network.
Navigation Path
To start the New Device wizard, from Device view, select File > New Device, or click the Add button in the device selector.
Related Topics
•Understanding Device Credentials, page 5-5
•Adding Devices from the Network, page 5-8
•Adding Devices by Manual Definition, page 5-11
•Device Communication Page, page A-11
•Viewing or Changing Device Properties, page 5-17
Field Reference
|
|
---|---|
Required for all device types. These credentials are used for SSH and Telnet connections, and for HTTP and HTTPS connections if you select Use Primary Credentials in the HTTP group. |
|
Username |
The user name for logging into the device. Note PIX/ASA/FWSM devices require that user names be at least four characters. Passwords can be three to 32 characters; we recommend that passwords be at least eight characters. |
Password |
The password for logging into the device (User EXEC mode). In the Confirm field, enter the password again. |
Enable Password |
The password that activates enable mode (Privileged EXEC mode) on the device if the mode is configured on that device. In the Confirm field, enter the password again. |
Credentials for making HTTP or HTTPS connections to a device. Some devices support this type of connection, and other devices (such as IPS devices) require it. |
|
Use Primary Credentials Username Password |
Whether Security Manager should use the configured primary credentials for HTTP and HTTPS connections. If the device uses different credentials for HTTP/HTTPS connections, deselect Use Primary Credentials and enter the username and password configured for HTTP/HTTPS. Reenter the password in the Confirm field. Note PIX/ASA/FWSM devices require that user names be at least four characters. Passwords can be three to 32 characters; we recommend that passwords be at least eight characters. |
HTTP Port |
The port to use for HTTP connections. The default is port 80. Change this setting only if the device is configured to accept HTTP connections on a different port. |
HTTPs Port |
The port to use for HTTPS connections. The default is port 443 (unless a different default is configured in the Security Manager device communication settings). To change the default, first deselect Use Default. Change this setting only if the device is configured to accept HTTPS connections on a different port. |
IPS RDEP Mode |
The connection method to use for contacting IPS devices when making RDEP or SDEE connections (for event monitoring). |
Certificate Common Name |
The name assigned to the certificate. The common name can be the name of a person, system, or other entity that was assigned to the certificate. In the Confirm field, enter the common name again. |
|
|
RX-Boot Mode button |
Opens the RX-Boot Mode Credentials dialog box, where you can enter the credentials for booting the router from a reduced command-set image (RX-Boot). See RX-Boot Mode Credentials Dialog Box. If these credentials are for a Cisco router that runs from flash memory (where it boots only from the first file in flash), you must run an image other than the one in flash to upgrade the flash image. The RX-Boot credentials are for running this other image. |
SNMP button |
Opens the SNMP Credentials dialog box, where you can specify the SNMP community strings defined on the device. See SNMP Credentials Dialog Box. |
Test Connectivity button |
Tests whether Security Manager can connect to the device using the credentials you entered and the configured transport method. For more information about testing device connectivity, see Testing Device Connectivity, page 5-16 This button appears only if you are adding a device manually. If you are adding a device from the network, Security Manager automatically performs the test when you click Next or Finish. |
Next button |
Continues to the next wizard page. If you are adding devices from the network, Security Manager tests whether it can connect to the device using the identity and credentials you supplied. The Device Connectivity Test dialog box stays open while the test is in progress (see Device Connectivity Test Dialog Box). If the test fails, click Details to see detailed error information. |
Finish button |
Saves your wizard changes and closes the wizard. The behavior of clicking Finish differs depending on whether you are adding devices from the network or you are manually defining a device. •Adding Devices from the Network—Security Manager tests whether it can connect to the device using the identity and credentials you supplied. If the test succeeds, the Discovery Status page appears, displaying the status of the device import and discovery. Security Manager attempts to log into each device and obtain the type of information you selected, even if you selected no discovery. The login attempts must be successful for the devices to be added to the inventory. If you are adding devices that contain modules, for example, a Catalyst switch with an FWSM, you are prompted for module discovery information. •Adding Devices Manually—The system performs device validation tasks. If the data you entered is incorrect, the system generates error messages and displays the wizard page where the error occurs with a red error icon corresponding to it. |
Use the RX-Boot Mode Credentials dialog box to add RX-Boot mode credentials, which are used for booting the router from a reduced command-set image (RX-Boot).
Navigation Path
To open the RX-Boot Mode Credentials dialog box, click RX-Boot Mode in the Device Credentials page in either the New Device wizard (when adding a device manually or from the network), or the Device Properties page. For more information on getting to these pages, see:
Related Topics
•Understanding Device Credentials, page 5-5
Field Reference
|
|
---|---|
Username |
The RX-Boot Mode username. |
Password |
The RX-Boot Mode password. In the Confirm field, enter the password again. |
Use the SNMP Credentials dialog box to add SNMP credentials.
Navigation Path
To open the SNMP Credentials dialog box, click SNMP in the Device Credentials page in either the New Device wizard (when adding a device manually or from the network), or the Device Properties page. For more information on getting to these pages, see:
Related Topics
•Understanding Device Credentials, page 5-5
Field Reference
Use the Device Connectivity Test dialog box to view whether Security Manager can contact the device using the configured credentials.
Navigation Path
To start the device connectivity test, click Test Connectivity from the Credentials page in one of these areas:
•New Device wizard when adding a device manually. See Adding Devices by Manual Definition, page 5-11.
•Device Properties. To open the page, double-click a device in the Device selector or select Tools > Device Properties.
The connectivity test is done automatically when you click Next or Finish on the Credentials page when adding a device from the network.
Related Topics
•Testing Device Connectivity, page 5-16
•Viewing or Changing Device Properties, page 5-17
Field Reference
|
|
---|---|
Connectivity Protocol |
The transport protocol being used to log into the device. Security Manager uses the protocol specified in the device properties for the device, which is usually the default protocol configured on the Device Communications page (see Device Communication Page, page A-11). |
Connectivity Status |
Displays the status of the test and the time elapsed since the start of the test. |
Details button |
Click this button to display detailed information about the result of the test. •Passed tests—The details display the output of the show version command for PIX Firewall, Adaptive Security Appliances (ASA), Firewall Service Modules (FWSM), Cisco IOS routers, and VPN Services Modules (VPNSM), or the output of the getVersion command for IPS Sensors and Cisco IOS IPS Sensors. You can copy the command output and paste it into a file for analysis. •Failed tests—The detailed error message. |
Abort button |
Stops the connectivity test before it is completed. |
Use the Service Module Credentials dialog box to add the credentials required to log into supported service modules in a Catalyst device.
The dialog box includes a group for each slot that contains a supported module, and the type of module is indicated. For example, a group might be called Slot 3 (IDSM) Credentials, which indicates that there is an IDSM in the third slot of the chassis.
Note Although Security Manager discovers VPN modules, the discovery is done through the chassis and no credentials are required.
Navigation Path
After you discover policies on a Catalyst chassis that can contain service modules, you are asked if you want to discover its service modules. If you click Yes, this dialog box appears. You can perform policy discovery using any of these methods:
•When adding a device from the network. See Adding Devices from the Network, page 5-8.
•When adding devices from an export file. See Adding Devices from an Inventory File, page 5-12.
•When performing policy discovery on a device that is already in the inventory. See Discovering Policies on Devices Already in Security Manager, page 6-14.
Related Topics
•Configuring Security Contexts on Firewall Devices, page 14-82
Field Reference
Use the IPS Module Discovery dialog box to add the credentials required to log into an IPS module, such as an AIM-IPS or NME, on a router you are adding to the inventory.
Navigation Path
After you discover policies on a router chassis that contains an IPS module, you are asked if you want to discover its modules. If you click Yes, this dialog box appears. You can perform policy discovery using any of these methods:
•When adding a device from the network. See Adding Devices from the Network, page 5-8.
•When adding devices from an inventory file. See Adding Devices from an Inventory File, page 5-12.
•When performing policy discovery on a device that is already in the network. See Discovering Policies on Devices Already in Security Manager, page 6-14.
Field Reference
|
|
---|---|
Discovery |
The type of discovery for this module: •Discover Inventory and Policies—Discover inventory and security policies. This is the recommended option. •Discover Inventory Only—Do not discover security policies, but discover inventory, such as virtual sensors and interfaces. You can discover the policy configuration later by right-clicking the module and selecting Discover Policies on Device. •Do Not Discover Module—Skip discovery on this module and do not add it to the inventory. |
IP Address |
The management IP address for the module. |
The credentials required to log into the module. |
|
Username |
The username for the module. |
Password |
The password for the specified username. In the Confirm field, enter the password again. |
HTTP Port |
The port configured for HTTP access to the module. The default is 80. |
HTTPS Port |
The port configured for SSL (HTTPS) access to the module. The default is defined on the Device Communication page (Tools > Security Manager Administration > Device Communication, for more information, see Device Communication Page, page A-11). The port typically used is 443. To override the default, deselect Use Default and enter the correct port number. |
IPS RDEP Mode |
The connection method to use for contacting IPS devices when making RDEP or SDEE connections (for event monitoring). |
Certificate Common Name |
The name assigned to the certificate. The common name can be the name of a person, system, or other entity that was assigned to the certificate. In the Confirm field, enter the common name again. |
Use the Device Grouping page of the New Device wizard to assign devices to groups.
Navigation Path
To start the New Device wizard, from Device view, select File > New Device, or click the Add button in the device selector.
Related Topics
•Understanding Device Grouping, page 5-30
•Adding Devices to the Device Inventory, page 5-7
Field Reference
|
|
---|---|
Group Types, such as Department and Location |
The group types defined in Security Manager, for example, Department or Location. Each field contains a list of the device groups defined within that group type. Select the device groups to which the device should belong. If you want to create a new device group, or group type, select Edit Groups from the drop-down list for any of the existing group types. This opens the Edit Device Groups page, where you can create new groups and group types or delete them (see Edit Device Groups Dialog Box). |
Set values as default |
Whether to set the selected groups as the default groups. If you select this option, other devices you add are automatically added to these groups. |
Finish button |
Saves your wizard definitions and closes the wizard. After you click Finish, the system performs device validation tasks. If the data you entered is incorrect, the system generates error messages and displays the wizard page where the error occurs with a red error icon corresponding to it. Depending on the method you are using to add devices to the inventory, the Discovery Status dialog box might open displaying the status of policy and inventory discovery. |
Use the Device Delete Validation page to view error and warning messages during device deletion.
Navigation Path
Select a device from the Device selector, then click the Delete button or select File > Delete Device. This page appears only when there is an error or warning regarding the deletion.
Related Topics
•Deleting Devices from the Security Manager Inventory, page 5-25
Field Reference
Use the Create a Clone of Device dialog box to duplicate a device.
Navigation Path
•(Device view) Select the device and select File > Clone Device, or right-click the device in the Device selector and select Clone Device.
•(Map view) Right click a device and select Clone Device.
Related Topics
•Copying Policies Between Devices, page 6-22
Field Reference
You can open the Device Properties page in three ways:
•From the Device selector, right-click a device and select Device Properties.
•From the Device selector, double-click a device.
•Select a device and select Tools > Device Properties.
The Device Properties page has a table of contents in the left pane. Click an entry to view the related page in the right pane. The following topics describe the property categories:
Use the Device Properties General page to add or edit information about the basic properties of the device.
Navigation Path
•From the Device selector, right-click a device and select Device Properties, then click General.
•From the Device selector, double-click a device, then click General.
•Select a device and select Tools > Device Properties, then click General.
Related Topics
•Understanding Device Properties, page 5-6
Field Reference
|
|
---|---|
|
|
Device Type |
The type of device. |
IP Type |
Whether the IP address for the device is static (defined on the device) or dynamic (supplied by a DHCP server). Depending on the IP type you select, the displayed fields differ. |
Hostname (Static IP only) |
The DNS hostname for the device. This is not necessarily the same name that is configured as the hostname on the device. This property is not updated with the hostname specified in the Hostname device property. It is also not updated with the name defined in the device configuration if you rediscover the device. If you added the device to Security Manager by adding its configuration file, the hostname is initially set to the name specified in the configuration file. If no hostname is specified in the configuration, the name of the file is used as the DNS hostname. |
Domain Name (Static IP only) |
The DNS domain name for the device. |
IP Address (Static IP only) |
The management IP address of the device, for example 192.168.3.8. |
Display Name |
The name to display in the Security Manager Device selector. The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following characters: _ -. : and space. |
|
|
OS Type |
The family of the operating system running on the device. |
Image Name |
The name of the image running on the device. The image name is updated whenever you deploy to the device or rediscover its policies. |
Running OS Version |
The version of the operating system running on the device. |
Target OS Version |
The OS version on which you want to base the device's configuration. When creating a configuration file using the rules you configure, Security Manager uses commands available in the target OS version. This field is read-only for IPS devices. You cannot change the target OS version to a version that significantly changes the feature set available for the device. For more information, see Changes That Change the Feature Set in Security Manager, page 5-19. |
Options |
A read-only field whose values are NONE or IPS. The value IPS indicates that the IPS feature is available on the device. |
IPS Running OS Version |
A read-only field that displays the version of IOS IPS running on the router. This field does not appear if the Options field has the value of NONE. |
IPS Target OS Version |
A read-only field that displays the target version of IOS IPS running on the router. This field does not appear if the Options field has the value of NONE. |
Contexts |
Whether the device hosts a single security context (Single) or multiple security contexts (Multi). This field is displayed only if the OS type is an FWSM, ASA, or PIX Firewall 7.0. |
Operational Mode |
The mode in which the device is operating. This field is displayed only if the OS type is FWSM, ASA, or PIX Firewall 7.0. The options available are: Transparent, Routed, or Mixed. Mixed applies only to FWSM 3.1 and higher devices when you select Multi for Contexts. |
|
|
Transport Protocol |
The transport protocol that Security Manager should use when accessing the device or deploying configurations to it. If you select Use Default, the transport protocol set in the Device Communication page (Tools > Security Manager Administration > Device Communication) is used (see Device Communication Page, page A-11). You can select a different protocol if the device is not configured to use the default protocol. The available transport protocols differ depending on what the device type supports. |
|
|
Monitored By |
The CS-MARS server that monitors this device, if any. Click Discover CS-MARS to have Security Manager determine which CS-MARS server is monitoring the device. If only one CS-MARS server is monitoring it, the field is updated with the server name. If there is more than one, you are prompted to select the CS-MARS server to use. Your selection determines which server is accessed when you try to view CS-MARS collected syslogs or events when viewing firewall access rules or IPS signatures in the policy rule tables for the device. Before you can discover a CS-MARS server for the device, the server must be register with Security Manager on the CS-MARS administration page (Tools > Security Manager Administration > CS-MARS). For more information, see CS-MARS Page, page A-3. |
This group is named differently depending on the device type: •Auto Update—For PIX Firewall, FWSM, and ASA devices. •Configuration Engine—For Cisco IOS routers. Use these fields to identify the server that manages the device, if any. A server is required for a device with a dynamic IP address. |
|
Server |
The Auto Update Server or Configuration Engine that manages the device. You can add servers to the list by selecting Add Servers, which opens the Server Properties dialog box (see Server Properties Dialog Box. You can also edit the properties of a server by selecting Edit Server, which opens the Available Servers dialog box (see Available Servers Dialog Box). For more information on managing this list of servers, see Adding, Editing, or Deleting Auto Update Servers or Configuration Engines, page 5-14 |
Device Identity |
The string value that uniquely identifies the device in Auto Update Server or the Configuration Engine. |
Manage in Cisco Security Manager |
Whether Security Manager manages the device. If the only function of the device is to serve as a VPN end point, deselect this check box. Security Manager will not manage configurations nor will it upload or download configurations on this device. |
Use the Credentials page to edit device credential information. For information about device credentials, see Understanding Device Credentials, page 5-5.
Navigation Path
Double-click a device in the Device selector, then click Credentials on the Device Properties page.
Related Topics
•Understanding Device Properties, page 5-6
•Managing Device Communication Settings and Certificates, page 5-21
Field Reference
|
|
---|---|
Required for all device types. These credentials are used for SSH and Telnet connections, and for HTTP and HTTPS connections if you select Use Primary Credentials in the HTTP group. |
|
Username |
The user name for logging into the device. Note PIX/ASA/FWSM devices require that user names be at least four characters. Passwords can be three to 32 characters; we recommend that passwords be at least eight characters. |
Password |
The password for logging into the device (User EXEC mode). In the Confirm field, enter the password again. |
Enable Password |
The password that activates enable mode (Privileged EXEC mode) on the device if the mode is configured on that device. In the Confirm field, enter the password again. |
Credentials for making HTTP or HTTPS connections to a device. Some devices support this type of connection, and other devices (such as IPS devices) require it. |
|
Use Primary Credentials Username Password |
Whether Security Manager should use the configured primary credentials for HTTP and HTTPS connections. If the device uses different credentials for HTTP/HTTPS connections, deselect Use Primary Credentials and enter the user name and password configured for HTTP/HTTPS. Reenter the password in the Confirm field. Note PIX/ASA/FWSM devices require that user names be at least four characters. Passwords can be three to 32 characters; we recommend that passwords be at least eight characters. |
HTTP Port |
The port to use for HTTP connections. The default is port 80. Change this setting only if the device is configured to accept HTTP connections on a different port. |
HTTPs Port |
The port to use for HTTPS connections. The default is port 443 (unless a different default is configured in the Security Manager device communication settings). To change the default, first deselect Use Default. Change this setting only if the device is configured to accept HTTPS connections on a different port. Note If you configure the local HTTP policy to be a shared policy and assign the HTTP policy to multiple devices, the HTTPS port number setting in the shared policy overrides the port number configured in the Device Credentials page for all devices to which the policy is assigned. |
IPS RDEP Mode |
The connection method to use for contacting IPS devices when making RDEP or SDEE connections (for event monitoring). |
Certificate Common Name |
The name assigned to the certificate. The common name can be the name of a person, system, or other entity that was assigned to the certificate. In the Confirm field, enter the common name again. |
|
|
Authentication Certificate Thumbprint |
The certificate thumbprint for the device that is available in the Security Manager certificate data store. Click Retrieve From Device to obtain the current certificate from the device and to replace the one stored in Security Manager. |
RX-Boot Mode button |
Opens the RX-Boot Mode Credentials dialog box, where you can enter the credentials for booting the router from a reduced command-set image (RX-Boot). See RX-Boot Mode Credentials Dialog Box. If these credentials are for a Cisco router that runs from flash memory (where it boots only from the first file in flash), you must run an image other than the one in flash to upgrade the flash image. The RX-Boot credentials are for running this other image. |
SNMP button |
Opens the SNMP Credentials dialog box, where you can specify the SNMP community strings defined on the device. See SNMP Credentials Dialog Box. |
Test Connectivity button |
Tests whether Security Manager can connect to the device using the credentials you entered and the configured transport method. For more information about testing device connectivity, see Testing Device Connectivity, page 5-16 |
Use the Device Groups page to assign the device to device groups. You can also edit or delete device groups from this page.
Navigation Path
Double-click a device in the Device selector, then click Device Groups on the Device Properties page.
Related Topics
•Understanding Device Properties, page 5-6
Field Reference
|
|
---|---|
Group Types, such as Department and Location |
The group types defined in Security Manager, for example, Department or Location. Each field contains a list of the device groups defined within that group type. Select the device groups to which the device should belong. If you want to create a new device group, or group type, select Edit Groups from the drop-down list for any of the existing group types. This opens the Edit Device Groups page, where you can create new groups and group types or delete them (see Edit Device Groups Dialog Box). |
Set values as default |
Whether to set the selected groups as the default groups. If you select this option, other devices you add are automatically added to these groups. |
You can override the global settings for many types of policy objects from the Device Properties window of a selected device. This enables you to customize the definition of an object on that device. For more information, see Understanding Policy Object Overrides for Individual Devices, page 8-9.
The Policy Object Overrides folder in the table of contents includes all of the types of objects for which you can create overrides for the particular type of device. When you select an object type, the existing policy objects that are configured to allow device overrides appear in the table in the right pane, if any. If an object has an override already defined for the device, the Value Overridden? column contains a check mark.
You can create and manage overrides for these objects. Select an object and you can do the following:
•To create an override, click the Create Override button. This opens the edit dialog box for that type of object. Click the Help button for object-specific information.
•To edit an existing override, click the Edit Override button.
•To remove an override, click the Delete Override button.
Navigation Path
Double-click a device in the Device selector, then click the desired policy object type in the Policy Object Overrides folder in the table of contents in the left pane.
Related Topics
•Policy Object Overrides Window, page F-207
•Allowing a Policy Object to Be Overridden, page 8-10
•Creating or Editing Object Overrides for a Single Device, page 8-11
•Deleting Device-Level Object Overrides, page 8-12
Use the Export Inventory dialog box to export the Security Manager device inventory to a comma-separated values file that you can then import into a program that supports the format. The format types you can use are:
•Device Credential Repository (DCR)—The device management system for CiscoWorks Common Services.
•CS-MARS—Cisco Security Monitoring, Analysis and Response System.
•Cisco Security Manager—The Security Manager format is the DCR format with additional fields. If you are importing the inventory into another Security Manager server, selecting this format will allow you to import the inventory without discovering policies on the devices.
For a more detailed explanation of these formats, see Exporting the Device Inventory from the Security Manager Client, page 5-26.
You can select a subset of devices for export. The list from which you choose contains only those devices to which you have the appropriate modify permissions.
Navigation Path
To open the Export Inventory dialog box, select Tools > Export Inventory while in Device view.
Field Reference
|
|
---|---|
Available Devices pane |
Contains two elements: •Filter field—Filters and displays a subset of devices and groups based on the filtering criteria you define. For more information, see Create Filter Dialog Box. •Device Selector—Displays the devices whose information you have the permission to export from Security Manager. |
>> button << button |
Moves the selected devices from one pane to the other pane. To add a single device or multiple devices, select the devices or a group from the Available Devices pane, then click >>. The selected devices or all of the devices in the selected group move to the Selected Devices pane. To remove a device from the Selected Devices pane, select the device from the Selected Devices pane, then click <<. The selected device moves to the Available Devices pane. |
Selected Devices pane |
Displays all the devices whose information you are exporting. |
Export Inventory To Browse button |
The file name and path where the export file should be created. You can select only a location on the Security Manager server. Click Browse to open the Save As dialog box, where you can navigate to the desired folder, enter a name for the file, and select the file type to specify the desired organization of the CSV file. |
Use the Edit Device Groups dialog box to manage the device groups and group types defined in the device inventory.
Navigation Path
Do one of the following:
•Right-click a device group type or a device group in the Device selector and select Edit Device Groups.
•Select File > Edit Device Groups.
Related Topics
•Understanding Device Grouping, page 5-30
•Working with Device Groups, page 5-29
Field Reference
Use the Add Devices to Group page to add devices to the selected device group.
Navigation Path
Select a device group or group type in the Device selector and select File > Add Devices to Group, or right-click and select Add Devices to Group.
Related Topics
•Understanding Device Grouping, page 5-30
•Adding Devices to or Removing Them From Device Groups, page 5-32
Field Reference
|
|
---|---|
Available Devices pane |
Contains two elements: •Filter field—Filters and displays a subset of devices and groups based on the filtering criteria you define. For more information, see Create Filter Dialog Box. •Device Selector—Displays the devices that you have the permission to manage in Security Manager. |
>> button << button |
Moves the selected devices from one pane to the other pane. To add a single device or multiple devices, select the devices or a group from the Available Devices pane, then click >>. The selected devices or all of the devices in the selected group move to the Selected Devices pane. To remove a device from the Selected Devices pane, select the device from the Selected Devices pane, then click <<. The selected device moves to the Available Devices pane. |
Selected Devices pane |
Displays all the devices that you selected to add to a group. |
Use the Add Group dialog box to create a device group. Enter a unique name for the group.
Navigation Path
Select a device group or group type in the Device selector and select File > New Device Group, or right-click and select New Device Group.
Related Topics
•Understanding Device Grouping, page 5-30
•Creating Device Groups, page 5-32
•Adding Devices to or Removing Them From Device Groups, page 5-32
Use the Device Server Assignment dialog box to choose the devices for which you want to create and assign an Auto Update Server (AUS) or Configuration Engine. Using this dialog box to create and assign servers is necessary only if you have upgraded from a Security Manager release prior to 3.2.0. AUS and Configuration Engines are not migrated during an upgrade from 3.1.x, and devices managed by them need to be reassigned to them after the upgrade. These devices are differentiated by a red X icon partially covering the device icon. See Installation Guide for Cisco Security Manager for a description of the procedure to add AUS and Configuration Engines for such devices after they are migrated.
Note You can also import AUS and Configuration Engines from an inventory file from CiscoWorks Common Services Device Credential Repository (DCR). For more information about importing devices, see Adding Devices from an Inventory File, page 5-12.
Navigation Path
To access the Device Server Assignment dialog box, do one of the following:
•From the Device selector, right-click a device with a red X icon, then select Update Server Info.
•Click any red X icon in the device selection tree. A warning message is displayed stating that AUS and Configuration Engine information was not migrated after the upgrade process. Click Yes to add these servers manually.
Related Topics
•Adding, Editing, or Deleting Auto Update Servers or Configuration Engines, page 5-14
•Filtering Items in Selectors, page 2-14
Field Reference
|
|
---|---|
Available Devices |
Lists all devices managed by AUS and CNS with a red X icon. To assign an AUS or Configuration Engine to devices, select one or more items from this list, then click >> to add them to the Selected Devices list. |
Selected Devices |
Lists all devices for which you want to assign an AUS or Configuration Engine. To remove devices from this list, select the devices, then click <<. |
Server |
Enables you to select or add an Auto Update Server or a Configuration Engine. If the server does not appear in the list, select + Add Server... to display the Server Properties dialog box. For more information, see Server Properties Dialog Box. |
Use the Inventory Status window to view device properties and status for the devices that you are allowed to view. This window summarizes device information so that you do not have to open the device properties for each individual device.
In addition to device property information, you can view summary information about how the policies on each device are configured (whether local, shared, or not configured) and the policy objects that have overrides for each device.
If you are using Performance Monitor to monitor your devices, status information from Performance Monitor is included in the inventory summary. You can also view the status of configuration deployment to the device.
The Inventory Status window contains two panes. Use the upper pane to view a complete listing of all devices, to sort the devices by attribute, or to filter out certain ones. Use the lower pane to view the device property details of the device selected in the upper pane.
Navigation Path
Select Tools > Inventory Status.
Related Topics
•Viewing Inventory Status, page 5-25
•Configuring Status Providers, page 20-11
•Understanding Device Credentials, page 5-5
•Understanding Device Properties, page 5-6
Field Reference
|
|
---|---|
You can click on the column headings to sort the list based on that field. |
|
Export button |
Click this button to export the inventory as a comma-separated values (CSV) file. You are prompted to specify a file name and to select a folder on the Security Manager server. You can use the export file for reference or analysis. |
Filter |
When expanded, displays the filter bar, which enables you to filter the information based on conditions you set. For more information, see Filtering Tables, page 2-16. |
Display Name |
The name of the device as it is displayed in Security Manager. |
Deployment |
The status of the configuration deployment for the device. This column appears only if you enabled Deployment as a status provider (see Status Page, page A-37). |
Performance Monitor |
The status for the device as reported by Performance Monitor. This column appears only if you configured the device to be monitored by a Performance Monitor server, and you configured Security Manager to obtain status from that server. For more information, see Status Page, page A-37. |
OS Type |
The family of the operating system running on the device, for example, IOS, IPS, ASA, FWSM, or PIX. |
Running OS Version |
The version of the operating system running on the device. |
Target OS Version |
The target OS version for which you want to apply the configuration. Configurations are based on the commands supported by this version. |
Host Name.Domain Name |
The DNS host and domain names for the device. |
IP Address |
The management IP address of the device. |
Device Type |
The type of device. |
|
|
Inventory |
Lists summary information about the selected device's device properties, deployment methods, device group membership, and the parent device for modules. |
Policy |
Lists the current status of the policies that can be configured for the selected device, whether the policy is unassigned (not defined), a local policy, or a shared policy. |
Policy Object Overrides |
Lists policy objects that have overrides defined for the selected device. For more information on policy object overrides, see Policy Object Override Pages. |
Status |
Lists status providers with any status messages for the selected device. The time stamp indicates the time of the last change in status for the device, not the time of the latest polling of the device. Also shown is the highest severity level of the status messages. For Performance Monitor, the event statuses are equivalent to the following Performance Monitor event priorities: •Critical events—P1, P2. •Major events—P3. •Minor events—P4. •Warning events—P5. |
Navigation buttons |
Click the navigation buttons to move through the inventory list. From left to right, buttons mean go to the first device in the list, go to the previous device, go to the next device, and go to the last device. The center field indicates which device is currently selected based on the row number (for example 5/10 means the fifth of 10 devices in the list). |