User Guide for Cisco Security Manager 4.1
Index
Downloads: This chapterpdf (PDF - 3.4MB) The complete bookPDF (PDF - 25.75MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z

Index

Numerics

12.1 and 12.2

managing routers 55-2

3DES encryption algorithm

in IKE proposals 22-6

802.1x

802.1x Policy page 58-5

defining policies 58-4

interface authorization states 58-2

on Cisco IOS routers 58-1

supported topologies 58-3

understanding device roles 58-2

A

AAA

about 44-1

Cisco IOS routers

AAA Policy page 57-6

Accounting tab 57-10

Authentication tab 57-6

Authorization tab 57-7

Command Accounting dialog box 57-12

Command Authorization dialog box 57-9

defining services 57-4

overview 57-2

supported accounting types 57-3

supported authorization types 57-2

understanding method lists 57-3

configuring access control for IPS 32-19

configuring on firewall devices 44-1

credentials for device access 3-4

device administration 44-4

local fallback 44-3

network access 44-4

PIX/ASA/FWSM 44-4

Accounting tab 44-7

Authentication tab 44-4

Authorization tab 44-6

support 44-2

VPN access 44-4

AAA authentication groups

predefined 6-23

AAA firewall

MAC exempt lists 13-21

AAA Firewall page

Advanced Setting tab 13-18

AAA firewall policy

advanced settings 13-18

configuring 13-5

AAA rules

AAA Rules page 13-9

ACL naming conventions 12-5

combining rules

example 12-23

interpreting results 12-21

procedure 12-19

configuring AAA firewall settings (PIX/ASA/FWSM) 13-5

configuring AuthProxy settings (IOS) 13-8

configuring for ASA/PIX/FWSM devices 13-4

configuring for IOS devices 13-7

configuring in Map view 31-23

configuring settings

for IOS devices in Map view 31-24

for PIX/ASA/FWSM in Map view 31-24

deleting 12-8

disabling 12-17

editing 12-9

enabling 12-17

managing 13-1

moving 12-16

preserving ACL names 12-4

properties 13-12

understanding 13-1

understanding how users authenticate 13-3

understanding NAT effects 12-3

understanding processing order 12-2

AAA Rules page 13-9

AAA server group objects

attributes 6-40

creating 6-39

default server groups on IOS devices 6-24

predefined authentication groups 6-23

understanding 6-20

AAA server objects

creating 6-25

HTTP-FORM settings 6-35

Kerberos settings 6-31

LDAP settings 6-32

NT settings 6-34

RADIUS settings 6-28

SDI settings 6-34

supported additional types for ASA/PIX/FWSM 6-22

supported types 6-21

TACACS+ settings 6-30

understanding 6-20

AAA servers

supported types on ASA, PIX, FWSM devices 6-22

Abort the Job dialog box 8-48

About Configuration Manager command 1-32

ABR

definition 51-2

access control list objects

creating 6-42

extended objects 6-43

standard objects 6-45

web objects 6-46

access control lists

GET VPN security policies 25-10

policy discovery 5-14

access control lists (ACLs)

names preserved during discovery 12-4

naming conventions 12-5

resolving naming conflicts 12-6

access controls

configuring ACL names (IPv4 or IPv6) 14-17

configuring settings 14-17

configuring settings in Map view 31-24

Access Control Settings page 14-19

Access Group tab (IGMP) 50-5

Access Interface Configuration dialog box (ASA) 27-36

access permissions

Event Viewer 63-3

maps 31-8

Report Manager 64-4

access policies

configuring 27-36

reference 27-33

understanding 27-32

access ports

Create and Edit Interface dialog boxes-Access Port mode 62-9

understanding 62-5

access rule

look up

from device managers 65-13

access rules

access control settings 14-19, 14-21

Access Rules page 14-9

ACL naming conventions 12-5

address requirements 14-5

Advanced dialog box 14-14

combining rules

example 12-23

interpreting results 12-21

procedure 12-19

configuring 14-7

configuring access control settings 14-17

configuring in Map view 31-23

controlling non-IP layer-2 traffic 19-1

deleting 12-8

disabling 12-17

Edit Firewall Rule Expiration dialog box 14-16

editing 12-9

enabling 12-17

examples of event analysis

user access to server blocked 63-49

expiration dates 14-17

finding from CS-MARS events 65-30

finding from Event Viewer events 63-47

generating analysis reports 14-22

hit counts

analyzing results 14-28

generating 14-24

how deployed 14-5

import examples 14-34

importing 14-30

IPS blocking, affect of 39-4

managing 14-1

moving 12-16

optimizing during deployment 14-36

packet tracer, analyzing with 65-1

preserving ACL names 12-4

Report Manager reports

firewall traffic reports 64-12

rule attributes 14-11

sharing ACLs among interfaces 11-10

syslog messages supported for look-up 65-31

understanding 14-2

understanding device-specific behavior 14-5

understanding global 14-3

understanding NAT effects 12-3

understanding processing order 12-2

understanding requirements when using inspection 15-4

viewing related CS-MARS events 65-26

Access Rules page 14-9

accounts and credentials

Cisco IOS routers

overview 57-13

PIX/ASA/FWSM

user accounts 47-6

user accounts, add/edit 47-7

accounts and credentials policies

Accounts and Credentials Policy page 57-15

User Accounts dialog box 57-17

ACLs

configuring names (IPv4 or IPv6) 14-17

ACS user authorization

configuring notifications when unavailable 1-21

Event Viewer 63-3

how permissions affect what you can do 1-8

Report Manager 64-4

Active/Active failover

about 46-3

command replication 46-4

configuration synchronization 46-4

Active/Standby failover 46-2

activities

accessing functions 4-7

Activity Manager window 4-8

Approved state 4-4

approving 4-2, 4-16

benefits of 4-2

closing 4-12

creating 4-10

discarding 4-17

Edit state 4-4

locking 4-3

managing 4-1

multiple users 4-4

opening 4-11

overview 1-16

rejecting 4-16

responding to the Activity Required dialog box 4-11

states 4-4

Submitted state 4-4

submitting for approval 4-15

understanding 4-1

validating 4-14

viewing change reports 4-12

viewing status and history 4-18

working with 4-6

Activities command 1-28

Activities menu 1-30

Activity Manager window 4-8

Activity Required dialog box 4-11

Add/Edit AnyConnect Client Image dialog box (ASA) 27-50

Add/Edit Collector dialog box 49-2

Add/Edit Content Rewrite dialog box (ASA) 27-40

Add/Edit DAP Entry Dialog Box > Device 28-25

Add/Edit File Encoding dialog box 27-41

Add/Edit Multicast Route dialog box 50-8, 50-10

description 50-9

Add/Edit PIM Neighbor Filter dialog box 50-13

Add/Edit Proxy Bypass dialog box 27-45

Add AAA Rule dialog box 13-12

Add AAA Server dialog box 6-26

Add AAA Server Group dialog box 6-40

Add Access List dialog box (Allowed Hosts policy) 32-7

Add Access Rule dialog box 14-11

Add an Entry dialog box 35-26

Add AOL Class Map dialog box 15-23, 18-16

Add A Port Forwarding Entry dialog box 30-25

Add ASA Group Policies dialog box

client configuration settings 30-4

client firewall attributes 30-5

connection settings 30-19

DNS/WINS settings 30-17

hardware client attributes 30-7

IPSec settings 30-8

overview 30-1

split tunneling settings 30-18

SSL VPN clientless settings 30-10

SSL VPN full client settings 30-12

SSL VPN settings 30-14

Technology settings 30-1

Add A Smart Tunnel Entry dialog box 30-48

Add Auto Signon Rules dialog box 30-16

Add Cat6k Block Vlan dialog box 39-16

Add Certificate dialog box 11-15

Add Certificate Filter dialog box 21-54

Add Cisco Secure Desktop Configuration dialog box 30-20

Add Client Access Rules dialog box 30-10

Add Client Update dialog box 30-60

Add Column dialog box 30-42

Add Custom Pane dialog box 30-42

Add Custom Signature dialog box 35-12

Add DCE/RPC Map dialog box 15-25

Add Destinations dialog box 12-10

Add Device from Network wizard

Device Credentials page 3-39

Add Devices to Group command 1-25

Add Devices to Group dialog box 3-55

Add DNS Class Map dialog box 15-23

Add DNS Map dialog box

Filtering tab 15-28

overview 15-26

Protocol Conformance tab 15-27

Add eDonkey Class Map dialog box 15-23, 18-16

Add ESMTP Map dialog box 15-32

Add Extended Access Control Entry dialog box 6-49

Add Extended Access List dialog box 6-47

Add External Filter dialog box 18-39

Add FastTrack Class Map dialog box 15-23, 18-16

Add File Object dialog box 30-22

Add FlexConfig dialog box 7-30

Add FTP Class Map dialog box 15-23

Add FTP Map dialog box 15-35

Add Gnutella Class Map dialog box 15-23, 18-16

Add Group dialog box 3-54

Add Group Member dialog box 25-19

Add GTP Map dialog box 15-38

Add H.323 Class Map dialog box 15-23, 18-16

Add H.323 Map dialog box 15-43, 18-32

Add HSI Endpoint IP Address dialog box 15-46

Add HSI Group dialog box 15-45

Add HTTP Class Map dialog box 15-23, 18-16

Add HTTP Map dialog box 18-32

ASA 7.1.x, PIX 7.1.x, FWSM 3.x, IOS devices

Entity Length tab 15-50

Extension Request Method tab 15-52

General tab 15-49

overview 15-48

Port Misuse tab 15-53

RFC Request Method tab 15-52

Transfer Encoding tab 15-54

ASA 7.2+ and PIX 7.2+ devices 15-55

Add ICQ Class Map dialog box 15-23, 18-16

Add IKEv1 Proposal dialog box 22-10

Add IKEv2 Proposal dialog box 22-13

Add IMAP Class Map dialog box 15-23, 18-16

Add IMAP Map dialog box 18-32

Add IM Class Map dialog box 15-23

Add IM Map dialog box 18-32

ASA and PIX device 15-60

IOS device 15-63

Add Inspect/Application FW Rule wizard

Address and Port page 15-11

Inspected Protocol page 15-15

Match Traffic page 15-10

Add Inspect Parameter Map dialog box 18-28

Add Interfaces dialog box 12-12

Add IP Options Map dialog box 15-65

Add IPsec Pass Through Map dialog box 15-66

Add IPSec Transform Set dialog box 22-23

Add IPv6 Network/Host dialog box 6-67

Add Kazaa2 Class Map dialog box 15-23, 18-16

Add Key Server dialog box 25-19

Add Language dialog box 30-37

Add LDAP Attribute Map dialog box 6-37

Add LDAP Attribute Map Value dialog box 6-38

Add Link command 1-27

Add Link dialog box 31-20

Add Local Rules command 1-27

Add Local Web Filter Class Map dialog box 15-23, 18-16

Add Local Web Filter Parameter Map dialog box 18-36

Add Map Object command 1-27

Add Map Object dialog box 31-18

Add Map Value dialog box 6-38

Add Match Condition and Action dialog box

DNS policy maps 15-29

ESMTP policy maps 15-33

FTP policy maps 15-36

GTP policy maps 15-41

H.323 (IOS) policy maps 18-33

H.323 policy maps 15-46

HTTP (Zone Based IOS) policy maps 18-33

HTTP policy maps 15-57

IM (Zone Based IOS) policy maps 18-33

IMAP policy maps 18-33

IM policy maps 15-61

P2P policy maps 18-33

POP3 policy maps 18-33

SIP (IOS) policy maps 18-33

SIP policy maps 15-70

Skinny policy maps 15-74

SMTP policy maps 18-33

Sun RPC policy maps 18-33

Web Filter policy maps 18-33

Add Match Criterion dialog box

AOL class maps 18-18

DNS class maps 15-29

eDonkey class maps 18-19

FastTrack class maps 18-19

FTP class maps 15-36

Gnutella class maps 18-19

H.323 (IOS) class maps 18-19

H.323 class maps 15-46

HTTP (IOS) class maps 18-20

HTTP class maps 15-57

ICQ class maps 18-18

IMAP class maps 18-22

IM class maps 15-61

Kazaa2 class maps 18-19

Local Web Filter class maps 18-27

MSN Messenger class maps 18-18

N2H2 class maps 18-28

POP3 class maps 18-22

SIP (IOS) class maps 18-22

SIP class maps 15-70

SMTP class maps 18-24

Sun RPC class maps 18-27

Websense class maps 18-28

Windows Messenger class maps 18-18

Yahoo Messenger class maps 18-18

Add MSN Messenger Class Map dialog box 15-23, 18-16

Add N2H2 Parameter Map dialog box 18-37

Add N2H2 Web Filter Class Map dialog box 15-23, 18-16

Add NAT Rule dialog box

ASA 8.3+ 20-35

Add NetBIOS Map dialog box 15-67

Add Network/Host dialog box

General tab 6-67

NAT tab 20-39

Add New Device wizard

Device Credentials page 3-39

Add New Security Association dialog box 21-55

Add or Edit Plug-in Entry dialog box (ASA) 27-46

Add or Edit Status Providers dialog box 11-37

Add Other Devices dialog box 8-51

Add P2P Map dialog box 18-32

Add Permit Response dialog box 15-40

Add PIX/ASA/FWSM Web Filter Rule dialog box 16-5

Add PKI Enrollment dialog box

CA Information tab 22-51

Certificate Subject Name tab 22-57

Enrollment Parameters tab 22-55

overview 22-50

Trusted CA Hierarchy tab 22-58

Add POP3 Class Map dialog box 15-23, 18-16

Add Port Forwarding List dialog box 30-24

Add Port List dialog box 6-74

Add Protocol Info Parameter Map dialog box 18-31

Add Regular Expression dialog box 15-77

Add Regular Expression Group dialog box 15-76

Address Pools

PIX/ASA/FWSM 20-18

add/edit 20-18

address pools

overriding in connection profiles 26-8

Add Row command 1-26

Add Rule Section dialog box 12-18

Add Server dialog box

Protocol Info Parameter maps 18-32

Add Service dialog box 6-75

Add Services dialog box 12-11

Add Single Sign On Server dialog boxes 30-26

Add SIP Class Map dialog box 15-23, 18-16

Add SIP Map dialog box 15-68, 18-32

Add Skinny Map dialog box 15-73

Add SLA Monitor dialog box 47-9

Add Smart Tunnel Auto Signon Entry dialog box 30-51

Add Smart Tunnel Auto Signon Lists dialog box 30-50

Add Smart Tunnel Lists dialog box 30-47

Add SMTP Class Map dialog box 15-23, 18-16

Add SMTP Map dialog box 18-32

Add SNMP Map dialog box 15-75

Add Sources dialog box 12-10

Add SSL VPN Customization dialog box 30-31

Applications 30-41

Copyright Panel 30-39

Custom Panes 30-41

Full Customization 30-40

Home Page 30-43

Informational Panel 30-38

Language 30-35

Logon Form 30-37

Logout Page 30-44

Title Panel 30-34

Toolbar 30-40

Add SSL VPN Gateway dialog box 30-45

Add Standard Access Control Entry dialog box 6-51

Add Standard Access List dialog box 6-47

Add Sun RPC Class Map dialog box 15-23, 18-16

Add Sun RPC Map dialog box 18-32

Add TCP Map dialog box 53-17

Add TCP Option Range Dialog Box 53-19

Add Text Object dialog box 7-32

Add Time Range dialog box 6-54

Add Traffic Flow dialog box 53-13

Add Transparent Firewall Rule dialog box 19-5

Add Trend Content Filter Class Map dialog box 15-23, 18-16

Add Trend Parameter Map dialog box 18-39

Add URL Domain Name dialog box 18-43

Add URLF Glob Parameter Map dialog box 18-43

Add URL Filter Parameter Map dialog box 18-41

Add User dialog box 32-17

Add User Group dialog box

Advanced PIX 6.3 settings 30-61

Browser Proxy settings 30-67

Client (IOS) settings 30-58

Clientless settings 30-62

Client VPN Software Update (IOS) settings 30-60

DNS/WINS settings 30-56

General settings 30-55

IOS Xauth Options settings 30-59

overview 30-53

Split Tunneling settings (Easy VPN/remote access IPSec VPN) 30-57

SSL VPN Connection settings 30-68

SSL VPN Full Tunnel settings 30-64

SSL VPN Split Tunneling settings 30-65

Technology settings 30-53

Thin Client settings 30-63

Add User Profile dialog box 39-12

Add Virtual Sensor dialog box 34-7

Add Web Access Control Entry dialog box 6-52

Add Web Filter Map dialog box 18-45

Add WebSense Parameter Map dialog box 18-37

Add Websense Web Filter Class Map dialog box 15-23, 18-16

Add Web Type Access List dialog box 6-47

Add Windows Messenger Class Map dialog box 15-23, 18-16

Add WINS Server dialog box 30-69

Add WINS Server List dialog box 30-69

Add Yahoo Messenger Class Map dialog box 15-23, 18-16

Add Zones dialog box 12-12

admin context 54-1

administration

selecting policies to manage 5-10

administrative settings, configuring 11-1

admin password, changing 10-20

ADSL

ADSL Policy page 56-36

ADSL Settings dialog box 56-37

defining settings 56-35

supported operating modes 56-34

ADSL policies

unable to deploy 9-14

Advanced dialog box

access rules (IPv4 and IPv6) 14-14

Advanced NAT Options

PIX/ASA/FWSM

add/edit 20-29

Advanced settings

interface configuration

PIX/ASA/FWSM 42-40

AES encryption algorithm

in IKE proposals 22-6

AIM-IPS interfaces

IPS Module Interface Settings page 56-22

AIP-SSM/SSC

ASA 53-12

Alarm Indication Signal (AIS) cells 56-50

allowed hosts, configuring for IPS 32-7

Allowed Hosts policy 32-7

Analysis Engine global variables

configuring 32-26

analysis reports

generating 14-22

anomaly detection

configuring 37-6

configuring histograms 37-10

configuring learning accept mode 37-8

configuring signatures 37-4

configuring thresholds 37-10

managing 37-1

modes 37-2

understanding 37-1

understanding histograms 37-9

understanding thresholds 37-9

understanding worms 37-2

when to turn off 37-4

zones

overview 37-3

anti-spoofing 52-2

AnyConnect

client images 27-48, 27-49

profiles 27-48, 27-49

AnyConnect Client Image dialog box (ASA) 27-49

AOL class map objects

creating 18-14

match criteria 18-18

Apply IPS Update command 1-30

Apply IPS Update wizard 40-7

Approve Activity command 1-31

Approve Activity dialog box 4-16

Approved activity state 4-4

Approve Deployment Job dialog box 8-19, 8-37

Area Border Router

See ABR 51-2

ARP

PIX/ASA/FWSM

configuration 43-4

inspection 43-5

inspection, enable/disable 43-6

table 43-3

ARP table

static entry 43-3, 43-4

ASA

ASDM 65-11

Failover

Add Failover Group 46-23

edit bridge group 46-15

IPS modules 53-12

policy discovery 5-13

rollback, commands to recover from failover misconfiguration 8-62

rollback command conflicts 8-61

rollback restrictions for failover devices 8-58

rollback restrictions for multiple context mode 8-58

security contexts

allocate interfaces 54-8

configuration 54-7

viewing allocated interfaces 54-9

setting up AUS or CNS 2-8

setting up SSL (HTTPS) 2-3

TCP State Bypass 53-3

ASA 5505

Management IPv6 43-11

ports and interfaces 42-5

ASA 8.3+

NAT policies

Add/Edit NAT rules dialog boxes 20-35

Translation Rules page 20-33

ASA Cluster Load Balance page 27-5

ASA devices

5505

hardware port configuration 42-37

AAA support 6-22

adding or changing modules 3-34

adding SSL thumbprints manually 9-4

Bridge Groups

add/edit 42-39

changing those selected for reports 64-20

configuring for event management 63-24

configuring for report management 64-3

configuring IKE and IPsec policies 22-1

configuring IKEv2 authentication 22-58

configuring transparent firewall rules 19-1

Easy VPNs

connection profiles 24-13

Event Viewer support 63-4

FlexConfig object samples 7-19

global access rules 14-3

interfaces 42-13

add/edit 42-18

Advanced tab 42-25

configuring 42-2

edit EtherChannel-assigned interface 42-10

EtherChannels 42-8, 42-12

General tab 42-19

IP Type 42-34

IPv6 42-27

IPv6, add/edit 42-31

IPv6, add/edit prefixes 42-32

LACP 42-10

MAC address 42-36

PPPoE Users 42-42

VPDN groups 42-43

licenses 2-11

monitoring service level agreements 47-7

object group search 14-20

packet capture, using 65-7

packet tracer, using 65-1

remote access SSL VPNs

advanced settings 27-54

Anyconnect client settings 27-48, 27-49

browser plug-ins 27-46

configuring HTTP/HTTPS proxies and proxy bypass 27-43

content rewrite rules 27-39

encoding rules 27-41

Kerberos Constrained Delegation (KCD) 27-51, 27-53

other settings 27-37

performance settings 27-38

shared license 27-55

shared license clients (ASA) 27-57

shared license servers (ASA) 27-58

remote access VPNs

access policies (ASA), configuring 27-36

access policies (ASA), reference 27-33

access policies (ASA), understanding 27-32

AnyConnect client image settings (ASA) 27-50

certificate to connection profile map policy (IKEv1) 27-25

certificate to connection profile map rules (IKEv1 IPSec) 27-26

cluster load balancing 27-4, 27-5

configuring bookmarks 27-64

configuring portal appearance 27-59

configuring WINS servers for file system access 27-69

connection profiles 27-6, 27-8

creating IPSec 26-24

creating SSL 26-14

customizing 27-58

device support 26-8

dynamic access policies 28-1, 28-2

dynamic access policy (DAP) attributes 28-3, 28-7

Dynamic Access policy page (ASA) 28-10

fragmentation settings 22-36

group policies, configuring 27-21

group policies, creating 27-23

group policies, understanding 27-22

IKE proposals 22-9

IKEv2 settings 22-30

IPsec proposals 27-30

ISAKMP/IPsec settings 22-26

managing 27-1

NAT settings 22-34

policy overview 27-2

post URL method and macro substitutions in bookmarks 27-65

proxy bypass rules (ASA) 27-45

Public Key Infrastructure (PKI) 22-48

secure desktop manager policies 28-8

smart tunnels 27-66

understanding IKE 22-5

understanding NAT settings 22-33

wizard 26-13

Report Manager reports

firewall summary botnet reports 64-13

firewall traffic reports 64-12

general VPN reports 64-15

VPN top reports 64-14

selecting for Event Viewer 63-29

selecting policy types to manage 5-10

SSL certificate configuration 11-13

ASA group policies objects

client configuration settings 30-4

client firewall attributes 30-5

connection settings 30-19

DNS/WINS settings 30-17

hardware client attributes 30-7

IPSec settings 30-8

split tunneling settings 30-18

SSL VPN clientless settings 30-10

SSL VPN full client settings 30-12

SSL VPN settings 30-14

technology settings 30-1

ASBR

definition 51-2

ASCII limitations for text 1-38

ASDM

access rule look-up 65-13

device manager 65-11

ASR

zone-based firewall

global parameters 18-48

restrictions 18-3

assignment overview 1-15

Assignments tab, Policy view 5-51

Assign Shared Policy command 1-26

Assign Shared Policy dialog box 5-40

Asymmetric Digital Subscriber Line (ADSL)

on Cisco IOS routers 56-33

Asymmetric Routing Groups 42-4

Asynchronous Transfer Mode (ATM) 56-46

ATM 56-46

virtual channel connections (VCCs) 56-46

virtual channel identifier (VCI) 56-46

virtual path connections (VPCs) 56-46

virtual path identifier (VPI) 56-46

Attack Response Controller 39-1

attacks

broadcast 15-4

Denial of Service (DoS) 15-5

spoofing 15-4

SYN flooding 15-5

audit logs

configuring default settings 11-31

purging entries 10-19

understanding 10-16

working with 10-16

Audit Message Detail dialog box 10-17

Audit Report command 1-29

audit reports

generating and viewing 10-16

understanding 10-16

working with 10-16

Audit Report window 10-17

AUS

deploying configurations 8-39

deployment method 8-10

setting up 2-7

setting up on PIX Firewall and ASA devices 2-8

authentication

routing protocols 51-2

Authentication-Authorization-Accounting

see AAA 44-1

Authentication Header (AH) encryption algorithm 22-25

authentication methods

certificates (RSA signatures) 22-8

in IKE proposals 22-8

preshared keys 22-8

authentication testing

SSH 2-5

authorization proxy (AuthProxy)

configuring AAA rules 13-7

AuthProxy

configuring settings in Map view 31-24

AuthProxy dialog box 13-17

AuthProxy page 13-23

AuthProxy settings policy

configuring 13-8

autolink

omitting reserved networks from maps 11-2

auto signon rules

ASA group policy objects 30-16

Auto Update Server (AUS)

adding 3-31

licensing 10-15

PIX/ASA/FWSM 48-1

add/edit server 48-3

troubleshooting deployment 9-17

Auto Update Server Properties dialog box 3-32

Available Bit Rate (ABR) 56-47

Available Servers dialog box 3-34

B

background image, map

deleting 31-13

importing 31-13

scale and position 31-13

setting 31-13

backup

event data store 63-31

backup.pl command 10-21

Backup command 1-30

backups, Security Manager database 10-21

bandwidth

VPN user reports 64-14, 64-15

banners

configuring on firewall devices 44-8

benefits of product 1-2

BGP routing

BGP Routing Policy page 61-4

defining routes 61-2

Neighbors dialog box 61-6

on Cisco IOS routers 61-1

redistributing routes 61-3

Redistribution Mapping dialog box 61-7

Redistribution tab 61-6

Setup tab 61-4

Bidirectional Neighbor Filter 50-14

Bidirectional Neighbor Filter tab

PIM 50-13

blocking, IPS

configuring 39-7

configuring ARC 39-1

configuring blocking devices 39-14

configuring master blocking sensors 39-13

configuring never block hosts and networks 39-17

configuring router blocking interfaces 39-15

configuring user profiles 39-12

configuring VLAN blocking interfaces 39-16

general options 39-10

master blocking sensor 39-6

policy 39-8

rate limiting 39-4

router and switch blocking devices 39-4

strategies 39-3

understanding 39-1

Blocking page 39-8

Boot image/configuration

PIX/ASA 44-9

add/edit 44-11

bootstrap configuration

Failover 46-25

Botnet Traffic Filter Drop Rules Editor 17-13

botnet traffic filter rules

adding static entries 17-5

blocking blacklisted traffic 17-7

configuring DNS snooping 15-17

configuring in Map view 31-23

configuring the dynamic database 17-4

configuring with IPS global correlation 38-1

databases 17-1

Device Blacklist dialog box 17-15

Device Whitelist dialog box 17-15

Drop Rules Editor 17-13

Dynamic Blacklist Configuration tab 17-10

enabling DNS snooping 17-6

field definitions 17-9

illustrations 17-1

mitigating botnet activity 63-55

monitoring

activity using ASDM 63-54

activity using Event Viewer 63-52, 63-54

overview 63-51

understanding botnet syslog events 63-51

overview 17-1

preserving ACL names 12-4

Report Manager reports

firewall summary botnet reports 64-13

task flow 17-3

traffic classification 17-7

Traffic Classification dialog box 17-12

Traffic Classification tab 17-11

understanding 17-1

understanding NAT effects 12-3

understanding processing order 12-2

Whitelist/Blacklist tab 17-15

bridge group

failover

editing 46-15

Bridge Groups

ASA/FWSM

add/edit 42-39

bridge groups

defining 57-19

FWSM 3.1 43-3

Bridging

ASA 5505

Management IPv6 43-11

PIX/ASA/FWSM

ARP configuration 43-4

ARP Inspection 43-5

ARP Inspection, enable/disable 43-6

ARP Table 43-3

MAC Address, add/edit 43-8

MAC Address Table 43-7

MAC Learning 43-9

MAC Learning, enable/disable 43-9

Management IP address 43-10

bridging

Cisco IOS routers

Bridge Group dialog box 57-21

Bridging Policy page 57-20

BVI interfaces 57-18

overview 57-18

configuring transparent firewall rules 19-1

PIX/ASA/FWSM

about 43-1

configuring on 43-1

broadcast attacks, preventing 15-4

broadcasts

enabling directed on routers 56-20

browser plug-ins

configuring 27-46

bypass mode

configuring for IPS 33-12

C

CA server authentication methods

SCEP (Simple Certificate Enrollment Protocol) 22-43

Cat6k Device dialog box 39-14

Catalyst 6500/7600 devices

configuring FWSM in site-to-site VPNs 21-45

configuring SSH 2-6

default transport protocol 11-13

deployment 8-26

FlexConfig object samples 7-22

IPS blocking devices 39-4

policy discovery for FWSM 5-13

rollback restrictions 8-59

Catalyst 6500/7600 switches

including in deployment jobs 8-26

Catalyst devices

policy discovery 5-13

remote access VPNs

Dynamic VTI/VRF Aware IPsec settings 29-7

high availability 29-11

IPsec proposals 29-4

user group policies 29-13

VPNSM/VPN SPA/VSPA settings 29-6

Catalyst platform policies

IDSM settings policy

Create and Edit IDSM Data Port VLANs dialog boxes 62-49

Create and Edit IDSM EtherChannel VLANs dialog boxes 62-49

IDSM Settings page 62-47

IDSM Slot-Port Selector dialog box 62-50

interfaces/VLANs policy

Access Port Selector dialog box 62-30

Create and Edit Interface dialog boxes-Access Port mode 62-9

Create and Edit Interface dialog boxes-Dynamic Port mode 62-18

Create and Edit Interface dialog boxes-Other mode 62-24

Create and Edit Interface dialog boxes-Routed Port mode 62-12

Create and Edit Interface dialog boxes-subinterfaces 62-22

Create and Edit Interface dialog boxes-Trunk Port mode 62-14

Create and Edit VLAN dialog boxes 62-28

Create and Edit VLAN Group dialog boxes 62-34

Interfaces tab 62-7

Service Module Slot Selector dialog box 62-35

Summary tab 62-3

Trunk Port Selector dialog box 62-31

VLAN Groups tab 62-33

VLAN Selector dialog box 62-35

VLANs tab 62-27

VLAN access lists policy

Create and Edit VLAN ACL Content dialog boxes 62-41

Create and Edit VLAN ACL dialog boxes 62-41

VLAN Access Lists page 62-39

Catalyst Summary Info command 1-30

Catalyst switches

configuring SSH 2-6

default transport protocol 11-13

showing modules, security contexts, and virtual sensors 3-47

Catalyst switches/7600 routers

troubleshooting deployment 9-15

Catalyst switches and 7600 devices

IDSM mode support 62-43

interface deployment failure 9-15

internal VLAN deployment failure 9-15

supported VTP modes 62-1

Catalyst switches and 7600 Series routers

access ports 62-5

Catalyst Summary Info page 62-2

defining IDSM Data Port VLANs 62-46

defining IDSM EtherChannel VLANs 62-44

defining ports 62-5

defining VACLs 62-37

defining VLAN groups 62-32

defining VLANs 62-26

deleting IDSM Data Port VLANs 62-47

deleting IDSM EtherChannel VLANs 62-45

deleting ports 62-7

deleting VACLs 62-38

deleting VLAN groups 62-33

deleting VLANs 62-27

discovering policies 62-1

generating interface names 62-6

IDSM settings 62-43

IDSM Settings page 62-47

interfaces 62-5

managing 62-1

routed ports 62-5

trunk ports 62-5

viewing interface and VLAN summary 62-3

VLAN Access Lists page 62-39

VLAN ACLs (VACLs) 62-36

VLAN groups 62-31

VLANs 62-25

Catalyst VPN Service Port Adapters (VSPAs)

configuring 21-41

Catalyst VPN Services Module (VPNSM)

configuring 21-41

configuring in remote access VPNs 29-6

Catalyst VPN Shared Port Adapter (VPN SPA)

configuring 21-41

configuring in remote access VPNs 29-6

categories

using 6-9

cautions

significance of i-lv

CDP

configuring mode for IPS 33-13

CEF Interface Settings dialog box 56-26

CEF interface settings policies 56-24

certificates, SSL

adding thumbprints manually 9-4

configuring default settings for how handled 11-13

managing IPS 40-9

certificate to connection profile map policies

configuring policy 27-25

configuring rules 27-26

Change Report dialog box 4-13

change reports

selecting session in non-Workflow mode 4-13

viewing 4-12

Change Reports command 1-29

Checkpoint migration

configuring object group search on ASA 8.3+ devices 14-20

Cisco 7600 Series routers

managing 62-1

Cisco Configuration Engine

troubleshooting device setup and deployment 9-17

Cisco Discovery Protocol (CDP)

enabling CDP on router interfaces 56-18

Cisco Express Forwarding (CEF)

CEF Interface Settings policy 56-25

CEF router interface settings policies 56-24

importance for QoS 60-2

Cisco IOS IPS

affect of load balancing 41-7

configuration files 41-3

configuration overview 41-3

configuring 41-1

configuring general settings 41-7

configuring interface rules 41-8

getting started 32-1

initial preparation of router 41-5

lightweight signature engines 41-2

limitations and restrictions 41-3

selecting signature category 41-6

understanding 41-1

understanding subsystems and revisions 41-2

Cisco IOS Routers

configuring IOS IPS 41-1

IPS blocking devices 39-4

Cisco IOS routers

802.1x 58-1

AAA 57-2

accounts and credentials 57-13

ADSL 56-33

advanced interface settings 56-13

available interface types 56-2

basic interface settings 56-1

BGP routing 61-1

CNS call-home mode 2-10

CNS event-bus mode 2-9

configuring SSH 2-6

CPU settings 57-25

default AAA server groups 6-24

deploying configurations using TMS 8-41

dialer interfaces 56-27

discovering policies 55-3

Domain Name System (DNS) 57-74

Dynamic Host Configuration Protocol (DHCP) 57-87

EIGRP routing 61-8

host and domain names 57-77

HTTP 57-28

interface deployment failure 9-13

IOS 12.1 and 12.2 55-2

licenses 2-12

line access 57-35

managing 55-1

memory settings 57-78

NAT 20-5

designating interfaces 20-5

dynamic rules 20-10

static rules 20-6

timeouts 20-13

NetFlow 59-1, 59-5, 59-12

Network Admission Control (NAC) 58-8

Network Time Protocol (NTP) 57-96

optional SSH settings 57-63

OSPF routing 61-19

permanent virtual connections (PVCs) 56-46

platform policies 55-1

Point-to-Point Protocol (PPP) 56-70

policy discovery 5-13

quality of service (QoS) 60-1

RIP routing 61-42

Secure Device Provisioning (SDP) 57-81

setting up SSL (HTTPS) 2-4

SHDSL 56-40

SNMP 57-66

static routing 61-50

syslog logging 59-1

time zone settings 57-22

transparent bridging 57-18

Cisco IOS Software

FlexConfig object samples 7-22

selecting policy types to manage 5-10

Cisco Secure Desktop configuration objects

creating 29-18

Cisco Security Management Suite server

logging into or exiting 1-8

Cisco Technical Assistance Center

creating diagnostic file 10-24

generating data 10-24

generating deployment or discovery status reports 10-25

generating partial database backup 10-26

Cisco Trust Agent (CTA) 58-9

CiscoWorks Common Services

backing up and restoring Security Manager 10-21

logging into or exiting 1-8

CiscoWorks user authorization, affect on what you can do 1-8

Class-Based Policing 60-6

class maps

understanding 6-61

Clear Connection Configuration dialog box 13-20

CLI commands

FlexConfig objects 7-2

client connection characteristics

configuration modes 24-3

configuring policies for Easy VPN 24-7

extended authentication (xauth) 24-4

clientless access mode 26-4

client settings

configuring AnyConnect 27-49

understanding AnyConnect 27-48

Clock

PIX/ASA/FWSM 44-11

clock

Cisco IOS routers

overview 57-22

clock settings

Cisco IOS routers

Clock Policy page 57-23

Clone Device command 1-24

Clone Policy command 1-27

Clone Policy dialog box 5-44

Close Activity command 1-30

Close All Reports command (Report Manager) 64-7

Close Report command (Report Manager) 64-7

cluster, server

managing 10-2

overview 10-2

splitting server 10-3

synchronizing shared policies 10-4

cluster load balancing

configuring 27-5

understanding 27-4

understanding FQDN redirection 27-5

CNS

call-home mode 2-10

deploying configurations 8-39

deployment method 8-10

event-bus mode 2-9

setting up on PIX Firewall and ASA devices 2-8

color rules, configuring in Event Viewer 63-35

Combine Rules Selection Summary dialog box 12-21

commands

Activities menu 1-30

Edit menu (Configuration Manager) 1-25

Event Viewer File menu 63-8

Event Viewer View menu 63-9

File menu (Configuration Manager) 1-24

Help menu (Configuration Manager) 1-31

Launch menu 1-31

Manage menu 1-28

Map menu 1-27

Policy menu (Configuration Manager) 1-26

Report Manager menus 64-7

Tools menu (Configuration Manager) 1-29

View menu (Configuration Manager) 1-26

Common Services

licensing 10-15

communication, device

troubleshooting 9-7

configuration

initial Security Manager 1-19

understanding rollback 8-57

Configuration Archive

adding configurations from devices 8-52

overview 8-14

rolling back to archived configuration files 8-63

rolling back when deploying to file 8-65

settings 11-3

version viewer 8-54

viewing and comparing configuration versions 8-53

viewing transcripts 8-55

window 8-22

Configuration Archive command 1-28

Configuration Archive page 11-3

Configuration Engine

adding 3-31

CNS call-home mode 2-10

CNS event-bus mode 2-9

setting up 2-7

Configuration Engine Properties dialog box 3-32

configuration files

deploying in non-Workflow mode 8-27

deploying in Workflow mode 8-32, 8-37

deploying to 8-11

deploying to an AUS or CNS 8-39

deploying to a TMS 8-41

deployment process overview 8-2

factory-default configurations 42-1

previewing 8-42

redeploying to devices 8-46

rolling back after deploying to file 8-65

rolling back to archived configurations 8-63

rolling back to devices 8-62

selecting 1-39

web VPN policy discovery restrictions 3-8

configuration location, configuring for IOS IPS 41-7

Configuration Manager

overview 1-10

using 1-10

configurations

adding to the Configuration Archive 8-52

avoiding out-of-band changes 8-45

detecting out-of-band changes 8-43

rollback, commands to recover from failover misconfiguration 8-62

rollback command conflicts 8-61

rolling back 8-56

rolling back Catalyst 6500/7600 8-59

rolling back failover devices 8-58

rolling back IPS and IOS IPS 8-59

rolling back multiple context mode 8-58

understanding out-of-band changes 8-12

viewing and comparing 8-53

configuration session

selecting session for change reports 4-13

viewing change reports 4-12

configuration sessions

discarding 4-17

configuration views 1-10

Configure dialog box 15-20

Configure DNS dialog box 15-17

Configure ESMTP dialog box 15-17

Configure Fragments dialog box 15-18

Configure Hardware Ports

ASA 5505 42-37

Configure IMAP dialog box 15-18

Configure POP3 dialog box 15-18

Configure RPC dialog box 15-19

Configure SMTP dialog box 15-17

Config Version Viewer (Preview Configuration) dialog box 8-42

connection

PIX/ASA/FWSM

rules 53-5

rules wizard 53-6

tab 53-8

Connection Alias dialog box 27-20

Connection Profile dialog box

AAA tab 27-11

General tab 27-9

IPSec tab 27-16

Secondary AAA tab 27-14

SSL tab 27-18

connection profiles

configuring 27-6

configuring for Easy VPN 24-13

properties

AAA 27-11

general 27-9

IPSec 27-16

policy overview 27-8

secondary AAA 27-14

SSL 27-18

sharing among multiple ASAs 26-8

Connection Profiles page 27-8

connection timeout

device communication settings 11-13

Connection URL dialog box 27-21

connectivity, testing device 9-1

console

Cisco IOS routers

AAA tab 57-44

Accounting tab 57-47

Authentication tab 57-44

Authorization tab 57-45

Console Policy page 57-42

Setup tab 57-42

console port

Cisco IOS routers

defining AAA settings 57-37

defining setup parameters 57-35

Console timeout

PIX/ASA/FWSM 45-1

Constant Bit Rate (CBR) 56-47

contained modules

showing 3-47

content rewrite rules

defining for SSL VPN on ASA 27-39

Context-Based Access Control

choosing interfaces 15-2

configuring 15-5

preventing DoS attacks on IOS devices 15-5

selecting protocols 15-3

understanding 15-1

understanding access rule requirements 15-4

Context Editor dialog box (IOS) 29-15

contexts

see "security contexts" 54-1

continuity check (CC) cells 56-50

control plane (CP)

defining QoS on 60-12

policing on 60-9

Control Plane Policing 60-9

conventions i-lv

cookie challenges 22-30

Copy command 1-26, 12-8

Copy Policies Between Devices command 1-27

Copy Policies wizard 5-31

CPU settings

defining utilization settings 57-25

overview 57-25

CPU utilization

CPU Policy page 57-26

Create a Clone of Device dialog box 3-47

Create Activity dialog box 4-10

Create a Policy dialog box 5-50

Create Discovery Task dialog box 5-18

Create Extranet VPN Topology wizard

overview 21-63

Create Filter dialog box 1-35

Create Group Policy wizard

Clientless and Thin Client Access Modes page 26-22

Full Tunnel page 26-20

Group Policy page 26-19

using 26-19

Create Overrides for Device dialog box 6-16

Create Text Object dialog box 7-32

Create VPN Topology wizard

Device Selection page 21-32

Edit Endpoints dialog box 21-33

Endpoints page 21-33

GET VPN Group Encryption page 21-51

GET VPN Peers page 21-57

High Availability page 21-49

Name and Technology page 21-30

overview 21-28

VPN Defaults page 21-58

credential objects

attributes 24-9

credentials

configuring on firewall devices 44-13

device manager validation 65-10

IPS module 3-16

service module 3-15

testing 9-1

understanding device 3-4

Credentials page

HTTPS port number

overriding with HTTP policy 3-41

Credentials page, device properties 3-39

crypto maps

understanding 22-16

CSDM Policy Editor dialog box 28-37

CS-MARS

access to Security Manager 65-22

configuring servers 11-4

discovering or changing controller used by device 65-24

events

historical and real-time lookup 65-26

looking up 65-26

integrating with Security Manager 65-20

integration with Security Manager 65-21

looking up Security Manager policies based on events 65-30

NetFlow 65-32

query

troubleshooting 65-24

registering in Security Manager 65-23

supported log messages 65-31

viewing access rule events 65-26

viewing IPS signature events 65-28

CS-MARS page 11-4

CSMDiagnostics.zip

setting debug options 11-6

CSMDiagnostics.zip file, creating 10-24

CSM tab, Licensing page 11-27

CSV (comma-separated values) files

supported formats for device inventory 10-8

Customize Desktop Settings page 11-5

Customized Toolbar command 1-26

Custom Protocol dialog box 15-19

Custom Report List command (Report Manager) 64-8

Cut command 1-26, 12-8

D

database

backing up 10-21

backing up and restoring 10-21

generating partial backups for TAC 10-26

restoring 10-23

DCE/RPC policy map objects

creating 15-20

properties 15-25

DCS.properties file

DCS.doSerialAccessForFWSMVCs property 9-16

DCS.FWSM.checkThreshold property 9-16

SSH settings 9-7

warning message expression properties 9-9

DDNS

PIX/ASA/FWSM 48-14

add interface rules 48-14

update methods 48-15

update methods, add/edit 48-16

dead-peer detection (DPD) 22-27

debugging

configuring debug levels 11-6

Debug Options page 11-6

Default Report Settings command (Report Manager) 64-8

defaults, configuring 11-1

Delete Device command 1-24

Delete Map command 1-28

Delete Map dialog box 31-10

Delete Row command 1-26

Denial of Service (DoS)

preventing in SMTP using zone based firewall 18-24

denial of service (DoS)

preventing using unicast reverse path forwarding (RFP) 56-20

Denial of Service (DoS) attacks

configuring inspection settings to mitigate 15-80

preventing on IOS devices using inspection 15-5

denial of service (DoS) attacks

preventing using IKEv2 cookie challenge 22-30

Deploy command 1-25

Deploy Job dialog box 8-37

deployment

Add Other Devices dialog box 8-51

Auto Update Server 8-39

Catalyst 6500/7600 devices 8-26

changes not deployed when using schedules 8-49

changing device message severity level to ignore errors 9-9

changing FWSM multiple-context deployment to serial 9-16

Cisco Networking Services configuration engine 8-39

configuration files, to 8-11

configurations 8-27

configuring as a status provider 65-16

creating jobs in Workflow mode 8-33

creating or editing schedules 8-49

Deployment Manager window 8-15

device communication settings 9-4

devices, directly to 8-9

devices, through intermediate server 8-10

Edit Deploy Method dialog box 8-29

Edit Selected Deployment Method dialog box 8-29

errors

OS version mismatches 8-13

generating status report 10-25

handling OS version mismatches 8-13

managing 8-1

methods 8-8

minimum memory errors for ASA 8.3+ 9-11

non-Workflow mode 8-4

optimizing access rules 14-36

out-of-band changes

avoiding 8-45

detecting and analyzing 8-43

understanding 8-12

process overview 8-2

rolling back archived configurations 8-63

rolling back configurations 8-56

rolling back configurations, Catalyst 6500/7600 8-59

rolling back configurations, command conflicts 8-61

rolling back configurations, commands to recover from failover misconfiguration 8-62

rolling back configurations, failover devices 8-58

rolling back configurations, IPS and IOS IPS devices 8-59

rolling back configurations, multiple context mode 8-58

rolling back configuration when deploying to file 8-65

rolling back to last deployed configuration 8-62

setting debug options 11-6

SSL handshake failure 2-2

suspending or resuming schedules 8-52

system settings 11-7

task flow

non-Workflow mode 8-4

Workflow mode 8-5

tips for successful jobs 8-26

TMS server 8-41

troubleshooting 9-1, 9-9

ADSL or PVC deployment failures 9-14

AUS problems 9-17

Catalyst interface settings 9-15

Catalyst internal VLANs 9-15

Catalyst switch and modules 9-15

Configuration Engine problems 9-17

Error Writing to Server messages 9-14

HTTP Response Code 500 messages 9-14

layer 2 interfaces 9-14

mixing deployment methods with routers and VPNs 9-13

router interface settings 9-13

routers 9-13

Security Manager cannot contact device 9-11

VPNs with routing processes 9-12

troubleshooting device communication 9-7

troubleshooting router connection failures 2-2

troubleshooting SSL certificate errors 9-4

troubleshooting VRF-aware IPsec on Catalyst 6500/7600 devices 21-17

understanding 8-1

understanding configuration rollback 8-57

using a Cisco Networking Services (CNS) server 8-39

viewing device details 8-25

viewing job summary 8-25

viewing status and history for jobs and schedules 8-24

viewing transcripts 8-55

Warning - Partial VPN Deployment dialog box 8-30

Workflow mode 8-5, 8-32, 8-37

working with 8-24

Deployment—Create or Edit a Job dialog box 8-33

deployment jobs

aborting 8-48

approval 8-7

approving 8-37

creating and editing in non-Workflow mode 8-27

creating and editing in Workflow mode 8-33

Deployment Manager 8-15

discarding 8-39

including devices in 8-8

multiple users 8-8

redeploying 8-46

rejecting 8-37

states

non-Workflow mode 8-4

Workflow mode 8-6

submitting 8-36

viewing history 8-25

Deployment Manager

overview 8-14, 8-15

Deployment Manager window 8-15

Deployment Schedules tab 8-19

Deployment Schedules tab 8-19

Deployments command 1-28

Deployment Settings page 11-7

Deployment Status Details dialog box 8-30

Deployment Workflow Commentary dialog boxes 8-19

Deploy Saved Changes dialog box 8-27

DES encryption algorithm

in IKE proposals 22-6

Designated Router

PIX/ASA/FWSM 50-12

Destination Contents dialog box 12-13

Dest Port Map dialog box 37-12

Detect Out of Band Changes command 1-29

device

AAA administration 44-4

viewing inventory status 65-15

Device Access

FWSM

Resources, add/edit 47-3

PIX/ASA/FWSM 45-1

console timeout 45-1

host name 47-1

HTTP configuration 45-2

HTTP page 45-2

ICMP rules 45-3

ICMP rules, add/edit 45-4

Management Access interface 45-5

Secure Shell (SSH) 45-5

Secure Shell, add/edit host 45-6

Server Access 48-1

SNMP host access 45-12

SNMP page 45-8

SNMP Trap configuration 45-9

Telnet configuration 45-13

Telnet page 45-12

user accounts 47-6

user accounts, add/edit 47-7

device access policies

defining 57-14

Device Admin

FWSM

Resources 47-3

device administration policies

configuring on firewall devices 44-1

device authentication

adding SSL thumbprints manually 9-4

SSL certificate default configuration 11-13

Device Blacklist dialog box 17-15

device communication

changing device message severity level 9-9

managing settings 9-4

routers without K8/K9 crypto image 9-7

Security Manager cannot contact device after deployment 9-11

troubleshooting failures 9-7

Device Communication page 11-12

device communications

troubleshooting 9-1

device communication settings

connection timeout 11-13

retry count 11-13

socket read timeout 11-13

Device Connectivity Test dialog box 9-3

device credentials

understanding 3-4

Device Credentials page 3-39

Device Delete Validation dialog box 3-49

device groups 3-51, 3-54

adding or removing devices 3-55

creating group types 3-53

deleting groups or types 3-54

understanding 3-51

Device Groups page 3-42, 11-15

Device Information page - Add Device from File 3-27

Device Information page - Configuration File 3-19

Device Information page - Network 3-10

Device Information page- New Device 3-22

device inventory

exporting

DCR, CS-MARS, Security Manager formats 10-6

device with policies 10-6

overview 10-5

supported CSV formats 10-8

using command line utility 10-9

importing

device with policies 10-12

importing with policies 10-12

managing 3-1

testing device connectivity 9-1

understanding 3-1

understanding contents 3-3

working with 3-30

device manager

access rule look up 65-13

ASDM 65-11

access rule look-up 65-13

credentials 65-10

IDM 65-11

PDM 65-11

prerequisites 65-12

SDM 65-11

access rule look-up 65-14

starting from Security Manager 65-10

troubleshooting 65-12

xdm-launcher.exe 65-12

Device Manager command 1-31

Device OS Management command 1-30

Device Properties

Credentials page 3-39

Device Groups page 3-42

General page 3-36

Policy Object Override pages

general reference 3-43

device properties

changes with policy effects 3-45

changing critical 3-44

image version changes with no policy effects 3-44

understanding 3-6

viewing or changing 3-35

Device Properties command 1-29

Device Properties page

creating object overrides 6-14

deleting overrides 6-17

overview 3-35

device response

to appear as an error message 9-9

devices

adding 3-7

adding configurations to the Configuration Archive 8-52

adding from configuration files 3-17

adding from inventory file 3-25

adding from network 3-8

adding local rules to shared policies 5-42

adding manually 3-21

adding or changing modules 3-34

assigning shared policies 5-40

avoiding out-of-band changes 8-45

changing critical properties 3-44

changing those selected for reports 64-20

cloning or duplicating 3-47

cloning shared policies 5-44

communication requirements 2-1

communication settings and certificates 9-4

configuring ASA licenses 2-11

configuring IOS licenses 2-12

configuring local policies 5-29

copying policies between 5-31

creating policy object overrides 6-14

deleting from inventory 3-48

deleting policy object overrides 6-17

deployment through intermediate server 8-10

deployment to 8-9

detecting out-of-band changes 8-43

discovering or changing CS-MARS controller 65-24

discovering policies 5-12

discovering policies on existing devices 5-15

dynamic IP addresses 3-31

image version changes with no policy effects 3-44

including in deployment jobs or schedules 8-8

including unmanaged or non-Cisco in a VPN 21-11

inheriting policy rules 5-43

managing operating system 3-50

maps

adding existing managed 31-16

adding new managed 31-16

displaying devices from Device View 31-16

displaying managed 31-16

removing managed 31-16

showing containment for Catalyst switches, ASA, PIX, IPS devices 31-16

modifying policy assignment 5-45

modifying shared policies 5-45

naming conventions 3-3

overview of monitoring 1-5

policy status icons 5-28

preparing for management 2-1

property changes with policy effects 3-45

redeploying configuration files to 8-46

redeploying configurations to replaced hardware 8-46

renaming policies 5-44

replacing policies 5-40

rolling back configurations 8-62, 8-63, 8-65

selecting in site-to-site VPNs 21-32

selecting multiple 1-33

sharing multiple policies 5-38

showing contained modules 3-47

system variables 7-7

testing connectivity 9-1

troubleshooting communication 9-7

troubleshooting communication and deployment 9-1

troubleshooting device discovery failures 3-7

unassigning policies 5-33

understanding out-of-band changes 8-12

unsharing policies 5-40

what counts as a device 3-3

device selector

filtering 1-34

Device Selector dialog box 1-33

Device Server Assignment dialog box 9-8

Device view

adding local rules to shared policies 5-42

assigning shared policies 5-40

cloning shared policies 5-44

configuring local policies 5-29

configuring VPN topologies 21-19

copying policies between devices 5-31

inheriting policies 5-43

managing policies 5-28

modifying policy assignments 5-45

modifying shared policies 5-45

overview 1-11

policy banner 5-35

policy shortcut menu 5-36

policy status icons 5-28

renaming policies 5-44

sharing local policies 5-37

sharing multiple policies 5-38

unassigning policies 5-33

understanding basic policy management 5-29

understanding shared policies 5-34

unsharing policies 5-40

device view

understanding 3-1

Device View command 1-26

Device Whitelist dialog box 17-15

DHCP

Cisco IOS routers

defining address pools 57-91

defining policies 57-90

DHCP Database dialog box 57-94

DHCP Policy page 57-92

IP Pool dialog box 57-94

overview 57-87

understanding database agents 57-88

understanding option 82 57-89

understanding relay agents 57-88

understanding secured ARP 57-89

configuring passthrough for IOS devices 19-3

PIX/ASA/FWSM 48-7

add/edit servers 48-9

advanced configuration 48-10

configuring DHCP servers 48-7

server options 48-10

traffic blocked 9-14

DHCP relay

PIX/ASA/FWSM 48-4

add/edit agent 48-5

add/edit server 48-6

diagnostics

setting debug options 11-6

diagnostics file, creating 10-24

dial backup

configuring in Easy VPN 24-2

configuring in VPN 21-39

configuring VPN advanced settings 21-40

Dial Backup Settings dialog box 21-40

dialer interfaces

defining BRI properties 56-29

defining profiles 56-27

Dialer Physical Interface dialog box 56-32

Dialer Policy page 56-30

Dialer Profile dialog box 56-31

on Cisco IOS routers 56-27

Diffie-Hellman groups

in IKE proposals 22-7

Digital Subscriber Line (DSL) 56-33

digital subscriber line-access multiplexer (DSLAM) 56-34

directed broadcasts

enabling 56-20

Disable/enable NAT rules 20-33

Discard Activity command 1-31

Discard Activity dialog box 4-17

Discard command 1-25

Discard Deployment Job dialog box 8-19

discovering

remote access VPNs 26-11

site-to-site VPNs 21-24

Discover Policies on Device command 1-27

Discover VPN Policies command 1-27

Discover VPN Policies wizard 21-24

discovery

default behavior settings 11-17

generating status report 10-25

invalid certificate error 9-6

overview 1-15

security certificate error 9-4, 9-5

setting debug options 11-6

Discovery Settings page 11-17

Discovery Status dialog box 5-21

discovery task

frequently asked questions 5-25

starting 5-15

viewing status 5-20

disk space, monitoring event data store 63-30

Display Actual Size command 1-28

Distributed Traffic Shaping (DTS) 60-6

DMVPN (Dynamic Multipoint VPN)

advantages of using with GRE 23-12

configuring 23-12

configuring GRE modes 23-13

large scale DMVPNs

configuring 23-17

configuring server load balancing 23-18

overview 23-1, 23-10

spoke-to-spoke connections 23-11

supported platforms 21-9

understanding 23-10

DNS

configuring for inspection rules 15-17

PIX/ASA/FWSM

add/edit server group 48-12

add server 48-13

servers page 48-11

DNS class map objects

creating 15-20

match criteria 15-29

DNS policy map objects

creating 15-20

match conditions and actions 15-29

properties 15-26

DNS servers

configuring for IPS global correlation 32-22

DNS snooping 17-6

dock

report windows 64-24

view windows 63-33

Dock Map View command 1-28

documentation

conventions i-lv

ordering i-lvi

Domain Name System (DNS)

Cisco IOS routers

defining policies 57-75

DNS Policy page 57-76

IP Host dialog box 57-76

overview 57-74

do not ask warnings, resetting 11-5

DSLAM 56-34

duration

VPN user reports 64-14, 64-15

dynamic access policies

attributes 28-3, 28-7

configuring 28-2

managing 28-1

understanding 28-1

dynamic access policies (DAP) 28-25

Dynamic Access Policy page

Add/Edit Dynamic Access Policy dialog box

Add/Edit DAP Entry dialog box 28-18

Add/Edit DAP Entry dialog box > AAA Attributes Cisco 28-19

Add/Edit DAP Entry dialog box > AAA Attributes LDAP 28-21

Add/Edit DAP Entry dialog box > AAA Attributes RADIUS 28-22

Add/Edit DAP Entry dialog box > Anti-Spyware 28-22

Add/Edit DAP Entry dialog box > Anti-Virus 28-23

Add/Edit DAP Entry dialog box > Application 28-24

Add/Edit DAP Entry dialog box > File 28-26

Add/Edit DAP Entry dialog box > NAC 28-27

Add/Edit DAP Entry dialog box > Operating System 28-28

Add/Edit DAP Entry dialog box > Personal Firewall 28-29

Add/Edit DAP Entry dialog box > Policy 28-30

Add/Edit DAP Entry dialog box > Process 28-31

Add/Edit DAP Entry dialog box > Registry 28-32

Advanced Expressions tab 28-36

Logical Operators tab 28-33

Main tab 28-13

Dynamic Access Policy page (ASA) 28-10

Cisco Secure Desktop Manager Policy Editor dialog box 28-37

Dynamic Access policy page (ASA) > Add/Edit Dynamic Access Policy dialog box 28-12

Dynamic Blacklist Configuration tab 17-10

dynamic crypto maps 22-16

dynamic filter snooping (DNS)

enabling 15-17

Dynamic Multipoint VPN (DMVPN)

mandatory and optional policies 21-6

dynamic NAT

Cisco IOS routers 20-10

Dynamic Translation Rule

PIX/ASA/FWSM 20-22

add/edit 20-23

dynamic VTI

configuring in Easy VPN 24-12

in remote access VPNs 29-7

understanding use in Easy VPN 24-2

E

Easy VPN

configuration modes 24-3

configuration overview 24-5

configuring client connection characteristics 24-7

configuring dial backup 24-2

configuring dynamic VTI 24-12

configuring high availability 24-2

connection profile policies 24-13

connection profiles (ASA, PIX 7+) 27-8

extended authentication (xauth) 24-4

important configuration notes 24-6

IPsec proposals 24-10

mandatory and optional policies 21-6

overview 24-1

supported platforms 21-9

understanding 24-1

understanding dynamic VTI 24-2

user group policies 24-14

Edit AAA Option dialog box 13-16

Edit AAA Rule dialog box 13-12

Edit AAA Server dialog box 6-26

Edit AAA Server Group dialog box 6-40

Edit Access Rule dialog box 14-11

Edit Actions dialog box 35-8

Edit activity state 4-4

Edit AOL Class Map dialog box 15-23, 18-16

Edit A Port Forwarding Entry dialog box 30-25

Edit ASA Group Policies dialog box

client configuration settings 30-4

client firewall attributes 30-5

connection settings 30-19

DNS/WINS settings 30-17

hardware client attributes 30-7

IPSec settings 30-8

overview 30-1

split tunneling settings 30-18

SSL VPN clientless settings 30-10

SSL VPN full client settings 30-12

SSL VPN settings 30-14

technology settings 30-1

Edit A Smart Tunnel Entry dialog box 30-48

Edit Auto Signon Rules dialog box 30-16

Edit Auto Update Settings dialog box 11-26

Edit Category dialog box 12-12

Edit Cisco Secure Desktop Configuration dialog box 30-20

Edit Client Access Rules dialog box 30-10

Edit Client Update dialog box 30-60

Edit Column dialog box 30-42

Edit Custom Pane dialog box 30-42

Edit DCE/RPC Map dialog box 15-25

Edit Deploy Method dialog box 8-29

Edit Description dialog box 12-12

Edit Destinations dialog box 12-10

Edit Device Groups command 1-25

Edit Device Groups dialog box 3-52

Edit DNS Class Map dialog box 15-23

Edit DNS Map dialog box

Filtering tab 15-28

overview 15-26

Protocol Conformance tab 15-27

Edit eDonkey Class Map dialog box 15-23, 18-16

Edit Endpoints dialog box

FWSM tab 21-45

overview 21-33

Protected Networks tab 21-45

VPN Interface tab 21-35

VPNSM/VPN SPA/VSPA settings, VPN Interface tab 21-41

VRF Aware IPsec tab 21-46

Edit ESMTP Map dialog box 15-32

Edit Extended Access Control Entry dialog box 6-49

Edit Extended Access List dialog box 6-47

Edit External Filter dialog box 18-39

Edit Extranet VPN dialog box

overview 21-63

Edit FastTrack Class Map dialog box 15-23, 18-16

Edit Fidelity dialog box 35-9

Edit File Object dialog box 30-22

Edit Firewall Rule Expiration dialog box 14-16

Edit FlexConfig dialog box 7-30

Edit FTP Class Map dialog box 15-23

Edit FTP Map dialog box 15-35

Edit Gnutella Class Map dialog box 15-23, 18-16

Edit Group Member dialog box 25-21

Edit GTP Map dialog box 15-38

Edit H.323 Class Map dialog box 15-23, 18-16

Edit H.323 Map dialog box 15-43, 18-32

Edit HSI Endpoint IP Address dialog box 15-46

Edit HSI Group dialog box 15-45

Edit HTTP Class Map dialog box 15-23, 18-16

Edit HTTP Map dialog box 18-32

ASA 7.1.x, PIX 7.1.x, FWSM 3.x, IOS devices

Entity Length tab 15-50

Extension Request Method tab 15-52

General tab 15-49

overview 15-48

Port Misuse tab 15-53

RFC Request Method tab 15-52

Transfer Encoding tab 15-54

ASA 7.2+ and PIX 7.2+ devices 15-55

Edit ICQ Class Map dialog box 15-23, 18-16

Edit IKEv1 Proposal dialog box 22-10

Edit IKEv2 Proposal dialog box 22-13

Edit IMAP Class Map dialog box 15-23, 18-16

Edit IMAP Map dialog box 18-32

Edit IM Class Map dialog box 15-23

Edit IM Map dialog box 18-32

ASA and PIX device 15-60

IOS device 15-63

Edit Inspect/Application FW Rule wizard

Address and Port page 15-11

Inspected Protocol page 15-15

Match Traffic page 15-10

Edit Inspect Parameter Map dialog box 18-28

Edit Interfaces dialog box 12-12

Edit IP Options Map dialog box 15-65

Edit IPsec Pass Through Map dialog box 15-66

Edit IPSec Transform Set dialog box 22-23

Edit IPv6 Network/Host dialog box 6-67

Edit Kazaa2 Class Map dialog box 15-23, 18-16

Edit Key Server dialog box 25-19

Edit Language dialog box 30-37

Edit LDAP Attribute Map dialog box 6-37

Edit LDAP Attribute Map Value dialog box 6-38

Edit Load Balancing Parameters dialog box 23-18

Edit Local Web Filter Class Map dialog box 15-23, 18-16

Edit Local Web Filter Parameter Map dialog box 18-36

Edit Map Value dialog box 6-38

Edit Match Condition and Action dialog box

DNS policy maps 15-29

ESMTP policy maps 15-33

FTP policy maps 15-36

GTP policy maps 15-41

H.323 (IOS) policy maps 18-33

H.323 policy maps 15-46

HTTP (Zone Based IOS) policy maps 18-33

HTTP policy maps 15-57

IM (Zone Based IOS) policy maps 18-33

IMAP policy maps 18-33

IM policy maps 15-61

P2P policy maps 18-33

POP3 policy maps 18-33

SIP (IOS) policy maps 18-33

SIP policy maps 15-70

Skinny policy maps 15-74

SMTP policy maps 18-33

Sun RPC policy maps 18-33

Web Filter policy maps 18-33

Edit Match Criterion dialog box

AOL class maps 18-18

DNS class maps 15-29

eDonkey class maps 18-19

FastTrack class maps 18-19

FTP class maps 15-36

Gnutella class maps 18-19

H.323 (IOS) class maps 18-19

H.323 class maps 15-46

HTTP (IOS) class maps 18-20

HTTP class maps 15-57

ICQ class maps 18-18

IMAP class maps 18-22

IM class maps 15-61

Kazaa2 class maps 18-19

Local Web Filter class maps 18-27

MSN Messenger class maps 18-18

N2H2 class maps 18-28

POP3 class maps 18-22

SIP (IOS) class maps 18-22

SIP class maps 15-70

SMTP class maps 18-24

Sun RPC class maps 18-27

Websense class maps 18-28

Windows Messenger class maps 18-18

Yahoo Messenger class maps 18-18

Edit menu

Configuration Manager 1-25

Edit MSN Messenger Class Map dialog box 15-23, 18-16

Edit N2H2 Parameter Map dialog box 18-37

Edit N2H2 Web Filter Class Map dialog box 15-23, 18-16

Edit NAT Rule dialog box

ASA 8.3+ 20-35

Edit NetBIOS Map dialog box 15-67

Edit Network/Host dialog box

General tab 6-67

NAT tab 20-39

Edit Options dialog box 14-14

Edit P2P Map dialog box 18-32

Edit Permit Response dialog box 15-40

Edit PIX/ASA/FWSM Web Filter Rule dialog box 16-5

Edit PKI Enrollment dialog box

CA Information tab 22-51

Certificate Subject Name tab 22-57

Enrollment Parameters tab 22-55

overview 22-50

Trusted CA Hierarchy tab 22-58

Edit Policy Assignments command 1-27

Edit POP3 Class Map dialog box 15-23, 18-16

Edit Port Forwarding List dialog box 30-24

Edit Port List dialog box 6-74

Edit Protocol Info Parameter Map dialog box 18-31

Edit Regular Expression dialog box 15-77

Edit Regular Expression Group dialog box 15-76

Edit Row command 1-26

Edit Rule Section dialog box 12-18

Edit Security Association Dialog Box 21-55

Edit Selected Deployment Method dialog box 8-29

Edit Server dialog box

Protocol Info Parameter maps 18-32

Edit Server Group dialog box 13-17

Edit Service dialog box 6-75

Edit Services dialog box 12-11

Edit Signature dialog box 35-12

Edit Signature Parameter—Component List dialog box 35-25

Edit Signature Parameters dialog box 35-20

Edit Single Sign On Server dialog boxes 30-26

Edit SIP Class Map dialog box 15-23, 18-16

Edit SIP Map dialog box 15-68, 18-32

Edit Skinny Map dialog boxes 15-73

Edit SLA Monitor dialog box 47-9

Edit Smart Tunnel Auto Signon Entry dialog box 30-51

Edit Smart Tunnel Auto Signon Lists dialog box 30-50

Edit Smart Tunnel Lists dialog box 30-47

Edit SMTP Class Map dialog box 15-23, 18-16

Edit SMTP Map dialog box 18-32

Edit SNMP Map dialog box 15-75

Edit Sources dialog box 12-10

Edit SSL VPN Customization dialog box 30-31

Applications 30-41

Copyright Panel 30-39

Custom Panes 30-41

Full Customization 30-40

Home Page 30-43

Informational Panel 30-38

Language 30-35

Logon Form 30-37

Logout Page 30-44

Title Panel 30-34

Toolbar 30-40

Edit SSL VPN Gateway dialog box 30-45

Edit Standard Access Control Entry dialog box 6-51

Edit Standard Access List dialog box 6-47

Edit Sun RPC Class Map dialog box 15-23, 18-16

Edit Sun RPC Map dialog box 18-32

Edit TCP Map dialog box 53-17

Edit TCP Option Range Dialog Box 53-19

Edit Text Object dialog box 7-32

Edit Time Range dialog box 6-54

Edit Traffic Flow dialog box 53-13

Edit Translated Address dialog box 20-29

Edit Transparent EtherType dialog box 19-6

Edit Transparent Firewall Rule dialog box 19-5

Edit Transparent Mask dialog box 19-7

Edit Trend Content Filter Class Map dialog box 15-23, 18-16

Edit Trend Parameter Map dialog box 18-39

Edit Update Server Settings dialog box 11-24

Edit URL Domain Name dialog box 18-43

Edit URLF Glob Parameter Map dialog box 18-43

Edit URL Filter Parameter Map dialog box 18-41

Edit User Credentials dialog box 32-17

Edit User Group dialog box

Advanced PIX 6.3 settings 30-61

Browser Proxy settings 30-67

Client (IOS) settings 30-58

Clientless settings 30-62

Client VPN Software Update (IOS) settings 30-60

DNS/WINS settings 30-56

General settings 30-55

IOS Xauth Options settings 30-59

overview 30-53

Split Tunneling settings (Easy VPN/remote access IPSec VPN) 30-57

SSL VPN Connection settings 30-68

SSL VPN Full Tunnel settings 30-64

SSL VPN Split Tunneling settings 30-65

Technology settings 30-53

Thin Client settings 30-63

Edit Virtual Sensor dialog box 34-7

Edit VPN dialog box

Device Selection tab 21-32

Edit Endpoints dialog box 21-33

Endpoints tab 21-33

High Availability tab 21-49

Name and Technology tab 21-30

overview 21-28

Edit Web Access Control Entry dialog box 6-52

Edit Web Filter Map dialog box 18-45

Edit Web Filter Options dialog box 16-8

Edit Web Filter Type dialog box 16-8

Edit Websense Parameter Map dialog box 18-37

Edit Websense Web Filter Class Map dialog box 15-23, 18-16

Edit Web Type Access List dialog box 6-47

Edit Windows Messenger Class Map dialog box 15-23, 18-16

Edit WINS Server dialog box 30-69

Edit WINS Server List dialog box 30-69

Edit Yahoo Messenger Class Map dialog box 15-23, 18-16

Edit Zones dialog box 12-12

eDonkey class map objects

creating 18-14

match criteria 18-19

EIGRP routing

defining interface properties 61-10

defining routes 61-9

EIGRP Routing Policy page 61-13

Interface dialog box 61-16

Interfaces tab 61-15

on Cisco IOS routers 61-8

redistributing routes 61-12

Redistribution Mapping dialog box 61-18

Redistribution tab 61-17

Setup dialog box 61-14

Setup tab 61-13

e-mail

blocking spam using zone-based firewall rules 18-24

preventing DoS attacks 18-24

e-mail notifications

configuring SMTP server 1-21

PIX/ASA/FWSM

recipient set-up 49-3

syslog messages 49-2

Enable/disable NAT rules 20-33

Enable PIM and IGMP

PIX/ASA/FWSM 50-1

Encapsulating Security Protocol (ESP) encryption algorithm 22-25

encoding rules

defining for SSL VPN (ASA) 27-41

encryption algorithms

3DES (Triple DES) 22-6

AES (Advanced Encryption Standard) 22-6

DES (Data Encryption Standard) 22-6

in IKE proposals 22-6

endpoints and protected networks

configuring dial backup 21-39

defining in GET VPN topologies 21-57

defining in VPN topologies 21-33

VPN Interface tab 21-35

Error Writing to Server deployment errors 9-14

ESMTP

configuring for inspection rules 15-17

ESMTP policy map objects

creating 15-20

match conditions and actions 15-33

properties 15-32

EtherChannel

Create and Edit IDSM EtherChannel VLANs dialog boxes 62-49

defining IDSM VLANs 62-44

deleting IDSM VLANs 62-45

EtherChannels

ASA 42-8

edit assigned interface 42-10

LACP 42-10

load balancing 42-12

evaluation license

upgrading to permanent license 10-14

event

lists 49-4

add/edit 49-5

syslog class

add/edit 49-6

syslog message ID

add/edit 49-6

Event Action Filters page 36-7

Event Action Override dialog box 36-13

Event Action Overrides page 36-12

event actions, IPS

configuring filter rules 36-4

configuring network information 36-14

configuring OS maps 36-17

configuring overrides 36-12

configuring settings 36-20

configuring target value ratings 36-14

example filter rule 63-57

filter rule attributes 36-9

filter rules policy 36-7

filter rules tips 36-6

overview 36-1

possible actions 36-2

process overview 36-1

Event Management page 11-18

Event Manager service

configuring 63-26

managing 63-26

monitoring event store disk space 63-30

monitoring status 63-27

selecting devices to monitor 63-29

starting and stopping 63-26

status icon colors 63-27

events

archiving (backing up) the event data store 63-31

configuring firewall devices (ASA, FWSM) 63-24

configuring IPS devices 63-25

copying 63-46

CS-MARS 65-31

looking up 65-26

looking up policies based on related events 65-30

Netflow support for policy lookup 65-32

viewing access rule events 65-26

viewing IPS signature events 65-28

definition 65-16

ensuring time synchronization 63-23

Event Viewer

clearing filters 63-43

context menu 63-44

filtering by column 63-40

filtering by events 63-42

filtering overview 63-38

looking up policies based on related events 63-47

refreshing event table 63-39

selecting time range 63-38

text searches (quick filter) 63-42

using time slider with filtering 63-38

examining details 63-46

examples of analysis

mitigating botnet activity 63-55

monitoring and mitigating botnet activity 63-51

monitoring botnet activity using ASDM 63-54

monitoring botnet activity using Event Viewer 63-52

monitoring botnet activity using Report Manager 63-54

overview 63-48

removing false positive IPS events 63-56

understanding botnet syslog events 63-51

user access to server blocked 63-49

Performance Monitor

troubleshooting status collection 65-17

viewing 65-15

performing operations on 63-44

properties 63-15

recovering the event data store 63-31

saving to a file 63-47

understanding Event Viewer access control 63-3

viewing 63-1

Event Viewer

archiving (backing up) the event data store 63-31

arranging views 63-33

ASA devices, configuring to provide events 63-24

columns 63-15

configuring color rules 63-35

configuring Event Manager service 63-26

copying events 63-46

creating custom views 63-35

deleting custom views 63-37

editing view name and description 63-36

ensuring time synchronization 63-23

Event Monitoring window 63-12

events

context menu 63-44

event table

customizing appearance 63-34

event details pane 63-23

refreshing 63-39

time slider 63-22

toolbar 63-14

examining event details 63-46

examples of analysis

mitigating botnet activity 63-55

monitoring and mitigating botnet activity 63-51

monitoring botnet activity 63-52

overview 63-48

removing false positive IPS events 63-56

understanding botnet syslog events 63-51

user access to server blocked 63-49

features

historical views 63-2

overview 63-1

policy navigation 63-3

real-time views 63-2

views and filters 63-3

File menu reference 63-8

filters

advantages of using network/host objects 63-57

clearing 63-43

column based 63-40

event based 63-42

overview 63-38

submission requirements for policy objects 63-58

text searches (quick filter) 63-42

time range 63-38

time slider 63-38

floating views 63-33

FWSM devices, configuring to provide events 63-24

IPS devices, configuring to provide events 63-25

limits of 63-4

looking up Security Manager policies based on events 63-47

managing service 63-26

monitoring event store disk space 63-30

monitoring status 63-27

opening views 63-32

overview 63-6

performing operations on 63-44

preparation for use 63-23

recovering the event data store 63-31

saving events 63-47

saving views 63-37

selecting devices to monitor 63-29

settings 11-18

starting or stopping the Event Manager service 63-26

status icon colors 63-27

switching between IP addresses and host object names 63-34

switching between real-time and historical views 63-37

syslogs 63-5

troubleshooting

Event Viewer Unavailable message 11-19, 63-26

policy objects not available for filtering 63-58

understanding access control 63-3

using 63-32

using views 63-32

view list 63-10

View menu reference 63-9

Event Viewer command 1-31

exclusive domains

configuring for IOS devices 16-9

Exit command 1-25

Exit command (Report Manager) 64-7

exiting

Cisco Security Management Suite server 1-8

CiscoWorks Common Services 1-8

Security Manager 1-7, 1-9

expiration dates

configuring for access rules 14-17

export

device inventory

DCR, CS-MARS, Security Manager formats 10-6

device with policies 10-6

overview 10-5

supported CSV formats 10-8

IPS event action overrides 36-12

IPS event filter rules 36-4, 36-7

policy objects 6-17

reports 64-22

shared policies 10-11

Export Devices or Policies commands 1-24

Export Inventory dialog box 10-6

Export Map command 1-28

External Product Interface dialog box 32-24

External Product Interface policy 32-23

F

factory-default configurations 42-1

failover

Active/Active

command replication 46-4

configuration synchronization 46-4

configuring in site-to-site VPN 21-49

edit bridge group 46-15

FWSM 46-12

advanced settings 46-14

PIX/ASA 46-16

Add Failover Group 46-23

settings 46-19

PIX/ASA/FWSM 46-9

active/active 46-3

active/standby 46-2

bootstrap configuration 46-25

configuration basics 46-5

configuring 46-1

interface configuration 46-22

interface MAC address 46-21

security context 46-24

stateful 46-3, 46-4

stateless 46-3

types of 46-2

understanding 46-2

PIX 6.3 46-9

interface configuration 46-11

stateful in site-to-site VPN 21-51

false negatives

definition of 35-18

false positives

definition of 35-18

FastTrack class map objects

creating 18-14

match criteria 18-19

feature sets 1-3

File menu

Configuration Manager 1-24

Event Viewer 63-8

Report Manager 64-7

file objects

attributes 30-22

files

deploying to 8-11

selecting or specifying 1-39

Filter Item dialog box 36-9

filter rules, event action (IPS)

attributes 36-9

configuring 36-4

example rule 63-57

exporting 36-4

policy 36-7

tips 36-6

filters

Event Viewer

clearing 63-43

column based 63-40

context menu 63-44

event based 63-42

overview 63-38

refreshing event list 63-39

selecting time range 63-38

text searches (quick filter) 63-42

using time slider 63-38

filtering selectors 1-34

filtering tables 1-37

filters (Event Viewer)

advantages of using network/host objects 63-57

overview 63-3

submission requirements for policy objects 63-58

Find and Replace dialog box 12-14

find and replace in rules policies 12-13

Find Map Node command 1-27

Find Node dialog box 31-12

firewall

AAA firewall

advanced settings 13-18

configuring 13-5

MAC exempt lists 13-21

AAA firewall policy

advanced settings 13-18

configuring 13-5

AAA rules

configuring AAA firewall settings 13-5

configuring AuthProxy settings 13-8

configuring for ASA/PIX/FWSM devices 13-4

configuring for IOS devices 13-7

managing 13-1

properties 13-12

understanding 13-1

understanding how users authenticate 13-3

Access Control page (IPv4 and IPv6) 14-19

access controls

per user downloadable ACLs 14-22

access control settings

configuring settings 14-17

access rule

event analysis example, user access blocked 63-49

finding from CS-MARS events 65-30

finding from Event Viewer events 63-47

viewing related CS-MARS events 65-26

access rules

address requirements 14-5

configuring 14-7

configuring expiration dates 14-17

how deployed 14-5

import examples 14-34

importing 14-30

IPS blocking, affect of 39-4

managing 14-1

optimizing during deployment 14-36

sharing ACLs among interfaces 11-10

understanding 14-2

understanding device-specific behavior 14-5

understanding global 14-3

understanding requirements when using inspection 15-4

ACL naming conventions 12-5

adding rules 12-8

analysis reports 14-22

AuthProxy

configuring 13-8

AuthProxy page 13-23

AuthProxy settings policy

configuring 13-8

botnet traffic filter rules 17-9

combining rules

example 12-23

interpreting results 12-21

procedure 12-19

configuring policies in Map view 31-23

configuring settings 16-14

configuring settings policies in Map view 31-24

deleting rules 12-8

disabling rules 12-17

editing rules 12-9

enabling rules 12-17

finding and replacing items in rules policies 12-13

Firewall AAA IOS Timeout Value Setting dialog box 13-26

Firewall ACL Setting dialog box (IPv4 or IPv6) 14-21

hit count reports 14-24

Inspection page 15-80

inspection rules

add/edit rule wizard 15-10, 15-11, 15-15

choosing interfaces 15-2

configuring 15-5

managing 15-1

preventing DoS attacks on IOS devices 15-5

selecting protocols 15-3, 15-15

understanding 15-1

understanding access rule requirements 15-4

inspection settings

configuring for IOS devices 15-80

introduction 12-1

IPv6 access control settings

configuring settings 14-17

IPv6 access rules

configuring 14-7

configuring expiration dates 14-17

sharing ACLs among interfaces 11-10

understanding 14-2

understanding global 14-3

MAC exempt lists, AAA firewall 13-21

managing rules tables 12-7

moving rules 12-16

object groups

expanding during discovery 12-31

optimizing network object groups during deployment 12-30

overview 12-1

per user downloadable ACLs 14-22

policy discovery 5-13

policy query

example report 12-29

generating reports 12-24

interpreting results 12-28

preserving ACL names 12-4

reference information for AAA rules 13-17

resolving ACL naming conflicts 12-6

rule table sections 12-17

system variables 7-9

transparent rules

adding or editing a rule 19-5

configuring 19-1

configuring passthrough for IOS devices 19-3

editing the EtherType 19-6

editing the mask 19-7

managing 19-1

Transparent Rules page 19-3

understanding NAT effects 12-3

understanding rule order 12-16

understanding rule processing order 12-2

using rules tables 12-7

Web Filter page 16-15

web filter rules

configuring for ASA, PIX, FWSM devices 16-2

configuring for IOS devices 16-9

managing 16-1

understanding 16-1

zone-based firewall

add/edit zones 18-51

advanced options 18-62

configuring PAM 18-64

configuring rules 18-12, 18-59

configuring settings 18-47

Content Filter tab 18-50

designing network zones 18-1

development overview 18-11

Global Parameters tab 18-48

page 18-48

protocol selection 18-63

rules table 18-56

tabs 18-47

VPN tab 18-48

WAAS tab 18-48

Zones tab 18-48

zone-based firewalls

changing the default drop rule 18-46

general recommendations 18-10

IPSec VPN 18-5

logging 18-1

overview 18-1

restrictions 18-3

Self zone 18-5

troubleshooting 18-52

understanding 18-3

understanding permit/deny and action 18-7

understanding services and protocols 18-10

VRF 18-6

Firewall AAA IOS Timeout Value Setting dialog box 13-26

Firewall AAA MAC Exempt Setting dialog box 13-22

Firewall ACL Setting dialog box 14-21

Firewall Device dialog box 39-14

Firewall Services Module

see FWSM 43-1

Fit to Window command 1-28

FlexConfig objects

adding to policies 7-35

ASA samples 7-19

Catalyst 6500/7600 samples 7-22

changing order in policies 7-35

changing variable values 7-35

Cisco IOS Software samples 7-22

CLI commands 7-2

configuring 7-25

configuring AAA for administrative introducers 57-84

creating 7-28

creating text objects 7-32

deleting variables 7-28

PIX firewall samples 7-23

previewing CLI 7-35

properties 7-30

property selector 7-34

removing from policies 7-35

router samples 7-23

samples 7-19

scripting language

example of looping 7-3

example of looping with if/else statements 7-4

example of two-dimensional looping 7-3

understanding 7-3

system variables

device 7-7

firewalls 7-9

remote access VPN 7-18

router 7-13

understanding 7-7

VPN 7-14

undefined variables 7-33

understanding 7-1

variables 7-4

variables, example 7-6

FlexConfig policies

adding objects 7-35

changing object order 7-35

changing variable values 7-35

configuring 7-25

configuring AAA for administrative introducers 57-84

editing 7-35

previewing CLI 7-35

removing objects 7-35

understanding 7-1

FlexConfig Policy page 7-36

FlexConfig Preview dialog box 7-38

FlexConfigs

creating (scenario) 7-25

managing 7-1

FlexConfig Undefined Variables dialog box 7-33

float

report windows 64-24

view windows 63-33

floodguard 52-2

fragmentation

configuring settings in VPNs 22-36

fragments settings 52-2

frequently asked questions

policy discovery 5-25

FTP class map objects

creating 15-20

match criteria 15-36

FTP policy map objects

creating 15-20

match conditions and actions 15-36

properties 15-35

full mesh topologies

description 21-4

partial mesh 21-5

full tunnel client access mode 26-5

FWSM

AAA support 6-22

adding SSL thumbprints manually 9-4

adding when using multiple-context mode 3-7

adding when using non-default HTTPS (SSL) port 3-7

Asymmetric Routing Groups 42-4

Bridge Groups

add/edit 42-39

bridge groups 43-3

changing deployment method to serial for multiple-context mode 9-16

configuring for event management 63-24

configuring FWSM endpoints in site-to-site VPNs 21-45

configuring transparent firewall rules 19-1

credentials 3-15

deleting security contexts 54-4

deployment failures after changing interface policies 9-15

deployment failures in multiple-context mode 9-15

deployment failures with large ACLs 9-16

Device Access

managing Resources 47-2

Resources 47-3

Resources, add/edit 47-3

discovering failover modules 3-7

Event Viewer support 63-4

Failover 46-12

advanced settings 46-14

edit bridge group 46-15

including in deployment jobs 8-26

interfaces

add/edit 42-18

configuring 42-2

General tab 42-19

IPv6 42-27

IPv6, add/edit 42-31

IPv6, add/edit prefixes 42-32

managing 42-13

packet capture, using 65-7

PDM 65-11

policy discovery 5-13

rollback, commands to recover from failover misconfiguration 8-62

rollback command conflicts 8-61

rollback restrictions for failover devices 8-58

rollback restrictions for multiple context mode 8-58

security contexts

configuration 54-5

selecting policy types to manage 5-10

setting up SSL (HTTPS) 2-3

SSL certificate configuration 11-13

TCP State Bypass 53-3

troubleshooting deployment 9-15

G

General

PIX/ASA/FWSM

security policies 52-1

General Configuration tab, SNMP policy for IPS 32-10

General page, device properties 3-36

General tab (Translation Rules)

PIX/ASA/FWSM 20-31

General tab, IPS blocking policy 39-10

GET VPN

anti-replay, time based 25-11

configuring 25-12

configuring global ISAKMP and IPsec settings 25-16

configuring group members 25-20

cooperative key servers 25-7

defining group encryption 21-51

generating, synchronizing RSA keys 25-13

group members

adding 25-19

editing 25-21

IKE proposal 25-15

key servers

adding 25-19

editing 25-19

mandatory and optional policies 21-6

migrating to 25-23

overview 25-1

receive-only SAs 25-23

registration

choosing the rekey transport mechanism 25-6

configuring fail-close mode 25-8

registration process 25-4

SAs

passive SA mode 25-23

receive-only mode 25-23

security policy 25-10

supported platforms 21-9

troubleshooting 25-25

understanding 25-2

GET VPNs

group encryption policies

certificate authorization 21-54

security associations 21-55

global correlation

configuring 38-1

configuring DNS servers 32-22

configuring HTTP proxy server 32-22

configuring inspection and reputation 38-5

configuring network participation 38-7

configuring with Botnet Traffic Filtering 38-1

data collected 38-3

requirements and limitations 38-4

understanding 38-1

understanding network participation 38-3

understanding reputation 38-2

global settings

remote access VPN

configuring 22-26

Gnutella class map objects

creating 18-14

match criteria 18-19

GRE (generic routing encapsulation) VPN

advantages of IPsec tunneling with GRE 23-3

configuring 23-5

configuring GRE modes 23-6

dynamically addressed spokes 23-5

implementation 23-3

overview 23-1, 23-2

prerequisites for successful configuration 23-3

supported platforms 21-9

understanding 23-2

GRE Dynamic IP

mandatory and optional policies 21-6

GRE Modes Page

DMVPN properties 23-13

GRE or GRE Dynamic IP properties 23-6

overview 23-1

Group Domain of Interpretation (GDOI) protocol 25-3

group encryption

defining in GET VPN topologies 21-51

Group Encryption Policy page (GET VPN) 21-51

group members

adding 25-19

communication flow 25-2

configuring fail-close mode 25-8

editing 25-21

GET VPN

registration process 25-4

security policy ACLs 25-10

group members (GET VPN)

configuring 25-20

Group Members page (GET VPN) 25-20

group policies

configuring 27-21

creating 27-23

understanding 27-22

VPNs

configuring bookmarks 27-64

configuring portal appearance 27-59

configuring WINS servers for file system access 27-69

customizing 27-58

post URL method and macro substitutions in bookmarks 27-65

smart tunnels 27-66

Group Policies page 27-21

groups

adding or removing devices 3-55

creating 3-54

deleting 3-54

understanding 3-51

working with 3-51

group types

creating 3-53

deleting 3-54

GTP map objects

Add Country Network Codes dialog box 15-40

Edit Country Network Codes dialog box 15-40

GTP Map Timeouts dialog box 15-41

GTP policy map objects

creating 15-20

match conditions and actions 15-41

properties 15-38

H

H.323 class map objects

IOS

creating 18-14

match criteria 18-19

match criteria 15-46

H.323 policy map objects

ASA/PIX/FWSM

creating 15-20

properties 15-43

IOS

creating 18-14

match conditions and actions 18-33

match conditions and actions 15-46

hash algorithms

in IKE proposals 22-7

MD5 22-7

SHA 22-7

help

accessing 1-40

Help About This Page command 1-31

helper addresses 56-14

Help menu

Configuration Manager 1-31

Help Topics command 1-31

Hide Navigation Window command 1-28

high availability (HA groups)

configuring in Easy VPN 24-2

configuring in site-to-site VPN 21-49

stateful/stateless failover 21-51

high availability policies

configuring in remote access VPNs 29-11

Histogram dialog box 37-13

histograms

configuring anomaly detection 37-10

understanding anomaly detection 37-9

hit count

generating reports 14-24

Hit Count Query Results page 14-28

Hit Count Selection Summary Dialog Box 14-27

Hostname

PIX/ASA/FWSM 47-1

hostnames

Cisco IOS routers

defining 57-77

Hostname Policy page 57-78

overview 57-77

HTTP

Cisco IOS routers

AAA tab 57-32

Command Authorization Override dialog box 57-34

defining policies 57-29

HTTP Policy page 57-31

overview 57-28

Setup tab 57-31

PIX/ASA/FWSM 45-2

configuration 45-2

HTTP (ASA, PIX) class map objects

creating 15-20

HTTP (ASA7.1.x/PIX7.1.x/FWSM3.x/IOS) policy map objects

creating 15-20

properties 15-48

HTTP (ASA7.2+/PIX7.2+) policy map objects

creating 15-20

properties 15-55

HTTP (IOS) class map objects

creating 18-14

creating for zone-based firewall content filtering 18-34

match criteria 18-20

HTTP (Zone Based IOS) policy map objects

creating 18-14, 18-34

match conditions and actions 18-33

HTTP class map objects

match criteria 15-57

HTTP-FORM

settings in AAA server objects 6-35

HTTP policy

overriding HTTPS port number 3-41

sharing

HTTPS port number 3-41

HTTP policy map objects

match conditions and actions 15-57

HTTP proxy server

configuring for IPS global correlation 32-22

HTTP Response Code 500 deployment errors 9-14

HTTPS

setting up 2-3

troubleshooting certificate errors 9-4

hub-and-spoke topology

description 21-2

joined hub-and-spoke topology 21-5

tiered hub-and-spoke topologies 21-5

I

ICMP rules

PIX/ASA/FWSM 45-3

add/edit 45-4

ICMP settings

configuring on IOS routers 56-18

icons

Configuration Manager toolbar reference 1-32

event table toolbar reference 63-14

Event Viewer status color code 63-27

map elements 31-14

ICQ class map objects

creating 18-14

match criteria 18-18

idle timeout, Security Manager client 11-5

IDM

device manager 65-11

IDSM

adding when using non-default HTTPS (SSL) port 3-7

Create and Edit IDSM Data Port VLANs dialog boxes 62-49

Create and Edit IDSM EtherChannel VLANs dialog boxes 62-49

credentials 3-15

defining Data Port VLANs 62-46

defining EtherChannel VLANs 62-44

deleting Data Port VLANs 62-47

deleting EtherChannel VLANs 62-45

deployment failures when changing data port VLAN running mode 9-16

IDSM Settings page 62-47

IDSM Slot-Port Selector dialog box 62-50

mode support limitations 62-43

troubleshooting deployment 9-15

understanding settings on Catalyst devices 62-43

IGMP

PIX/ASA/FWSM

Access Group parameters 50-5

Access Group tab 50-5

enable 50-1

Join Group parameters 50-7

Join Group tab 50-7

page 50-2

parameters 50-4

Protocol tab 50-3

Static Group parameters 50-6

Static Group tab 50-6

ignore error message, configure Security Manager to 9-9

IKE (Internet Key Exchange)

comparing version 1 and 2 22-4

configuring IKE and IPsec policies 22-1

configuring IKEv2 authentication 22-58

configuring proposal 22-9

Diffie-Hellman modulus groups 22-7

encryption algorithms 22-6

hash algorithms 22-7

IKEv2 Authentication policy 22-60, 22-62

overview 22-2

selecting the IKE version for devices in site to site VPNs 22-22

understanding 22-5

IKE keepalive

understanding 22-27

IKE proposal objects

v1 properties 22-10

v2 properties 22-13

IKE proposals (policies)

in GET VPNs 25-15

IKEv2 Authentication dialog box 22-62

IKEv2 Authentication page 22-60

IKEv2 settings

configuring 22-30

configuring cookie challenges 22-30

IM (ASA7.2+/PIX7.2+) policy map objects

creating 15-20

properties 15-60

IM (IOS) policy map objects

creating 15-20

properties 15-63

IM (Zone Based IOS) policy map objects

creating 18-14

match conditions and actions 18-33

IM (Zone based IOS) policy map objects

creating 18-14

IMAP

configuring for inspection rules 15-18

IMAP class map objects

creating 18-14

match criteria 18-22

IM applications

match conditions for zone-based firewalls 18-18

protocol information for IM application inspection 18-31

IMAP policy map objects

creating 18-14

match conditions and actions 18-33

IM class map objects

creating 15-20

match criteria 15-61

IM policy map objects

match conditions and actions 15-61

import

device inventory 3-25

device with policies 10-12

policy objects 6-17

Import Background Image dialog box 31-13

Import Rules wizard

Enter Parameters page 14-31

Preview page 14-33

Status page 14-32

inheritance

inheriting rules 5-43

understanding 5-4

understanding signature policies 35-2

versus assignment 5-6

Inherit Rules command 1-27

Inherit Rules dialog box 5-43

Inspect/Application FW Rule wizard

Address and Port page 15-11

Inspected Protocol page 15-15

Match Traffic page 15-10

inspection

global correlation (IPS)

configuring 38-5

inspection map objects

understanding 6-61

inspection rules

ACL naming conventions 12-5

add/edit rule wizard 15-10, 15-11, 15-15

choosing interfaces 15-2

configuring 15-5

configuring custom protocol name 15-19

configuring DNS settings 15-17

configuring ESMTP settings 15-17

configuring fragment inspection 15-18

configuring in Map view 31-23

configuring RPC settings 15-19

configuring settings for IOS devices 15-80

configuring settings in Map view 31-24

configuring SMTP settings 15-17

deep inspection options

IMAP 15-18

POP3 15-18

deleting 12-8

disabling 12-17

editing 12-9

enabling 12-17

Inspection Rules page 15-7

managing 15-1

moving 12-16

preserving ACL names 12-4

preventing DoS attacks on IOS devices 15-5

selecting protocols 15-3, 15-15

understanding 15-1

understanding access rule requirements 15-4

understanding NAT effects 12-3

understanding processing order 12-2

Inspection Rules page 15-7

Inspection settings page 15-80

inspect maps

policy maps

Add Country Network Codes dialog box 15-40

Edit Country Network Codes dialog box 15-40

Inspect parameter map objects

properties 18-28

Inspect Parameters map objects

creating 18-14, 18-34

installing

Security Manager client 1-9

Integrated Local Management Interface (ILMI) 56-49

Interactive Authentication Configuration dialog box 13-20

Interface Name Conflict dialog box 6-61

Interface Properties dialog box 31-19

Interface Role Contents dialog box 12-13

interface role objects

creating 6-57

defining subinterfaces 6-59

distinguishing from interfaces 6-59

handling conflicts between role and interface names 6-61

Interface Role dialog box 6-58

specifying during policy definition 6-59

understanding 6-56

use when a single interface name is allowed 6-60

interfaces

adding or changing modules 3-34

ASA

edit EtherChannel-assigned interface 42-10

EtherChannels 42-8, 42-12

LACP 42-10

ASA/FWSM

IPv6 42-27

IPv6, add/edit 42-31

IPv6, add/edit prefixes 42-32

ASA 5505 42-5

ASA devices

Advanced tab 42-25

IP Type 42-34

Catalyst switches and 7600 Series routers

Access Port Selector dialog box 62-30

Create and Edit Interface dialog boxes-Access Port mode 62-9

Create and Edit Interface dialog boxes-Dynamic Port mode 62-18

Create and Edit Interface dialog boxes-Other mode 62-24

Create and Edit Interface dialog boxes-Routed Port mode 62-12

Create and Edit Interface dialog boxes-subinterfaces 62-22

Create and Edit Interface dialog boxes-Trunk Port mode 62-14

Create and Edit VLAN dialog boxes 62-28

Create and Edit VLAN Group dialog boxes 62-34

defining ports 62-5

deleting ports 62-7

generating names 62-6

Interfaces/VLANs page-Interfaces tab 62-7

Interfaces/VLANs page-Summary tab 62-3

Interfaces/VLANs page-VLAN Groups tab 62-33

Interfaces/VLANs page-VLANs tab 62-27

Service Module Slot Selector dialog box 62-35

Trunk Port Selector dialog box 62-31

understanding 62-5

VLAN Selector dialog box 62-35

Cisco IOS routers

Advanced Interface Settings dialog box 56-16

Advanced Interface Settings page 56-15

available types 56-2

Create Router Interface dialog box 56-8

defining advanced settings 56-13

defining basic settings 56-3

defining CEF interface settings 56-24

defining IPS module settings 56-22

deleting from 56-6

generating names 56-4

Interface Auto Name Generator dialog box 56-12

overview 56-1

Router Interfaces page 56-7

understanding helper addresses 56-14

configuring IOS IPS rules 41-8

configuring multiple contexts 54-2

distinguishing from interface roles 6-59

failover

MAC address 46-21

PIX/ASA/FWSM 46-22

PIX 6.3 46-11

IPS

configuring 33-6

configuring bypass mode 33-12

configuring CDP mode 33-13

configuring inline interface pairs 33-13

configuring inline VLAN pairs 33-14

configuring physical 33-10

configuring VLAN groups 33-15

deploying VLAN groups 33-5

inline interface mode 33-3

inline VLAN pair mode 33-3

interfaces policy 33-6

managing interface configurations 33-1

physical interface properties 33-11

promiscuous mode 33-2

roles 33-1

sensing modes overview 33-2

understanding 33-1

viewing summary 33-8

VLAN group mode 33-4

IP Type

PIX 6.3 42-17

PIX/ASA

allocation in security contexts 54-8

IP Type 42-34

PPPoE Users 42-42

redundant 42-7

subinterfaces 42-6

VPDN groups 42-43

PIX/ASA/FWSM

add/edit 42-18

Advanced settings 42-40

configuring 42-2

contexts 42-4

DDNS update rules 48-14

enabling traffic between same security levels 42-41

General tab 42-19

manage 42-13

management access 45-5

understanding 42-2

PIX/ASA 7+ devices

MAC address 42-36

PIX 6.3

add/edit 42-15

routed and transparent 42-3

specifying during policy definition 6-59

specifying subinterfaces 6-59

throughput delay 56-18

Interface Selector dialog box (VLAN ACL Content) 62-42

Interfaces page (IPS) 33-6

Interface Specific Authentication Server Groups dialog box 27-13

Interface Specific Client Address Pools dialog box 27-10

inventory

deleting devices from 3-48

export devices

DCR, CS-MARS, Security Manager formats 10-6

device with policies 10-6

overview 10-5

supported CSV formats 10-8

using command line utility 10-9

import devices

device with policies 10-12

inventory, device

adding devices 3-7

adding devices from configuration files 3-17

adding devices from inventory file 3-25

adding devices from network 3-8

adding devices manually 3-21

managing 3-1

testing device connectivity 9-1

troubleshooting device discovery failures 3-7

troubleshooting Performance Monitor status collection 65-17

understanding 3-1

understanding contents 3-3

viewing inventory status 65-15

working with 3-30

Inventory Status command 1-29

Inventory Status window 65-18

Inverse ARP 56-60

inverse multiplexing over ATM (IMA) 56-39

IOS devices

configuring transparent firewall rules 19-1

remote access IPSec VPNs

user group policies 29-13

remote access IPsec VPNs

creating using wizard 26-35

remote access SSL VPNs

configuring bookmarks 27-64

configuring WINS servers for file system access 27-69

creating using wizard 26-31

remote access VPNs

configuring SSL VPN policies 29-14

Context Editor dialog box (IOS) 29-15, 29-16

Dynamic VTI/VRF Aware IPsec settings 29-7

high availability 29-11

IPsec proposals 29-4

SDM 65-11

IOS IPS

affect of load balancing 41-7

comparing to IPS appliances and service modules 32-1

configuration files 41-3

configuration overview 41-3

configuring 41-1

configuring general settings 41-7

configuring interface rules 41-8

configuring target value ratings 36-14

event actions

filter rule attributes 36-9

filter rules 36-4, 36-7

filter rules tips 36-6

network information 36-14

overrides 36-12

overview 36-1

possible actions 36-2

process overview 36-1

settings 36-20

getting started 32-1

initial preparation of router 41-5

lightweight signature engines 41-2

limitations and restrictions 41-3

selecting signature category 41-6

signatures

adding custom 35-15

cloning 35-18

configuring 35-3

defining 35-1

detailed information 35-2

editing 35-11

editing Meta engine component list 35-25

editing or tuning parameters 35-18

enabling or disabling 35-10

engines 35-16

exporting 35-6

inheritance 35-2

parameters list 35-20

policy 35-4

shortcut menu 35-7

understanding 35-1

viewing update level 35-9

understanding 41-1

understanding subsystems and revisions 41-2

IOS Software Release 12.1 and 12.2

managing routers 55-2

IOS Web Filter Exclusive Domain Name dialog box 16-13

IOS Web Filter Rule and Applet Scanner dialog box 16-12

IP address

supporting dynamic 3-31

IP addresses

network masks 6-64

specifying in policies 6-70

specifying IPv6 in policies 6-71

IP Options policy map objects

creating 15-20

properties 15-65

IPS

IPS Module router interface settings policies 56-22

PIX/ASA/FWSM

rules 53-5

rules wizard 53-6

tab 53-8

IPS alerts

properties 63-15

IPS Certificates dialog box 40-9

IPS command 1-29

IPS Devices

selecting for Event Viewer 63-29

IPS devices

adding SSL thumbprints manually 9-4

allowed hosts 32-7

anomaly detection

configuring 37-6

configuring histograms 37-10

configuring learning accept mode 37-8

configuring signatures 37-4

configuring thresholds 37-10

detection zones 37-3

managing 37-1

modes 37-2

understanding 37-1

understanding histograms 37-9

understanding thresholds 37-9

understanding worms 37-2

when to turn off 37-4

blocking

configuring 39-7

configuring ARC 39-1

configuring blocking devices 39-14

configuring master blocking sensors 39-13

configuring never block hosts and networks 39-17

configuring router blocking interfaces 39-15

configuring user profiles 39-12

configuring VLAN blocking interfaces 39-16

general options 39-10

master blocking sensor 39-6

policy 39-8

rate limiting 39-4

router and switch blocking devices 39-4

strategies 39-3

understanding 39-1

capturing network traffic 32-2

certificates 40-9

changing those selected for reports 64-20

configuration overview 32-5

configuration overview for IOS IPS 41-3

configuring AAA 32-19

configuring Analysis Engine global variables 32-26

configuring DNS servers 32-22

configuring for event management 63-25

configuring for report management 64-3

configuring HTTP proxy server 32-22

configuring NTP 32-21

configuring OS maps 36-17

configuring SNMP 32-8

configuring target value ratings 36-14

configuring the external product interface 32-23

configuring user accounts 32-16

credentials, IPS router modules 3-16

deployment of passwords 32-15

deployment topology 32-4

discovery of passwords 32-15

event actions

example filter rule 63-57

filter rule attributes 36-9

filter rules 36-4, 36-7

filter rules tips 36-6

network information 36-14

overrides 36-12

overview 36-1

possible actions 36-2

process overview 36-1

settings 36-20

Event Viewer support 63-4

getting started 32-1

global correlation

configuring 38-1

configuring inspection and reputation 38-5

configuring network participation 38-7

data collected 38-3

requirements and limitations 38-4

understanding 38-1

understanding network participation 38-3

understanding reputation 38-2

initializing 2-12

interfaces

configuring 33-6

configuring bypass mode 33-12

configuring CDP mode 33-13

configuring inline interface pairs 33-13

configuring inline VLAN pairs 33-14

configuring physical 33-10

configuring VLAN groups 33-15

deploying VLAN groups 33-5

inline interface mode 33-3

inline VLAN pair mode 33-3

interfaces policy 33-6

managing interface configurations 33-1

physical interface properties 33-11

promiscuous mode 33-2

roles 33-1

sensing modes overview 33-2

understanding 33-1

viewing summary 33-8

VLAN group mode 33-4

IPS modules for ASA 53-12

license, exporting 11-29

licenses

automating 40-3

managing 40-1