-
User Guide for Cisco Security Manager 3.0.1
-
Preface
-
Getting to Know Security Manager
-
Performing Administrative Tasks
-
Working With the Security Manager User Interface
-
Using Map View
-
Managing Devices
-
Managing Policies
-
Managing Activities
-
Managing Objects
-
Managing Site-to-Site VPNs
-
Managing Remote Access VPNs
-
Managing Firewall Services
-
Managing Routers
-
Managing Firewall Devices
-
Using the Catalyst 6500/7600 Device Manager
-
Managing Deployment
-
Managing FlexConfigs
-
Using Tools
-
Devices User Interface Reference
-
Site-to-Site VPN User Interface Reference
-
Policy User Interface Reference
-
Map View User Interface Reference
-
Tools User Interface Reference
-
Administrative Settings User Interface Reference
-
Activities User Interface Reference
-
Deployment User Interface Reference
-
Index
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
Numerics
3DES encryption algorithm
in IKE proposals 59
802.1x
802.1x Policy page 544
configuring on Cisco IOS routers 59
defining policies 64
interface authorization states 61
supported topologies 62
understanding device roles 60
A
AAA
accounting 1
authorization 1
configuring on firewall devices 30
local fallback 32
support 32
user authentication 1
AAA authentication groups
predefined 7
AAA Firewall page 784
AAA Mode Setup page 2
AAA rules
AAA Rules page 708
Add AAA Rules dialog box 711
adding 83
AuthProxy dialog box 729
configuring settings
for AAA (IOS) 99
for AAA firewall (PIX/ASA) 94
copying 91
cutting 91
deleting 93
disabling 89
Edit AAA Option dialog box 727
Edit AAA Rules dialog box 711
Edit AAA Server Group dialog box 730
Edit Category dialog box 732
Edit Description dialog box 731
Edit Destinations dialog box 719
editing 86
Edit Interface dialog box 725
Edit Service dialog box 689, 722
Edit Sources dialog box 717
enabling 89
finding usage 90
generating usage reports 90
MAC exempt address lists
adding 96
deleting 98
editing 97
using 96
moving down 92
moving up 92
pasting 91
Show Destination dialog box 721
Show Interface Contents dialog box 726
Show Service Contents dialog box 724
Show Source Contents dialog box 718
understanding 81
AAA Rules page 708
AAA server group objects
AAA Server Group dialog box 36
AAA Server Groups page 35
creating 9
deleting 18
duplicating 12
editing 13
generating usage reports for 17
managing overrides 16
override page in Device Properties 55
override page in Policy Object Manager 207
predefined authentication groups 7
understanding 6
viewing details 15
AAA Server Groups Override page 55
AAA server objects
AAA Server dialog box 42
AAA Servers page 40
creating 24
deleting 30
duplicating 26
editing 27
generating usage reports for 29
supported types 21
understanding 19
viewing details 28
AAA servers
external servers 1
supported types on ASA devices 22
table of services on ASA devices 23
Abort Deployment Job dialog box 27
ABR
definition of 93
access control list objects
creating 35
deleting 42
duplicating 41
editing 40
Extended IP ACL tab 51
Add Extended Access Control Entry dialog box 56
Add Extended Access List page 52
Edit Extended Access Control Entry dialog box 56
Edit Extended Access List page 52
extended objects 35
generating usage reports for 44
Standard IP ACL tab 59
Add Standard Access Control Entry dialog box 62
Add Standard Access List page 60
Edit Standard Access Control Entry dialog box 62
Edit Standard Access List page 60
standard objects 38
understanding 32
viewing details 45
Access Control page 776
access controls
access list compilation
enabling 54
object group search
enabling 49
per user downloadable ACLs (PIX/ASA/FWSM)
enabling 52
understanding settings 48
Access Group tab
access list compilation
enabling 54
understanding 53
access permissions
maps 3
access ports in DM 6500/7600
configuring 49
editing 49
restarting 49
access rules
Access Rules page 635
Adaptive Security Algorithm (ASA) and 8
Add Firewall Rule dialog box 639
adding 12
Advanced dialog box 644
ASA, and 9
copying 21
cutting 21
deleting 24
disabling 20
Edit Category dialog box 660
Edit Description dialog box 659
Edit Destinations dialog box 649
Edit Firewall Option dialog box 654
Edit Firewall Rule dialog box 639
editing 16
Edit Interface dialog box 656, 691
Edit Service dialog box 652
Edit Sources dialog box 647
enabling 20
FWSM, and 9
IOS router, and 9
logging events for an ACE 11
moving down 23
moving up 23
pasting 21
PIX Firewalls, and 9
recognizing on devices 8
Show Destination Contents dialog box 651
Show Interface Contents dialog box 658
Show Service Contents dialog box 654
Show Source Contents dialog box 648
Access Rules page 635
accounting
configuring on firewall devices 30
ACL names
generating 4
Active/Active failover
about 56
command replication 57
configuration synchronization 57
Active/Standby failover 56
activities
accessing functions 9
Activity Details tab 5
Activity Manager window 1
Activity Required (Create Activity) dialog box 15
Activity Required (Create or Open Activity) dialog box 16
and locking 4
Approve Activity dialog box 9
Approved state 6
benefits of 2
closing 12
Create Activity dialog box 7
creating 11
Devices tab 14
Discard Activity dialog box 11
discarding 17
Edit state 5
Errors tab 12
History tab 6
managing 1
multiple users 5
Openable Activities dialog box 17
opening 11
Reject Activity dialog box 10
Rejected state 6
rejecting 16
Submit Activity dialog box 8
Submitted state 5
understanding 2
validating 12
Validation dialog box 12
viewing details 18
viewing historical data 18
working with 9
Activities menu 12
Activity Details tab 5
Activity Manager window 1
Activity Required (Create Activity) dialog box 15
Activity Required (Create or Open Activity) dialog box 16
Adaptive Security Appliances
Add/Edit IGMP Join Group dialog box
description 89
Add/Edit IGMP Static Group dialog box
description 88
Add/Edit Multicast Route dialog box
description 402
Add AAA Rules dialog box 711
Add Certificate dialog box 11
Add Client Access Rules dialog box 73
Add Country Network Codes dialog box 102
Add Device from Config File wizard 25
Device Grouping page 24
Device Information page - Config File 25
Add Device from DCR wizard 40
Device Grouping page 24
Device Information page - DCR 40
Add Device from Network wizard 7
Device Credentials page 14
Device Grouping page 24
Device Information page - Network 8
Add Devices to Groups page 71
Add Extended Access Control Entry dialog box 56
Add Firewall Rule dialog box 639
Add FTP Map dialog box 96
Add Groups dialog box 72
Add GTP Map dialog box 100
Add Link dialog box 23
Add Map Object and Node Properties dialog boxes 24
Add New Device wizard 29
Device Credentials page 14
Device Grouping page 24
Device Information page - New Device 29
Add Other Devices dialog box 22
Add Permit Response dialog box 103
address pools 20
Add Standard Access Control Entry dialog box 62
Add Standard Access List page 60
Add TCP Map dialog box 165
Add Traffic Flow dialog box 176
Add Transparent Firewall Rule dialog box 767
admin context
overview 103
administration
selecting policies to manage 44
Advanced dialog box
access rules 644
AES encryption algorithm
in IKE proposals 60
in VPN SPA 32
Analysis 802
analysis reports
generating 35
understanding 33
Analysis Reports page 802
anti-spoofing 97
Approve Activity dialog box 9
Approve Deployment Job dialog box 24
Approved state 6
approvers 13
area border router 93
ARP table
ASA
FlexConfig object samples 7
ASA devices
AAA support 22
table of AAA services 23
use of Kerberos 22
use of LDAP servers 22
use of NT servers 22
use of SDI servers 22
see also PIX/ASA/FWSM Platform policies
ASA user group objects
ASA User Groups page 64
Client Configuration tab 54, 74
Client Firewall Attributes tab 57, 77
creating 47
deleting 64
duplicating 63
editing 62
generating usage reports for 65
Hardware Client Attributes tab 81
Hardware Client tab 61
Add Client Access Rules dialog box 73
Edit Client Access Rules dialog box 73
understanding 45
viewing details 67
ASA User Groups page 64
ASBR
definition of 93
ASDM
version 484
assignment overview 12
Assignments tab 26
Assign Shared Policy dialog box 3
audit log entries
purging 9
audit logs
archiving 60
understanding 60
Audit Logs Settings page 15
Audit Message Details dialog box 8
Audit Report page 6
audit reports
examples for defining 7
generating 7
understanding 6
AUS
setting up 12
authentication
configuring on firewall devices 30
authentication methods
in IKE proposals 61
preshared keys 61
RSA signatures 61
authorization
configuring on firewall devices 30
AuthProxy dialog box
AAA rules 729
AuthProxy General tab (IOS) 788, 790
AuthProxy page 787
autolink
omitting reserved networks from maps 2
Auto Update Server (AUS) 26
licensing 58
Auto Update Server Properties dialog box 12
Auto Update Servers
using to deploy to ASA devices 12
using to deploy to PIX firewalls 12
Auto Update Servers (AUS)
adding 64
configuring AUS settings on firewall devices 62
editing 68
understanding 63
Available Auto Update Servers dialog box 13
Available CNS-Configuration Engines dialog box 38
Available Servers dialog box 36
B
background image, map
deleting 15
importing 13
overview 13
scale and position 15
setting 14
backups
understanding 17
using Common Services 17
bandwidth 485
banners
Banner page 290
configuring on firewall devices 36
benefits of product 3
BGP routing
BGP Routing Policy page 584
configuring on Cisco IOS routers 116
defining routes 117
Neighbors dialog box 587
redistributing routes 120
Redistribution Mapping dialog box 589
Redistribution tab 588
Setup tab 585
boot image and configuration settings
configuring on firewall devices 38
bridging
PIX/ASA/FWSM
Add/Edit ARP Inspection dialog box 278
Add/Edit ARP Table Entry dialog box 276
Add/Edit MAC Learning dialog box 282
Add/Edit MAC Table Entry dialog box 281
ARP Inspection page 277
ARP Table page 274
configuring on 27
MAC Address Table page 279
MAC Learning page 281
Management IP page 283
buttons
main toolbar 32
C
CA server authentication methods
SCEP (Simple Certificate Enrollment Protocol) 80
Catalyst 6500/7600 Device Manager (DM 6500/7600)
action buttons 14
basic concepts 1
desktop 10
features 3
navigating in 4
opening 4
preferences 16
quick reference 18
selector, understanding 13
starting 4
Catalyst 6500/7600 Device Manager (DM 6500/7600) wizards
Firewall-Inside setup 134
Firewall-Outside setup 143
Port 37
VLAN 89
Catalyst 6500/7600 Device Manager access window
opening from Tools menu 5
Catalyst 6500/7600 devices
configuring FWSM on 38
configuring VPNSM on 30
configuring VPN SPA on 32
Catalyst 6500/7600 switches
including in deployment jobs 5
Catalyst 6500 switches
deployment 34
Catalyst VPN Services Module (VPNSM)
configuring a VPN interface 30
configuring in remote access VPNs 11
defining settings (site-to-site VPN) 21
VPNSM/VPN SPA Settings dialog box 846
VPNSM blade 30
Catalyst VPN Shared Port Adapter (VPN SPA)
adding location information during Catalyst 6500/7600 discovery 42
configuring a VPN SPA blade 32
configuring in remote access VPNs 11
defining settings (site-to-site VPN) 21
dialog box for entering VPN SPA locations during discovery 19
VPNSM/VPN SPA Settings dialog box 846
VPN SPA blade 32
VPN SPA Slots dialog box 21
VPN SPA Slot Selector 22
categories
editing 69
understanding 68
category objects
Categories page 84
Category Editor dialog box 85
certificate authentication
procedure 54
certificates, device
Add Certificate dialog box 11
adding manually 54
settings for authentication 9
Certification Authority (CA) servers
naming guidelines 157
checklist for getting started 13
Choose Files dialog box 28
Cisco Adaptive Security Appliances
Cisco Discovery Protocol (CDP) settings, configuring in DM6500/7600 24
Cisco Express Forwarding (CEF)
importance for QoS 87
Cisco IOS
banners, configuring in DM6500/7600 26
FlexConfig object samples 9
Cisco IOS devices
selecting transport protocols 51
Cisco IOS routers
available interface types 6
configuring 802.1x 59
configuring BGP routing 116
configuring device access 26
configuring DHCP 43
configuring dialer interfaces 29
configuring EIGRP routing 121
configuring host and domain names 34
configuring interfaces 2
configuring logging 80
configuring NAC 68
configuring NAT 10
configuring NTP 51
configuring OSPF routing 130
configuring platform policies 1
configuring QoS 86
configuring RIP routing 149
configuring SDP 35
configuring SNMP 54
configuring static routing 155
deleting interfaces 9
generating interface names 8
managing 1
Cisco Networking Services (CNS) 28
Cisco Networking System (CSN)
using to deploy to IOS routers 13
Cisco PIX firewalls
see PIX/ASA/FWSM Platform policies
Cisco Secure Access Control Server (ACS)
adding users 24
associating user roles and permissions 18
customizing user roles 17
default roles 16
integrating with Security Manager 20, 65
integration checklist 22
integration requirements 21
performing integration 23
performing integration in CiscoWorks 31
registering Security Manager 34
understanding user permissions 2
Cisco Secure Access Control Server (ACS) integration
adding managed devices 38
adding system administrator 24
checklist of tasks 22
configuring CiscoWorks AAA mode 34
configuring NDGs 38
creating administration control user 30
creating local users in CiscoWorks 32
customizing user roles 17
defining system identity user 32
list of ACS procedures 23
list of CiscoWorks procedures 31
list of requirements 21
restarting Daemon Manager 35
Cisco Secure Access Control Server (ACS) user interface
Add Administrator page 30
Administration Control page 30
Group Setup page 38
New Network Device page 29
Shared Components page 17
User Setup page 24
Cisco Security Management Suite server
exiting 2
logging in to 2
Cisco Trust Agent (CTA) 70
CiscoWorks Common Services
assigning roles to users 14
associating user roles and permissions 18
available user roles 13
backing up Security Manager with 17
configuring AAA mode 34
creating local user for Cisco Secure ACS 32
defining system identity user 32
exiting 2
logging in to 2
performing integration for Cisco Secure ACS 31
registering Security Manager with Cisco Secure ACS 34
understanding user permissions 2
CiscoWorks Common Services user interface
AAA Setup Mode page 34
Local User Setup page 32
System Identity Setup page 32
Class-Based Policing 94
CLI commands
in FlexConfigs 2
prepended 2
Client Configuration tab
ASA user group objects 74
client connection characteristics
Client Connection Characteristics page 84
configuring policies for Easy VPN 109
Client Firewall Attributes tab
ASA user group objects 77
clock
configuring on firewall devices 39
cluster load balancing
configuring 16
PIX7.0/ASA Cluster Load Balance page 867
understanding 15
CNS
setting up 15
CNS-Configuration Engine Properties dialog box 37
commands
Activities menu 12
Edit menu 7
Edit menu, table commands 21
File menu 6
Help menu 12
Policy menu 8
Tools menu 11
View menu 8
Common Services
licensing 58
Common Services backup
of Security Manager 17
config files
adding devices from 44
Device Grouping page 40
Device Information page 47
configuration
frequently asked questions 17
Configuration Archive
New Configuration Version dialog box 14
rolling back to archived configuration files 13
settings 46
toolbar, customizing 10
transcripts, understanding 11
version viewer 12
viewing configuration files 12
viewing transcripts 11
window 10
Configuration Archive Settings page 3
Configuration Engines
adding 64
editing 68
understanding 63
configuration files
deploying in non-Workflow mode 34
deploying in Workflow mode 36
previewing 38
redeploying to devices 40
rolling back to archived configurations 13
rolling back to devices 43
selecting 24
understanding factory-deafult configurations 2
viewing 12
configuration views 9
Configure DNS dialog box
inspection rules 697
Configure ESMTP dialog box
inspection rules 700
Configure Fragments dialog box
inspection rules 701
Configure IMAP dialog box
inspection rules 703
Configure POP3 dialog box
inspection rules 704
Configure RPC dialog box
inspection rules 705
Configure SMTP dialog box
inspection rules 698
connection
server status 3
connections per second 485
console timeout settings
configuring on firewall devices 43
contact credentials
configuring on firewall devices 41
contained modules
show 5
Contents pane 7
context mode
viewing 484
contexts
control plane (CP)
defining QoS on 104
policing on 99
Control Plane Policing 99
Copy Policies wizard
Copy Policies from this Device page 5
Copy Policies to these Devices page 6
Select Policies to Copy page 7
understanding 4
core network connections, configuring for MSFC in DM6500/7600 135
CPU usage 485
Create a Clone page 46
Create Activity dialog box 7
Create a Job dialog box 12
Create a Policy dialog box 27
Create Discovery Task dialog box 15
Create Filter dialog box 3
Policy view 24
Create Overrides for Device dialog box 216
Create Text Object dialog box 91
Create VLAN dialog box 44
Create VPN Topology wizard 8
Credentials page 51
crypto maps
dynamic 66
in IPSec proposals 66
static 66
Customize Desktop Settings page 4
Custom Protocol dialog box
inspection rules 699
D
Daemon Manager
restarting after Cisco Secure ACS integration 35
job status
Scheduled to run at 9
DCS properties file
defining SSH settings by editing 53
dead-peer detection (DPD) 69
Delete Map dialog box 16
Deploy Job dialog box 26
deployment
Abort Deployment Job dialog box 27
Add Other Devices dialog box 22
Approve Deployment Job dialog box 24
clearing XLATE on 102
configurations 34
Create a Job dialog box 12
Deploy Job dialog box 26
Deployment Rollback dialog box 28
Details tab 34
Discard Deployment Job dialog box 25
Edit Deploy Method dialog box 17
Edit Selected Deployment Method dialog box 18
frequently asked questions 17
History tab 35
managing 1
maximum number of devices 23
non-Workflow mode 3
Deploy Saved Changes dialog box 3
Preview Config dialog box 20
Preview Messages dialog box 19
Redeploy a Job dialog box 31
Reject Deployment Job dialog box 23
Rollback Confirmation dialog box 30
Submit Deployment Job dialog box 22
Summary tab 33
to devices
OS version mismatches 14
understanding 11
to files 13
understanding 1
using a Cisco Networking Services (CNS) server 28
using an Auto Update Server (AUS) 26
using a Token Management Server (TMS) 24
viewing status information 33
Warning - Partial VPN Deployment dialog box 16
Workflow mode 5
Create a Job dialog box 12
Deployment Manager window 10
dialog boxes 9
tasks 46
windows 9
working with 31
deployment device details 45
deployment errors
OS version mismatches 14
deployment job approval 9
deployment job changes 10
deployment job history 53
deployment jobs
aborting 42
approving 51
benefits of 2
creating 46
discarding 52
including devices in 10
multiple users and 10
opening 49
rejecting 51
submitting 50
deployment job states
non-Workflow mode 4
Workflow mode 8
Deployment Manager window
Details tab 34
History tab 35
Summary tab 33
Deployment Manager window in non-Workflow mode 2
Deployment Manager window in Workflow mode 10
deployment methods
changing 40
understanding 11
Deployment Rollback dialog box 28
Deployment Settings page 5
Deployment Status Details dialog box 6
refreshing 40
viewing 33
deployment summary 45
deployment taskflow
in Workflow mode 5
non-Workflow mode 3
deployment transport protocols
for ASA devices 12
for Catalyst 6500/7600 devices 12
for IOS routers 12
for PIX firewalls 12
Deploy Saved Changes dialog box 3
DES encryption algorithm
in IKE proposals 59
device access
Cisco IOS routers
configuring on 26
configuring on firewall devices 42
device access policies
defining 26
device administration policies
configuring on firewall devices 29
device certificates
Add Certificate dialog box 11
adding manually 54
settings for authentication 9
device credentials
naming guidelines 72
understanding 70
validation error messages 73
Device Credentials page 14
Device Credentials Repository (DCR)
adding devices from 58
Device Grouping page 40
Device Information page 61
Device Delete Validation Details dialog box 45
Device Grouping page 24
device grouping shortcut menu options 69
device groups
working with 55
Device Information page - Config File 25
Choose Files dialog box 28
Device Information page - DCR 40
Device Information page - Network 8
Device Information page- New Device 29
device policies shortcut menu options 67
Device Properties
Credentials page 51
Device Groups page 53
General page 48
Policy Object Override pages
AAA Server Groups Override page 55
general reference 54
Interface Roles Override page 56
Networks/Hosts Override page 57
PKI Enrollments Override page 58
Port Lists Override page 60
Service Groups Override page 63
Services Override page 61
Text Objects Override page 64
device properties
defining 76
editing 78
understanding 74
viewing 79
Device Properties page
creating object overrides 252
deleting overrides 255
understanding 47
devices
adding from configuration file 44
adding from DCR 58
adding from network 32
adding new 49
assigning shared policies 28
choosing add method 30
configuring local policies 17
copying policies between 19
copying shared policies 30
creating policy object overrides 252
deleting from inventory 82
deleting policy object overrides 255
deploying to dynamically addressed 12
deploying to 13
deployment to 11
discovering policies 5
discovering policies on existing devices 6
managing 1
maps
adding existing managed 18
adding new managed 18
displaying devices from Device View 20
displaying managed 17
showing containment for Catalyst switches, ASA, PIX devices 19
modifying policy assignment 34
modifying shared policies 33
policy status icons 18
preparing 2
redeploying configuration files to 40
renaming policies 32
replacing policies 28
rolling back configuration files to 43
sharing multiple policies 25
unassigning policies 21
unsharing policies 27
working with communication settings UI 51
Device selector 2
device selector
filtering 27
device shortcut menu options 65
Devices page 2
Devices tab 14
Devices User Interface Reference 1
Device view
assigning shared policies 28
configuring local policies 17
copying policies between devices 19
copying shared policies 30
editing site-to-site VPN policies in 56
managing policies 16
managing VPN devices in 53
modifying policy assignments 34
modifying shared policies 33
overview 9
policy status icons 18
renaming policies 32
sharing local policies 23
sharing multiple policies 25
Site-to-Site VPN Topologies page 86
unassigning policies 21
understanding basic policy management 16
understanding shared policies 22
unsharing policies 27
device view
understanding 23
DHCP
Cisco IOS routers
configuring on 43
defining address pools 49
defining policies 47
DHCP Database dialog box 527
DHCP Policy page 524
IP Pool dialog box 528
understanding database agents 44
understanding option 82 45
understanding relay agents 44
understanding secured ARP 46
PIX/ASA/FWSM
configuring DHCP relay 64
configuring DHCP servers 65
DHCP pools in DM 6500/7600
viewing status 28
dial backup
configuring 28
Dial Backup Settings dialog box 32
understanding 27
dialer interfaces
configuring on Cisco IOS routers 29
defining BRI properties 32
defining profiles 29
Dialer Interfaces Policy page 512
Dialer Physical Interface dialog box 516
Dialer Profile dialog box 515
Diffie-Hellman groups
in IKE proposals 60
Discard Activity dialog box 11
Discard Deployment Job dialog box 25
discovery
Map View 37
overview 12
Settings page 13
Discovery Details pane 4
Discovery Status dialog box 18
discovery task
frequently asked questions 10
starting 6
viewing status 9
Distinguished Name (DN) matching policies
configuring 25
DN Matching Policy page 870
understanding 24
Distinguished Name (DN) matching rules
configuring 27
DN Matching Rules page 871
DN Rule dialog box (lower pane) 875
DN Rule dialog box (upper pane) 874
understanding 26
Distributed Traffic Shaping (DTS) 94
DMVPN (Dynamic Multipoint VPN)
advantages of using with GRE 95
configuring policies 96
IPSec technology 8
understanding 94
using with GRE 95
DNS
configuring on firewall devices 67
dynamically assigned IP addresses
adding devices with 63
dynamic crypto maps 66
dynamic IP devices
GRE for 90
dynamic NAT
creating rules on Cisco IOS routers 20
E
Easy VPN
Advanced tab 81
client connection characteristics 109
Client VPN Software Update tab 83
configuring policies for 103
General tab 75
IPSec Proposal page 69
IPSec proposals 103
IPSec tab 79
IPSec technology 8
tunnel group policies 107
Tunnel Group Policy page 74
understanding 100
user group policies 106
User Group Policy page 73
Edit AAA Option dialog box 727
Edit AAA Rules dialog box 711
Edit AAA Server Group dialog box 730
Edit Category dialog box
AAA rules 732
access rules 660
inspection rules 707
transparent rules 774
web filter rules 753
Edit Client Access Rules dialog box 73
Edit Country Network Codes dialog box 102
Edit Deploy Method dialog box 17
Edit Description dialog box
AAA rules 731
access rules 659
inspection rules 706
transparent rules 773
web filter rules 754
Edit Destinations dialog box 649
AAA rules 719
inspection rules 686
web filter rules 744
Edit Device Groups page 70
Edit Endpoints dialog box 16
Protected Networks tab 24
VPN Interface tab 17
Edit Extended Access Control Entry dialog box 56
Edit Extended Access List page 52
Edit Firewall Option dialog box 654
Edit Firewall Rule dialog box 639
Edit FTP Map dialog box 96
Edit GTP Map dialog box 100
editing
HTTP maps
editing 107
Edit Inspected Protocol dialog box 695
Edit Interface dialog box
AAA rules 725
Edit menu 7
Edit menu, table commands 21
Edit Permit Response dialog box 103
Edit Selected Deployment Method dialog box 18
Edit Service dialog box
access rules 652
web filter rules 748
Edit Sources dialog box 647
AAA rules 717
inspection rules 683
web filter rules 742
Edit Standard Access Control Entry dialog box 62
Edit Standard Access List page 60
Edit state 5
Edit TCP Map dialog box 165
Edit Traffic Flow dialog box 176
Edit Transparent EtherType dialog box 770
Edit Transparent Firewall Rule dialog box 767
Edit Transparent Mask dialog box
transparent rules 771
Edit Web Filter Options dialog box 752
Edit Web Filter Type dialog box 751
EIGRP routing
configuring on Cisco IOS routers 121
defining interface properties 125
defining routes 123
Edit Interfaces dialog box 595
EIGRP Routing Policy page 592
Interface dialog box 597
Interfaces tab 596
redistributing routes 128
Redistribution Mapping dialog box 601
Redistribution tab 599
Setup dialog box 594
Setup tab 593
Encoding tab
HTTP map objects 118
encryption algorithms
3DES (Triple DES) 59
AES (Advanced Encryption Standard) 60
DES (Data Encryption Standard) 59
in IKE proposals 59
endpoints and protected networks
defining in VPN topologies 18
Protected Networks tab 24
understanding 16
VPN Interface tab 17
Entity Length tab
HTTP map objects 110
Errors tab 12
evaluation license
upgrading to permanent license 57
Exclusive Domain Name dialog box
web filter rules 763
exclusive domains
adding (IOS) 120
deleting (IOS) 123
editing (IOS) 122
Exclusive Domains tab
web filter rules 759
exiting
Cisco Security Management Suite server 2
CiscoWorks Common Services 2
Extended IP ACL tab 51
Ext Request Method tab
HTTP map objects 114
F
factory-default configurations 2
failover
PIX/ASA/FWSM
active/active 56
active/standby 56
configuring on 54
stateful 59
stateless 58
types of 56
understanding 55
failover link 55
feature sets 5
File menu 6
files
deploying to 13
selecting 24
Find Node dialog box 17
Firewall AAA IOS Timeout Value Setting dialog box 791
Firewall AAA MAC Exempt Setting dialog box 786
Firewall ACL Setting dialog box 779
Firewall-Inside setup wizard in DM 6500/7600
core network connection, configuring routed port details 136
final configuration, delivering 142
inside network connection, configuring 140
MSFC/Firewall VLAN
firewall context, creating 139
firewall context, selecting 139
VLAN group, selecting 138
service module, selecting 135
summary page 142
firewall mode
changing 28
viewing 484
Firewall-Outside setup wizard in DM 6500/7600
core network connection, configuring 147
final configuration, delivering 148
Firewall/MSFC VLAN, configuring 145
Internet connection, configuring 143
service module, selecting 143
summary page 148
firewall policy properties 3
firewall service module (FWSM)
including in deployment jobs 5, 14
Firewall Service Module Credentials and VPN SPA Slot Location dialog box 19
firewall services
managing 1
Map View 24
Firewall Services Module (FWSM)
configuring 38
configuring with VPNSM 38
FWSM blades 38
FWSM Settings tab (remote access VPN) 849
FWSM tab (site-to-site VPN) 26
see also PIX/ASA/FWSM Platform policies
Firewall Services Module (FWSM) setup in DM 6500/7600
configuring 149
firewall contexts, configuring 159
interfaces
adding 168
configuring 166
editing 170
security contexts
configuring 159
viewing details 163
VLANs
adding to a VLAN group 157
editing in a VLAN group 158
range, entering 155
firewall settings
AAA Firewall page 784
Access Control page 776
access controls
access list compilation 53
configuring settings 56
object group search 48
per user downloadable ACLs (PIX/ASA/FWSM) 51
AuthProxy General tab (IOS) 788
AuthProxy page 787
AuthProxy Timeout tab (IOS) 790
configuring settings
firewall ACL 57
Firewall AAA IOS Timeout Value Setting dialog box 791
Firewall AAA MAC Exempt Setting dialog box 786
Firewall ACL Setting dialog box 779
Inspection page 782
Transparent page 793
Web Filter page 796
Web Filter Server Configuration dialog box 800
firewall system variables 13, 16
Flash memory, amount 484
FlexConfig Editor dialog box 87
FlexConfig objects
ASA samples 7
Cisco IOS samples 9
creating 70
deleting 76
duplicating 71
editing 73
generating usage reports for 75
PIX samples 10
router samples 11
viewing details 74
FlexConfig object variables
deleting 45
FlexConfig policie 217
FlexConfig policies
understanding 35
FlexConfig Policy page 218
FlexConfig Policy Preview dialog box 225
FlexConfigs
adding 40
CLI commands in 2
creating (scenario) 35
deleting 42
editing 41
example 6
managing 1
previewing 44
reordering 43
scripting language
understanding 3
understanding 1
working with 40
FlexConfigs objects page 86
FlexConfig system variables
remote access 34
routers 23
understanding 12
VPNs 24
FlexConfig Undefined Variables dialog box 92
floodguard 97
fragmentation
in remote access VPNs 21
General Settings tab 864
in site-to-site VPNs
General Settings tab 50
understanding 72
maximum transmission unit (MTU) 72
fragments settings 97
frequently asked questions
policy discovery 10
FTP map objects
Add FTP Map dialog box 96
creating 78
deleting 81
duplicating 81
Edit FTP Map dialog box 96
editing 80
FTP Maps page 94
generating usage reports for 83
understanding 77
viewing details 84
FTP Maps page 94
full mesh topologies
description 5
diagram 5
FWSM
see Firewall Services Module (FWSM)
FWSM Settings tab (remote access VPN) 849
G
General page 48
General tab
ASA user group objects 68
HTTP map objects 108
getting started
checklist 13
getting started with Catalyst 6500/7600 Device Manager (DM 6500/7600)
features 3
home page 4
navigating 4
preferences, editing 16
refreshing 16
starting 4
startup configurations, saving 15
user role 17
what to do after starting DM6500/7600 18
getting to know Security Manager
global settings in DM 6500/7600
editing 21
protocol settings 22
GRE (generic routing encapsulation)
advantages of IPSec tunneling with GRE 86
configuring policies 91
for devices with dynamic IP 90
GRE Modes page 59
implementation 87
IPSec technology 8
prerequisites for successful configuration 87
understanding in site-to-site VPNs 86
using DMVPN with 95
GRE Dynamic IP
configuring policies 91
for dynamically addressed spokes 90
IPSec technology 8
group names
modifying 89
groups
add 72
add devices to 71
adding devices to 90
creating 86
deleting 88
group type names
modifying 89
group types
creating 85
deleting 88
GTP map objects
Add Country Network Codes dialog box 102
Add GTP Map dialog box 100
Add Permit Response dialog box 103
creating 85
deleting 90
duplicating 89
Edit Country Network Codes dialog box 102
Edit GTP Map dialog box 100
editing 88
Edit Permit Response dialog box 103
generating usage reports for 91
GTP Maps page 98
GTP Map Timeouts dialog box 105
understanding 85
viewing details 93
GTP Maps page 98
GTP Map Timeouts dialog box 105
GUI timeout
H
Hardware Client Attributes tab
ASA user group objects 81
hash algorithms
in IKE proposals 60
MD5 60
SHA 60
help
accessing 13
help desk users 13
Help menu 12
high availability (HA groups)
configuring 51
High Availability page 34
stateful failover 50
stateless failover 50
understanding 48
History tab 6
hit count
changing displayed results 42
filtering columns 42
sorting columns 43
viewing details 44
generating reports 40
understanding 38
understanding report results 41
Hit Count page 818
home page in DM6500/7600 4
host/domain policies
defining 34
Host/Domain Policy page 519
hostnames
Cisco IOS routers
configuring on 34
hostname settings
configuring on firewall devices 60
HSRP 27
HTTP Credentials dialog box 18
HTTP map objects
creating 95
deleting 108
duplicating 108
editing 107
Extension Request Method tab 101
Ext Request Method tab 114
generating usage reports for 110
HTTP Maps page 106
IOS Specific tab 120
RFC Request Method tab 100, 112
understanding 94
viewing details 111
HTTP Maps page 106
HTTP settings
configuring on firewall devices 44
hub-and-spoke topology
description 3
diagram 3
I
ICMP settings
configuring on firewall devices 45
icons
map elements 4
toolbar reference 13
Identity tab
ASA user group objects 66
idle timeout 3
IGMP
configuring on firewall devices 87
IKE (Internet Key Exchange)
aggressive mode negotiation 58
main mode negotiation 58
proposals 58
understanding 58
IKE keepalive
understanding 69
IKE proposal objects
creating 113
deleting 119
duplicating 115
editing 116
generating usage reports for 118
IKE Proposal dialog box 123
IKE Proposals page 121
understanding 112
viewing details 117
IKE proposals (policies)
configuring 62
configuring on remote access VPN servers 14, 855
IKE Proposal page (remote access VPN) 855
IKE Proposal page (site-to-site VPN) 37
understanding in remote access VPNs 13
IKE tunnels, amount 484
Import Background Image dialog box 20
Import Details pane 5
inheritance
inheriting rules 47
Inherit Rules dialog box 14
understanding 45
Inherit Rules dialog box 14
Inspection page 782
inspection rules
adding 61
Add Inspection Rule dialog box 664
Configure DNS dialog box 697
Configure ESMTP dialog box 700
Configure Fragments dialog box 701
Configure IMAP dialog box 703
Configure POP3 dialog box 704
Configure RPC dialog box 705
Configure SMTP dialog box 698
configuring custom destination ports 65
configuring default inspection traffic 63
configuring destination address and port (IOS) 66
configuring settings 79
configuring source and destination address and port (ASA) 68
copying 76
Custom Protocol dialog box 699
cutting 76
deleting 78
disabling 74
Edit Category dialog box 707
Edit Description dialog box 706
Edit Destinations dialog box 686
editing 70
Edit Inspected Protocol dialog box 695
Edit Inspection Rule dialog box 664
Edit Sources dialog box 683
enabling 74
finding usage 75
generating usage reports 75
Inspection Rules page 661
Limit Inspection Between Source and Destination IP Addresses (ASA) page 671
Match Traffic by Custom Destination Ports page 675
Match Traffic by Destination Address and Port (IOS) page 676
Match Traffic by Source and Destination Address and Port (ASA) page 679
Match Traffic to Default Protocol Ports page 668
moving down 77
moving up 77
pasting 76
Show Destination Contents dialog box 688
Show Interface Contents dialog box 693
Show Service Contents dialog box 691
Show Source Contents dialog box 685
supported features 81
Inspection Rules page 661
installing
Security Manager client 3
interface
status 485
throughput 485
interface management
See ports and interface management in DM 6500/7600
Interface Properties dialog box 25
interface role objects
creating 121
deleting 129
duplicating 123
editing 124
exceptional cases 131
generating usage reports for 128
Interface Name Conflict dialog box 128
Interface Role dialog box 127
Interface Roles page 126
managing overrides 127
override page in Policy Object Manager 208
specifying during policy definition 130
understanding 120
viewing details 126
interface roles
override page in Device Properties 56
Interface Roles Override page 56
interfaces
Cisco IOS routers
available types 6
configuring on 2
Create Router Interface dialog box 488
deleting from 9
generating interface names 8
Interface Auto Name Generator dialog box 493
Router Interfaces page 487
Interface Name Conflict dialog box 128
PIX/ASA/FWSM
checklist for configuring interfaces in multi context mode 9
configuring on 3
enabling traffic between same security levels 4
troubleshooting 19
specifying during policy definition 130
interface timeout 3
interface types supported in DM6500/7600 34
inventory
adding devices to 29
deleting devices from 82
IOS routers
deployment using Token Management Servers (TMS) 13
IOS Specific tab
HTTP map objects 120
IOS Web Filter Rule and Applet Scanner dialog box 759
IP address
management, transparent firewall 283
IP addresses
specifying in policies 152
supported formats 143
IPSec proposals (policies)
configuring for Easy VPN 103
configuring in remote access VPNs 10
configuring in site-to-site VPNs 67
IPSec Proposal Editor (remote access VPN)
IOS and Catalyst 6500/7600 devices 843
PIX and ASA devices 840
IPSec Proposal page (in Easy VPN) 69
IPSec Proposal page (remote access VPN) 837
IPSec Proposal page (site-to-site VPN) 39
understanding in remote access VPNs 9
using crypto maps in 66
using transform sets in 64
IPSec tab
ASA user group objects 70
IPSec technologies
defining 12
DMVPN 8
Easy VPN 8
GRE 8
GRE Dynamic IP 8
mandatory policies 8
optional policies 8
regular IPSec 8
understanding 8
working with policies 8
IPSec transform set objects
creating 135
deleting 140
duplicating 136
editing 137
generating usage reports for 139
IPSec Transform Set dialog box 132
IPSec Transform Sets page 130
supported modes 134
supported protocols 133
understanding 132
viewing details 138
IPSec tunnels
understanding policies 63
IPSec tunnels, amount 484
IPS Manager
managing devices with 82
ISAKMP/IPSec settings
IKE keepalive 69
in remote access VPNs 20
in site-to-site VPNs 69
ISAKMP/IPSec Settings tab (remote access VPN) 860
ISAKMP/IPSec Settings tab (site-to-site VPN) 44
J
job approval 9
job changes 10
job deployment methods
understanding 11
jobs
aborting 42
approving 51
benefits of 2
creating 46
discarding 52
including devices in 10
opening 49
rejecting 51
submitting 50
job states
non-Workflow mode 4
Workflow mode 8
job status
Aborted 8
Approved 8
Deployed 8
Deploying 8
Discarded 8
Edit 8
Edit-In Use 8
Failed 9
Rejected 8
Rolled Back 9
Rolling Back 9
Submitted 8
joined hub-and-spoke topology 7
Join Group tab
description 88
JumpStart 14
K
Kerberos
use by ASA devices 22
L
Layer 2 firewall
license 484
licenses
installing 57
Product Authorization Key (PAK) 57
SecurityManager kit part numbers 57
Software License Claim Certificate 57
understanding 57
upgrading 57
uploading new 57
working with 57
licensing
Settings page 14
Lightweight Directory Access Protocol (LDAP)
use by ASA devices 22
Limit Inspection Between Source and Destination IP Addresses (ASA) page 671
locking
and activities 4
committed configuration 4
devices 48
objects 50
policies 48
understanding 48
VPN topologies 49
logging
Cisco IOS routers
configuring on 80
defining setup parameters 81
defining syslog servers 84
understanding severity levels 80
PIX/ASA/FWSM
configuring on 75
e-mail setup 76
event lists 77
logging filters 79
logging setup 80
rate limit levels 82
server setup 83
syslog servers 85
logging command
class option
message class variables 370
logging in to
Cisco Security Management Suite server 2
logging into
logging policies
Logging Setup Policy page 558
Syslog Server dialog box 565
Syslog Servers Policy page 563
logs
archiving logs 60
Settings page 15
understanding 60
loopback interfaces in DM 6500/7600
adding 80
configuring 77
editing 78
restarting 78
low-latency queuing (LLQ) 93
M
MAC address table
learning, disabling 281
overview 279
MAC exempt address lists
adding 96
deleting 98
editing 97
using 96
macro, definition in DM6500/7600 81
Main toolbar buttons 32
management access settings
configuring on firewall devices 47
maps
access permissions 3
adding existing managed devices 18
adding new managed devices 18
background color 12
background images
deleting 15
importing 13
overview 13
scale and position 15
setting 14
centering elements 9
changing the zoom level 8
creating 3
default map 11
deleting 5
displaying devices from Device View 20
displaying managed devices 17
displaying your network 16
elements, understanding 16
exporting 6
icons 4
Layer 3 automatic connectivity display 24
Layer 3 link
creating 22
deleting 23
displaying 22
layouts, using 9
navigating 7
navigation window 7
objects
adding 21
deleting 21
user created overview 20
opening 4
overview 1
panning 8
refreshing 10
saving 4
searching for elements 10
selecting elements 9
showing containment for Catalyst, ASA, PIX devices 19
understanding 1
undocking window 9
unlinked, using 11
working with 2
Map Settings dialog box 18
Map View
cloning devices 36
context menu
Layer 3 link 12
managed device node 10
map background 13
map objects 13
selected nodes 11
VPN connection 12
copying policies between devices 35
device policies, managing 35
dialog box reference 14
discovering device configurations 37
firewall
AAA rules 26
access rules 25
ACL settings 28
AuthProxy settings 29
inspection rules 25
inspection settings 28
policies 24
services 24
settings 27
transparent rules 27
web filter rules 26
web filter settings 29
icons for elements 4
main page 1
menus 8
navigation window 7
previewing device configurations 37
sharing device policies 36
toolbar reference 6
user interface reference 1
VPNs
adding or removing tunnels 33
creating 30
creating full mesh or hub and spoke 31
creating point-to-point 30
displaying existing 33
editing peers 33
editing policies 32
listing peers 34
managing 30
Map view
Autolink Settings page 2
Match Traffic by Custom Destination Ports page
inspection rules 675
Match Traffic by Destination Address and Port (IOS) page
inspection rules 676
Match Traffic by Source and Destination Address and Port (ASA) page
inspection rules 679
Match Traffic to Default Protocol Ports
inspection rules 668
maximum transmission unit (MTU) 72
MD5 hash algorithm 60
memory, amount
Flash 484
memory usage 485
menu reference
Activities 12
Edit 7
Edit, table commands 21
File 6
Help 12
overview 6
Policy 8
Tools 11
View 8
message classes
list of 370
messages
classes of
list of classes 370
model 484
additional types 11
for objects 9
for policies 8
MRoute page
description 89
MST mode in DM6500/7600, and STP data 111
multicast routing
PIX/ASA/FWSM
configuring on 86
enabling 86
IGMP 87
multicast routes 89
PIM 90
multicast traffic 28
Multilayer Switch Feature Card (MSFC)
Firewall-Inside setup wizard in DM 6500/7600
final configuration, delivering 142
firewall context, creating 139
firewall context, selecting 139
inside network connection, configuring 140
MSFC-Firewall VLANs, configuring 136
service module, selecting 135
summary page 142
VLAN group, selecting 138
Firewall-Outside setup wizard in DM 6500/7600 143
core network connection, configuring 147
final configuration, delivering 148
Firewall-MSFC VLAN, configuring 145
inside network connection, configuring 147
Internet connection, configuring 143
service module, selecting 143
summary page 148
multiple users
activities 5
deployment jobs and 10
N
NAT traversal 71
network/host objects
creating 143
deleting 151
duplicating 145
editing 146
generating usage reports for 150
managing overrides 149
Network/Host dialog box 136
Networks/Hosts page 134
override page in Device Properties 57
override page in Policy Object Manager 209
provisioning as PIX object groups 265
supported IP address formats 143
understanding 142
viewing details 148
network access device (NAD) 70
Network Access Restriction (NAR) 21
Network Address Translation (NAT)
Cisco IOS routers
configuring on 10
creating dynamic rules 20
creating static rules 13
designating interfaces 11
Dynamic Rule dialog box 504
Dynamic Rules tab 503
Edit Inside Interfaces dialog box 496
Edit Outside Interfaces dialog box 497
Interface Specification tab 495
NAT Policy page 494
specifying timeouts 24
Static Rule dialog box 499
Static Rules tab 498
Timeouts tab 507
configuring in remote access VPNs 20
configuring in site-to-site VPNs 70
configuring NAT traversal 71
NAT Settings tab (remote access VPN) 863
NAT Settings tab (site-to-site VPN) 48
PIX/ASA/FWSM
Address Pool dialog box 231
Address Pools page 230
clearing XLATE on deployment 102
configuring on 19
configuring translation options 21
defining address pools 20
defining dynamic translation rules 23
defining policy-based dynamic translation rules 24
defining static translation rules 25
defining translation exemptions (NAT 0 ACL) 22
Translation Options page 232
Translation Rules page 233
understanding 20
viewing translation rules 26
network administrators
in Cisco Secure ACS 16
in CiscoWorks 13
Network Admission Control (NAC)
Cisco Trust Agent 70
components 70
configuring on Cisco IOS routers 68
defining identity parameters 77
defining interface parameters 74
defining setup parameters 72
Identities tab 554
Identity Action dialog box 557
Identity Profile dialog box 556
Interface Configuration dialog box 552
Interfaces tab 551
NAC Policy page 548
network access device (NAD) 70
Setup tab 549
supported platforms 69
understanding system flow 71
network device groups (NDGs)
activating NDG feature 28
associating with roles and user groups 38
configuring in Cisco Secure ACS 38
creating 29
network operators 13
networks
adding devices from 32
Device Credentials page 38
Device Grouping page 40
Device Information page 34
Networks/Hosts Override page 57
Network Time Protocol
Network Time Protocol (NTP)
Cisco IOS routers
configuring on 51
creating NTP servers 51
NTP Policy page 531
NTP Server dialog box 533
new devices
adding 49
Device Credentials page 38
Device Grouping page 40
Device Information page 51
Node Properties dialog box' 24
Non-Workflow mode
main toolbar buttons 32
viewing
deployment device details 45
non-Workflow mode 45
comparing with Workflow mode 41
configuration files
deploying in 34
previewing 38
rolling back 43
deployment 3
taskflow 3
deployment jobs
aborting 42
states 4
Deployment Manager window 2
Deployment Status Details dialog box 6
Deploy Saved Changes dialog box 3
disabling 43
enabling 43
Preview Config dialog box 8
selecting 39
understanding 41
NTP
configuring on firewall devices 69
NTP broadcast settings in DM 6500/7600, configuring
date and time settings 29
NTP servers and peers 31
O
object group search
enabling 49
understanding 48
objects
AAA server groups
creating 9
deleting 18
duplicating 12
editing 13
generating usage reports for 17
managing overrides 16
viewing details 15
AAA servers
creating 24
deleting 30
duplicating 26
editing 27
generating usage reports for 29
viewing details 28
access control lists
creating 35
deleting 42
duplicating 41
editing 40
extended objects 35
generating usage reports for 44
standard objects 38
understanding 32
viewing details 45
ASA user groups
Client Configuration tab 54
Client Firewall Attributes tab 57
creating 47
deleting 64
duplicating 63
editing 62
General tab 50
generating usage reports for 65
Hardware Client tab 61
Identity tab 49
IPSec tab 53
understanding 45
viewing details 67
categories
editing 69
FlexConfigs
creating 70
deleting 76
duplicating 71
editing 73
example 6
FlexConfig Editor dialog box 87
FlexConfigs Objects page 86
FlexConfig Undefined Variables dialog box 92
generating usage reports for 75
system variables 12
understanding 2
viewing details 74
FTP maps
creating 78
deleting 81
duplicating 81
editing 80
generating usage reports for 83
understanding 77
viewing details 84
GTP maps
creating 85
deleting 90
duplicating 89
editing 88
generating usage reports for 91
understanding 85
viewing details 93
HTTP maps
creating 95
deleting 108
duplicating 108
Encoding tab 105
Entity Length tab 98
Extension Request Method tab 101
General tab 96
generating usage reports for 110
Port Misuse tab 103
RFC Request Method tab 100
understanding 94
viewing details 111
IKE proposals
creating 113
deleting 119
duplicating 115
editing 116
generating usage reports for 118
viewing details 117
interface roles
creating 121
deleting 129
duplicating 123
editing 124
generating usage reports for 128
managing overrides 127
viewing details 126
IPSec transform sets
creating 135
deleting 140
duplicating 136
editing 137
generating usage reports for 139
viewing details 138
locking
effects on activities 4
networks/hosts
creating 143
deleting 151
duplicating 145
editing 146
generating usage reports for 150
managing overrides 149
viewing details 148
Object Type selector 31
overview 12
PKI enrollments
creating 155
deleting 170
duplicating 164
editing 165
generating usage reports for 169
managing overrides 168
viewing details 167
port lists
creating 172
deleting 180
duplicating 174
editing 175
generating usage reports for 178
managing overrides 177
viewing details 176
provisioning as PIX object groups 264
service groups
creating 192
deleting 199
duplicating 194
editing 195
generating usage reports for 198
managing overrides 197
viewing details 196
services
creating 182
deleting 189
duplicating 184
editing 185
generating usage reports for 188
managing overrides 187
viewing details 186
TCP maps
creating 201
deleting 205
duplicating 204
editing 203
generating usage reports for 206
understanding 200
viewing details 207
text
creating 209
deleting 215
duplicating 210
editing 211
generating usage reports for 213
managing overrides for 214
Text Object Editor dialog box 169
Text Objects page 167
viewing details 212
Text objects
Create Text Object dialog box 91
Property Selector dialog box 93
time ranges
creating 217
deleting 224
duplicating 220
editing 221
generating usage reports for 223
viewing details 222
Traffic flows
creating 225
default inspection traffic with access list 228
deleting 233
duplicating 233
editing 232
generating usage reports for 235
IP diffserv codepoints (DSCPs) 232
IP precedence bits 230
RTP ranges 229
source and destination IP addresses 227
TCP or UDP destination ports 228
tunnel groups 230
viewing details 236
traffic flows
understanding 225
user groups
creating 238
deleting 249
duplicating 244
editing 245
generating usage reports for 248
viewing 247
object selectors 199
Create Filter dialog box 202
filtering 260
filtering options per object type 262
using 256
Object Type selector 31
object variables
FlexConfig
deleting 45
understanding 6
Openable Activities dialog box 17
Open Map dialog box 15
OSPF
authentication support 93
configuring on firewall devices 93
interaction with NAT 93
LSAs 93
OSPF interfaces
blocking LSA flooding 145
defining on Cisco IOS routers 139
disabling MTU mismatch detection 144
Interface dialog box 605
OSPF Interface Policy page 603
understanding
authentication 148
cost 143
network types 147
priority 143
timer settings 146
OSPF parameters
dead interval 454
hello interval 454
retransmit interval 454
transmit delay 454
OSPF redistribution
defining mappings 135
defining maximum prefix values 137
understanding 134
OSPF routing
Cisco IOS routers
Area dialog box 615
Area tab 614
configuring on 130
defining area settings 132
defining interface settings 139
defining setup parameters 131
Edit Interfaces dialog box 613
Max Prefix Mapping dialog box 621
OSPF Process Policy page 610
redistributing routes 134
Redistribution Mapping dialog box 619
Redistribution tab 617
Setup dialog box 612
Setup tab 611
OS version mismatches
handling 14
overview
policies 11
workflow 12
P
partial mesh topologies 7
Peers page 7
Performance Monitor
licensing 58
permanent license
upgrading from evaluation license 57
per user downloadable ACLs (PIX/ASA/FWSM)
enabling 52
understanding 51
PIM
configuring on firewall devices 90
PIX
FlexConfig object samples 10
PIX/ASA/FWSM Platform policies
configuring AAA 30
configuring AUS settings 62
configuring banners 36
configuring boot image and configuration settings 38
configuring bridging 27
configuring clock 39
configuring console timeout settings 43
configuring contact credentials 41
configuring device access 42
configuring device administration policies 29
configuring DHCP relay 64
configuring DHCP servers 65
configuring DNS 67
configuring failover 54
configuring fragment settings 97
configuring hostname settings 60
configuring HTTP settings 44
configuring ICMP settings 45
configuring interfaces 3
configuring logging 75
configuring management access settings 47
configuring multicast routing 86
configuring NAT 19
configuring NTP 69
configuring resources on FWSMs 61
configuring routing 91
configuring Secure Shell (SSH) 48
configuring security contexts 103
configuring security policies 96
configuring server access settings 61
configuring service policy rules 101
configuring SMTP servers 71
configuring SNMP 49
configuring SSH 48
configuring Telnet 53
configuring TFTP servers 72
configuring timeouts 100
configuring user accounts 73
configuring user preferences 102
enabling anti-spoofing 97
enabling floodguard 97
enabling Unicast Reverse Path Forwarding 97
PIX/FWSM/ASA Rules dialog box 735
PIX firewalls
see also PIX/ASA/FWSM Platform policies
PIX object groups
converting policy objects to 264
provisioning network/host objects as 265
provisioning port list objects as