-
User Guide for Cisco Security Manager 3.0.2
-
Preface
-
Getting to Know Security Manager
-
Performing Administrative Tasks
-
Working With the Security Manager User Interface
-
Using Map View
-
Managing Devices
-
Managing Policies
-
Managing Activities
-
Managing Objects
-
Managing Site-to-Site VPNs
-
Managing Remote Access VPNs
-
Managing Firewall Services
-
Managing Routers
-
Managing Firewall Devices
-
Using the Catalyst 6500/7600 Device Manager
-
Managing Deployment
-
Using Tools
-
Devices User Interface Reference
-
Site-to-Site VPN User Interface Reference
-
Policy User Interface Reference
-
Map View User Interface Reference
-
Tools User Interface Reference
-
Administrative Settings User Interface Reference
-
Activities User Interface Reference
-
Deployment User Interface Reference
-
Index
-
Table Of Contents
Devices User Interface Reference
Add Device from Network Wizard
Device Information Page—Network
Auto Update Server Properties Dialog Box
Available Auto Update Servers Dialog Box
Rx-Boot Mode Credentials Dialog Box
FWSM Credentials and VPN SPA Slot Location Dialog Box
Add Device(s) from Config File Wizard
Device Information Page—Config File
Device Information Page—New Device
CNS-Configuration Engine Properties Dialog Box
Available Configuration Engines Dialog Box
Device Delete Validation Details Dialog Box
Create a Clone of <device name> Page
AAA Server Groups Override Page
Device Policies Shortcut Menu Options
Device Group Shortcut Menu Options
Devices User Interface Reference
The following topics describe the user interface information for the Devices page:
•
Add Device from Network Wizard
•
•
•
•
•
•
Devices Page
Use the Devices page to view device information, to add, edit, or delete devices, and to assign policies to specific devices.
Navigation PathTo open this page, click the Device View button in the toolbar.
Related Topics•
The Devices page contains two panes (Figure 5-1). The left pane contains the following two elements:
•
Device Selector.•
The right pane is the main content area. For more information, see Contents Pane.
Device Selector
Use the Device selector to filter, add, and delete devices from the Security Manager inventory.
Related Topics•
Field Reference
Table A-1 Device Selector
Filter
Enables you to filter and display a subset of devices based on the filtering criteria you define. For more information, see Create Filter Dialog Box.
Add button
Opens the New Device - Choose Method wizard page that provides options, which enable you to add devices to the Security Manager inventory.
Delete button
Removes the selected device from the Security Manager inventory.
Device Tree
Lists all device groups and devices added to or created in Security Manager. Each device type is represented by an icon. For information about the icons, see Figure 5-2.
Create Filter Dialog Box
Use the Create Filter dialog box to filter and display a subset of devices based on the filtering criteria you define.
Navigation PathSelect Create Filter from the Filter field in a selector tree.
Related Topics•
Field Reference
Table A-2 Create Filter Dialog Box
Match Any of the Following
When clicked, creates an "or" relationship between all filter controls that you created in the filter control area.
For example, you add the following two controls in the filter control area:
•
•
If you click OK, the two filter controls are combined into one filter with an "or" in between them.
Name contains a or Type is ASAThis filter is then available from the arrow in the Filter field.
If you select this filter option, the Device selector displays devices that contain an "a" in their name or all devices that are ASA devices. See Filter Control Relationship Example, page 5-28.
Match All of the Following
When clicked, creates an "and" relationship between all the filter controls that you created in the filter control area.
For example, you add the following two controls in the filter control area:
•
•
After you click OK, the two filter controls are combined into one filter with an "and" in between them.
Name contains a and Type is ASAThis filter is then available from the arrow in the Filter field.
If you select this filter option, the Device selector displays all devices that have an "a" in their names and that are ASA devices because only devices that match both criteria are displayed. So only ASA devices that contain "a" in their device name are displayed. See Filter Control Relationship Example, page 5-28.
First Field—Filter Type
Provides two options:
•
•
Second Field—Filter Relation
Enables you to narrow the filter results by defining additional parameters. This field establishes a relationship between the filter type and the filter value fields.
•
–
–
–
–
–
–
•
–
–
Third Field—Filter Value
•
•
–
–
–
–
–
–
–
–
–
Filter Control Content Area
Displays all the filter controls that you created. Filter controls are the filter name, filter relation, and filter value that you selected in a row format.
Add button
Adds a row of filter controls in the Filter Control Content area based on the filter name, filter relation, and filter value that you selected.
Remove button
Removes the selected row of filter control from the Filter Control Content area.
OK button
Saves your changes and closes the dialog box.
Cancel button
Closes the dialog box without saving your changes.
Help button
Opens help for this dialog box.
Policies Selector
Use the Polices selector located in the bottom left pane of the Devices page to display policies for the device types you select in the Device selector.
Based on the device you select in the Device selector, policies appropriate to that device type are displayed in the Policies selector. For details, see Working with Device Policies, page 5-81.
Related Topics
•
•
Contents Pane
Use the Contents pane to view information. The information displayed in the Contents pane depends on the device you selected from the Device selector and the option you selected from the Policies selector.
Related Topics
•
Add Device from Network Wizard
To add a device from the network, click the Add button in the Device selector. The New Device - Choose Method wizard page appears with four options. Select Add Device from Network, then click Next.
The following topics describe the pages in the Add Device from Network wizard:
•
Device Information Page—Network
Use the Device Information page of the Add Device from Network wizard to add device information.
Navigation PathYou can access the Device Information page from the Add Device from Network wizard. Click the Add button in the Device selector, select Add Device from Network, then click Next.
Related Topics•
•
•
•
•
Field Reference
Table A-3 Device Information Page in Add Device from Network Wizard
IP Type
Provides two options:
•
•
The device information fields displayed differ, depending on whether you select static or dynamic.
Hostname
Displayed for static IP types only.
The DNS hostname for the device. Enter the DNS hostname if the IP address is not known.
The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following character: -
Note
Two devices cannot have the same DNS hostname and domain name combination. For more information, see Cannot Add a DNS Hostname and Domain Name Combination that Exists in DCR, page 5-75.
Domain Name
Displayed for static IP types only.
The DNS domain name for the device.
The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following characters: . -
IP Address
Displayed for static IP types only.
The management IP address of the device.
Valid characters are . and 0-9. The IP address must be in the dotted quad format, for example, 192.64.3.8.
Note
Display Name
For static IP types—Displays the hostname, which you can change. When you enter the hostname, it is entered automatically in the Display Name field.
For dynamic IP types—Enter the name that you want displayed for the device.
The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following characters: _ - . : and space
Note
If the display name you enter already exists in DCR, a dialog box appears. See Cannot Add a Display Name that Exists in DCR, page 5-74.
Device Identity
Displayed for dynamic IP types only.
The string value that uniquely identifies the device in Auto Update Server.
CNS Gateway
Displayed for dynamic IP types only.
Enables you to select or add an Auto Update Server that is running the CNS Gateway protocol.
If the Auto Update Server does not appear in the list, select + Add Auto Update Server... to display the Auto Update Server Properties dialog box. For a description of the fields in the page, see Auto Update Server Properties Dialog Box.
Security Manager communicates with the AUS server running the CNS Gateway protocol to retrieve the IP address of an IOS device, then discovers directly from the IOS device.
Note
Note
OS Type
The family of the operating system running on the device:
For static IP types: IOS, Catalyst 6500/7600, ASA, FWSM, or PIX
For dynamic IP types: IOS
System Context
Discovers the device as a system context instead of a security context.
Select the system context check box if the device you are adding is a PIX Firewall 7.0, ASA, or FWSM device that meets the following criteria:
•
•
Discover
Provides the following discovery options:
•
When policy discovery is initiated, the system analyzes the configuration on the device, then imports the configured service and platform policies into Security Manager to be managed. When inventory discovery is initiated, the system analyzes the interfaces on the device and then imports them into Security Manager to be managed. If the device is a composite device, all the service modules in that device are discovered.
If you select this option, the following policies are displayed:
–
This is the default option.
–
This is the default option.
–
•
•
Back button
Returns to the previous wizard page.
Next button
Advances to the next wizard page.
Cancel button
Closes the wizard without saving your changes.
Help button
Opens help for this page.
Auto Update Server Properties Dialog Box
Use the Auto Update Server Properties dialog box to provide the Auto Update Server properties information.
Navigation PathSelect + Add Auto Update Server... from the CNS Gateway field in the Device Information page of the Add Device from Network wizard.
Related Topics•
•
•
Field Reference
Available Auto Update Servers Dialog Box
Use the Available Auto Update Servers dialog box to select, edit, or add an Auto Update Server.
Navigation PathSelect Edit Auto Update Servers from the CNS Gateway field in the Device Information page of the Add Device from Network wizard.
Related Topics•
•
•
•
Field Reference
Table A-5 Available Auto Update Servers Dialog Box
Display Name
The name that is displayed for the Auto Update Server.
IP Address
The IP address of the Auto Update Server.
Server Name
The hostname of the Auto Update Server.
Domain Name
The domain name of the Auto Update Server.
Create button
Enables you to add a new Auto Update Server. When clicked, opens the Auto Update Server Properties dialog box. For a description of the elements, see Auto Update Server Properties Dialog Box.
Edit button
Enables you to edit the Auto Update Server information. When clicked, opens the Auto Update Server Properties dialog box. For a description of the elements, see Auto Update Server Properties Dialog Box.
OK button
Saves your changes and closes the dialog box.
Cancel button
Closes the dialog box without saving your changes.
Help button
Opens help for this dialog box.
Device Credentials Page
Use the Device Credentials page to add credentials for the device. For information about device credentials, see Understanding Device Credentials, page 5-71.
Note
Navigation PathYou can access the Device Credentials page from the Add Device from Network and from the Add New Device wizards. To access the wizards, click the Add button in the Device selector, then select the appropriate add device method.
Related Topics•
•
•
•
Field Reference
Table A-6 Device Credentials Page
Username
The username for logging into the device.
Password
The password for logging into the device. In the Confirm field, enter the password again.
Enable Password
The password that activates enable mode on a device if enable mode is configured on that device. In the Confirm field, enter the enable password again.
Username
The SDEE username.
Password
The SDEE password. In the Confirm field, enter the SDEE password again.
HTTP Port
Port 80.
HTTPs Port
Port 443.
Certificate Common Name
The name assigned to the certificate. The common name can be the name of a person, system, or other entity that was assigned to the certificate. In the Confirm field, enter the common name again.
Mode
HTTP or HTTPS.
For more information, see Rx-Boot Mode Credentials Dialog Box
For more information, see SNMP Credentials Dialog Box
For more information, see HTTP Credentials Dialog Box
Back button
Returns to the previous wizard page.
Next button
Advances to the next wizard page.
Finish button
Saves your wizard definitions and closes the wizard.
After you click Finish, the system performs device validation tasks. If the data you entered is incorrect, the system generates error messages and displays the wizard page where the error occurs with a red error icon corresponding to it. Otherwise, the Task Status page appears, displaying the status of the device import and discovery.
Cancel button
Closes the wizard without saving your changes.
Help button
Opens help for this page.
Rx-Boot Mode Credentials Dialog Box
Use the RX-Boot Mode Credentials dialog box to add RX-Boot mode credentials.
Navigation PathYou can access the RX-Boot Mode Credentials dialog box from the Device Credentials page in the Add Device from Network and the Add New Device wizards. To access the wizards, click the Add button in the Device selector, then select the appropriate add device method.
Related Topics•
Field Reference
SNMP Credentials Dialog Box
Use the SNMP Credentials dialog box to add SNMP credentials.
Navigation PathYou can access the SNMP Credentials dialog box from the Device Credentials page in the Add Device from Network and the Add New Device wizards. To access the wizards, click the Add button in the Device selector, then select the appropriate add device method.
Related Topics•
Field Reference
HTTP Credentials Dialog Box
Use the HTTP Credentials dialog box to add HTTP credentials.
Navigation PathYou can access the HTTP Credentials dialog box from the Device Credentials page in the Add Device from Network and the Add New Device wizards. To access the wizards, click the Add button in the Device selector, then select the appropriate add device method.
Related Topics•
•
Field Reference
FWSM Credentials and VPN SPA Slot Location Dialog Box
Use the Firewall Service Module Credentials and VPN SPA Slot Location dialog box to add FWSM credentials and Catalyst VPN Shared Port Adapter (VPN SPA) subslot locations.
Navigation PathAfter you have successfully added a Catalyst 6500/7600 device as described in Adding Devices from the Network, you are asked if you want to proceed with FWSM inventory and policy discovery. If you click Yes, the Firewall Service Module Credentials and VPN SPA Slot Location window appears.
Related Topics•
•
•
Field Reference
Table A-10 Firewall Service Module Credentials and VPN SPA Slot Location Dialog Box
Management IP
The management IP address for the FWSM.
Although this is optional, we recommend that you enter the management IP address because:
•
•
For FWSM failover management, the management IP address serves as a logical address to connect to an active FWSM. Without the management IP address, Security Manager might connect to a standby FWSM after a failover switch.
Username
The username for the FWSM.
If the device you are adding is a multi-mode FWSM, and you entered the management IP address, you must configure the same username, password, and enable password for both System Space and Admin Context in the Catalyst 6500/7600 device and enter those credentials in this field. For details, see Adding Catalyst 6500/7600 Devices from the Network, page 5-42.
Password
The password for the FWSM. In the Confirm field, enter the password again.
If the device you are adding is a multi-mode FWSM, and you entered the management IP address, you must configure the same username, password, and enable password for both System Space and Admin Context in the Catalyst 6500/7600 device and enter those credentials in this field. For details, see Adding Catalyst 6500/7600 Devices from the Network, page 5-42.
Enable Password
The enable password for the FWSM. In the Confirm field, enter the password again.
If the device you are adding is a multi-mode FWSM, and you entered the management IP address, you must configure the same username, password, and enable password for both System Space and Admin Context in the Catalyst 6500/7600 device and enter those credentials in this field. For details, see Adding Catalyst 6500/7600 Devices from the Network, page 5-42.
Discover Policies check box
Discovers policies for the FWSM. This check box is selected by default.
If you deselect the check box, only inventory data, such as VLAN configuration, security contexts, and interfaces are discovered. You can discover the policy configuration later by right-clicking an FWSM, then selecting Discover Policies on Device.
VPN SPA Slots
The location of any Cisco IPSec VPN SPA installed on the device. Each slot is divided into two subslots that can hold one to two VPN SPAs. Enter the slot and subslot location of each installed VPN SPA, separated by a comma.
You can also click Select to open the VPN SPA Slot Selector from which you can select the slot and subslot locations from a list. For more information about configuring a VPN SPA blade, see Configuring a Catalyst VPN Shared Port Adapter (VPN SPA) Blade, page 9-33.
OK button
Saves your changes and closes the dialog box.
Cancel button
Closes the dialog box without saving your changes.
Help button
Opens help for this dialog box.
VPN SPA Slots Dialog Box
Use the VPN SPA Slots dialog box to add the locations of any VPN SPAs installed on Catalyst 6500/7600 devices.
Navigation PathAfter you have successfully added a Catalyst 6500/7600 device as described in Adding Devices from the Network, you are asked if you want to proceed with FWSM inventory and policy discovery. If you decide not to discover service modules and policies at this time by clicking No, the VPN SPA Slots Dialog Box appears.
Related Topics•
•
•
•
Field Reference
Table A-11 VPN SPA Slots Dialog Box
VPN SPA Slots
The location of any VPN SPAs installed on the device. Each slot is divided into two subslots that can hold one to two VPN SPAs. Enter the slot and subslot location of each VPN SPA installed, separated by a comma.
You can also click Select to open the VPN SPA Slot Selector in which you can choose the slot and subslot locations from a list. For more information about configuring a VPN SPA blade, see Configuring a Catalyst VPN Shared Port Adapter (VPN SPA) Blade, page 9-33.
Select button
Opens the VPN SPA Slot selector. For details see VPN SPA Slot Selector.
OK button
Saves your changes and closes the dialog box.
Cancel button
Closes the dialog box without saving your changes.
Help button
Opens help for this dialog box.
VPN SPA Slot Selector
Use the VPN SPA Slot selector to add the locations of any Cisco VPN SPAs (VPN SPAs) installed on Catalyst 6500/7600 devices. A slot can hold two separate VPN SPAs, therefore you must enter a subslot number. The subslot number for the first subslot is 0, and for the second one is 1.
Navigation PathYou can access the VPN SPA Slot selector in one of two ways:
•
•
For the procedure, see Adding VPN SPA Slot Locations, page 5-44.
Related Topics•
•
•
Field Reference
Table A-12 VPN SPA Slot Selector
Available Slots/Subslots
Contains two elements:
•
•
>> button
<< button
Moves the selected slots from one pane to the other pane.
Selected Slots/Subslots
Displays all the Slot/Subslots that you selected.
OK button
Saves your changes and closes the dialog box.
Cancel button
Closes the dialog box without saving your changes.
Help button
Opens help for this dialog box.
Device Grouping Page
Use the Device Grouping page to assign devices to groups.
Navigation PathYou can access the Device Grouping page from all of the add device wizards. For the procedures, see:
•
•
•
•
Related Topics•
•
•
•
•
Field Reference
Table A-13 Device Grouping Page
Group Types, such as Department and Location
The group type, for example, Department or Location, into which the device will be grouped. Enables you to select an existing group or to create a new group under a group type.
To create a new group, click the arrow, then select Edit Groups. The Edit Device Groups page appears. For a description of the fields in this page, see Edit Device Groups Page.
Set values as default
When selected, sets the current values as defaults. These values are defaults for adding and editing device groups later.
Back button
Returns to the previous wizard page.
Finish button
Saves your wizard definitions and closes the wizard.
After you click Finish, the system performs device validation tasks. If the data you entered is incorrect, the system generates error messages and displays the wizard page where the error occurs with a red error icon corresponding to it. Otherwise, the Task Status page appears, displaying the status of the device import and discovery.
Cancel button
Closes the wizard without saving your changes.
Help button
Opens help for this page.
Add Device(s) from Config File Wizard
To add a device from a config file, click Add in the Device selector. The New Device - Choose Method wizard page appears with four options. Select Add Devices from Config File, then click Next.
The following topics describe the pages in the Add Device from Config File wizard:
•
Device Information Page—Config File
Use the Device Information page of the Add Device from Config File wizard to add device information.
Navigation PathYou can access the Device Information page from the Add Device from Config File wizard. Click the Add button in the Device selector, select Add Device from Config File, then click Next.
Related Topics•
•
•
Field Reference
Table A-14 Device Information Page in Add Device from Config File Wizard
Device Type selector
Organizes the devices by device-type and device-family. Select the device type for the new device.
Note
System object IDs for that device type are displayed in the SysObjectId field.
SysObjectId
The system object IDs for the device type you selected from the Device Type selector.
When you click the device type from the Device Type selector, the system object IDs for that particular device are displayed in this field.
When you specify the device type, the first available system object ID of the first device type is selected by default. You can select another one if needed.
Configuration Files
Enter the full path to the directory containing the device configuration files, or click Browse to navigate to the directory.
Browse button
Opens the Choose Files dialog box, which enables you to navigate and locate the device configuration files. For elements in this page, see Choose Files Dialog Box.
Discover
Provides the following discovery options:
•
When policy discovery is initiated, the system analyzes the configuration on the device, then imports the configured service and platform policies into Security Manager to be managed. When inventory discovery is initiated, the system analyzes the interfaces on the device and then imports them into Security Manager to be managed. If the device is a composite device, all the service modules in that device are discovered.
If you select this option, the following policies are displayed:
–
This is the default option.
–
This is the default option.
•
•
Back button
Returns to the previous wizard page.
Next button
Advances to the next wizard page.
Finish button
Saves your wizard definitions and closes the wizard.
After you click Finish, the system performs device validation tasks. If the data you entered is incorrect, the system generates error messages and displays the wizard page where the error occurs with a red error icon corresponding to it. Otherwise, the Task Status page appears, displaying the status of the device import and discovery.
Cancel button
Closes the wizard without saving your changes.
Help button
Opens help for this page.
Choose Files Dialog Box
Use the Choose Files dialog box to navigate and locate the device configuration file.
Navigation PathClick the Browse button in the Device Information page of the Add Device from Config File wizard.
Related Topics•
Field Reference
Device Grouping Page
For elements in the Device Grouping page, see Device Grouping Page.
Add New Device Wizard
To add a single device, click Add in the Device selector. The New Device - Choose Method wizard page appears with four options. Select Add New Device, then click Next.
The following topics describe the pages in the Add New Device wizard:
•
Device Information Page—New Device
Use the Device Information page of the Add New Device wizard to add device information.
Navigation PathYou can access the Device Information page from the Add New Device wizard. Click the Add button in the Device selector, select Add New Device, then click Next.
Related Topics•
•
•
•
Field Reference
Table A-16 Device Information Page in Add New Device Wizard
Device Type selector
Organizes the devices by device-type and device-family.
Select the device type for the new device. System object IDs for that device type are displayed in the SysObjectId field.
Selected Device Type
Displays the device type you selected in the Device Type selector.
SysObjectId
The system object IDs for the device type you selected from the Device Type selector.
The first system object ID is selected by default. You can select another one if needed.
IP Type
Provides two options: Static or Dynamic. Depending on the IP type you select, the displayed fields differ.
Hostname
Displayed for static IP types only.
The DNS hostname for the device. Enter the DNS hostname if the IP address is not known.
The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following character: -
Note
Two devices cannot have the same DNS hostname and domain name combination. For more information, see Cannot Add a DNS Hostname and Domain Name Combination that Exists in DCR, page 5-75.
Domain Name
Displayed for static IP types only.
The DNS domain name for the device.
The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following characters: . -
IP Address
Displayed for static IP types only.
The management IP address of the device.
Valid characters are. and 0-9. The IP address must be in the dotted quad format, for example 192.64.3.8.
Note
Note
Display Name
Displays the hostname, which you can change. When you enter the hostname, the same name is entered automatically in the Display Name field.
The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following characters: _ - . : and space
Note
Note
OS Type
Based on the device type, the OS type is selected automatically.
Image Name
The name of the image.
Target OS Version
The target OS version for which you want to apply the configuration.
Contexts
This field is displayed only if the OS type is an FWSM, ASA, or PIX Firewall 7.0. The two options available are: Single or Multi.
Operational Mode
This field is displayed only if the OS type is an FWSM, ASA, or PIX Firewall 7.0. The two options available are: Transparent, Routed, or Mixed (Mixed applies only to FWSM 3.1 when the Contexts is Multi).
Note
Server
Enables you to select or add an Auto Update Server or a Configuration Engine.
If the server does not appear in the list, select + Add Server... to display the Server Properties dialog box. For a description of the fields in the page, see Server Properties Dialog Box.
Device Identity
The string value that uniquely identifies the device in Auto Update Server or the Configuration Engine.
Note
Server
Depending on the IP type selected, Static or Dynamic, different information is displayed:
•
If the Configuration Engine does not appear in the list, select + Add Configuration Engine... to display the CNS-Configuration Engine Properties dialog box. For a description of the fields in the page, see CNS-Configuration Engine Properties Dialog Box.
•
If the server does not appear in the list, select + Add Server... to display the Server Properties dialog box. For a description of the fields in the page, see Server Properties Dialog Box.
Device Identity
The string value that uniquely identifies the device in Auto Update Server or the Configuration Engine.
Manage in Cisco Security Manager
When selected, Security Manager manages the device. This check box is selected by default.
If the only function of the device you are adding is to serve as a VPN end point, this check box should be deselected. Security Manager will not manage configurations nor will it upload or download configurations on this device.
Security Context of Unmanaged Device
This field is active only if the device you selected in the Device selector is a firewall device, such as PIX Firewall, ASA, or FWSM and that firewall device supports security context.
When selected, manages a security context, whose parent (PIX Firewall, ASA, or FWSM) is not managed by Security Manager.
You can partition a PIX Firewall, ASA, or FWSM into multiple security firewalls, also known as security contexts. Each context is an independent system, with its own configuration and policies. You can manage these standalone contexts in Security Manager, even though the parent (PIX Firewall, ASA, or FWSM) is not managed by Security Manager. For more information, see Configuring Security Contexts on Firewall Devices, page 13-103.
Note
Manage in IPS Manager
This field is active only if the device you selected in the Device selector is a Cisco IOS router. When selected, manages the Cisco IOS router in IPS Manager.
Note
If the selected device is IDS, this field is not active, but the check box is selected because IPS Manager manages IDS sensors.
If the selected device is PIX Firewall, ASA, or FWSM, this field is not active because IPS Manager does not manage these device types.
Note
Back button
Returns to the previous wizard page.
Next button
Advances to the next wizard page.
Finish button
Saves your wizard definitions and closes the wizard.
When you click Finish, the system performs device validation tasks. If all looks okay, the wizard definitions are saved and the wizard closes. The device is added to the inventory and it appears in the Device selector.
If errors are found, the system generates error messages and displays the wizard page where the error occurs.
Cancel button
Closes the wizard without saving your changes.
Help button
Opens help for this page.
Server Properties Dialog Box
Use the Server Properties dialog box to provide the Auto Update Server or Configuration Engine properties information.
Navigation PathClick the + Add Server... from the Server field in the Device Information page of the Add New Device wizard. For detailed procedure, see Adding an Auto Update Server or Configuration Engine When Adding a New Device, page 5-66.
Related Topics•
•
Field Reference
Available Servers Dialog Box
Use the Available Servers dialog box to select, edit, or add an Auto Update Server or Configuration Engine.
Navigation PathSelect Edit Servers from the Server field in the Device Information page of the Add New Device wizard. For detailed procedure, see Editing an Auto Update Server or Configuration Engine When Adding a New Device, page 5-69.
Related Topics•
•
•
Field Reference
Table A-18 Available Servers Dialog Box
Display Name
The name that is displayed for the server.
Type
The type of server: AUS or CNS.
IP Address
The IP address of the server.
Server Name
The hostname of the server.
Domain Name
The domain name of the server.
Create button
Enables you to add a new server. When clicked, the Server Properties dialog box appears. For a description of the elements, see Server Properties Dialog Box.
Edit button
Enables you to edit the server information. When clicked, the Server Properties dialog box appears. For a description of the elements, see Server Properties Dialog Box.
OK button
Saves your changes and closes the dialog box.
Cancel button
Closes the dialog box without saving your changes.
Help button
Opens help for this dialog box.
CNS-Configuration Engine Properties Dialog Box
Use the CNS-Configuration Engine Properties dialog box to provide the Configuration Engine properties information.
Navigation PathClick the + Add Configuration Engine... from the Server field in the Device Information page of the Add New Device wizard.
Related Topics•
•
Field Reference
Available Configuration Engines Dialog Box
Use the Available Configuration Engines dialog box to select, edit, or add a Configuration Engine.
Navigation PathSelect Edit Configuration Engines...from the Server field in the Device Information page of the Add New Device wizard.
Related Topics•
•
Field Reference
Table A-20 Available Configuration Engines Dialog Box
Display Name
The name that is displayed for the Configuration Engine.
IP Address
The IP address of the Configuration Engine.
Server Name
The hostname of the Configuration Engine.
Domain Name
The domain name of Configuration Engine.
Create button
Enables you to add a new Configuration Engine. When clicked, the CNS-Configuration Engine Properties dialog box appears. For a description of the elements, see CNS-Configuration Engine Properties Dialog Box.
Edit button
Enables you to edit the Configuration Engine information. When clicked, the CNS-Configuration Engine Properties dialog box appears. For a description of the elements, see CNS-Configuration Engine Properties Dialog Box.
OK button
Saves your changes and closes the dialog box.
Cancel button
Closes the dialog box without saving your changes.
Help button
Opens help for this dialog box.
Device Credentials Page
For elements in the Device Credentials page, see Device Credentials Page.
Device Grouping Page
For elements in the Device Grouping page, see Device Grouping Page.
Add Device(s) from DCR Wizard
To add a device from DCR into Security Manager, click Add in the Device selector. The New Device - Choose Method wizard page appears with four options. Select Add Devices from DCR, then click Next.
The following topics describe the pages in the Add Device from DCR wizard:
Device Information Page—DCR
Use the Device Information page of the Add Device from DCR wizard to add devices from DCR to Security Manager.
The Device Information page displays two panes: the left pane is called DCR List of Devices and the right pane is called Selected Devices. These panes have arrows between them that enable you to move devices from one pane to the other.
Navigation PathYou can access the Device Information page from the Add Device from DCR wizard. Click the Add button in the Device selector, select Add Device from DCR, then click Next.
Related Topics•
•
•
Field Reference
Table A-21 Device Information Page in Add Device(s) from DCR Wizard
DCR List of Devices pane
Contains two elements:
•
•
DCR resides in the CiscoWorks Server. DCR is a common repository of devices that stores device attributes and device credential information.
>> button
<< button
Moves the selected devices from one pane to the other pane.
Selected Devices pane
Displays all the devices that you selected to add from DCR into Security Manager.
Discover
Provides the following discovery options:
•
When policy discovery is initiated, the system analyzes the configuration on the device, then imports the configured service and platform policies into Security Manager to be managed. When inventory discovery is initiated, the system analyzes the interfaces on the device and then imports them into Security Manager to be managed. If the device is a composite device, all the service modules in that device are discovered.
If you select this option, the following policies are displayed:
–
This is the default option. If you do not want these discovered, deselect this check box.
–
This is the default option. If you do not want these discovered, deselect this check box.
•
•
Manage in IOS-IPS Device in IPS Manager
Select this check box to manage Cisco IOS-IPC devices, such as Cisco IOS routers and IDS sensors in IPS Manager. If the devices you selected from the DCR List of Devices pane contain Cisco IOS routers and IDS sensors, you can choose to manage them in IPS-MC by selecting this check box.
Back button
Returns to the previous wizard page.
Next button
Advances to the next wizard page.
Finish button
Saves your wizard definitions and closes the wizard.
After you click Finish, the system performs device validation tasks. If the data you entered is incorrect, the system generates error messages and displays the wizard page where the error occurs with a red error icon corresponding to it. Otherwise, the Task Status page appears, displaying the status of the device import and discovery.
Cancel button
Closes the wizard without saving your changes.
Help button
Opens help for this page.
Device Grouping Page
For elements in the Device Grouping page, see Device Grouping Page.
Device Delete Validation Page
Use the Device Delete Validation page to view error and warning messages during device deletion.
Navigation PathSelect a device from the Device selector, then click the Delete button.
Related Topics•
•
Field Reference
Table A-22 Device Delete Validation Page
Severity
Displays one or all of the following:
•
•
•
Note
Device
Displays the name of the device that you are trying to delete.
Note
Result
Provides detailed information about the severity. Double click a row to open the Device Delete Validation Details. See Device Delete Validation Details Dialog Box.
Note
OK button
Proceeds with deletion.
The OK button appears only if the system has not experienced errors. You might see warning messages though. Read the warning message details in the Results column to determine whether to continue the deletion. If you want to continue, click OK to proceed with the deletion.
Cancel button
Closes the dialog box without saving your changes.
Help button
Opens help for this page.
Device Delete Validation Details Dialog Box
Use the Device Delete Validation Details dialog box to view details about the device deletion.
Navigation PathYou can access the Device Delete Validation Details dialog box from the Device Delete Validation page. To open this dialog box, double-click a row from the Result column in the Device Delete Validation page.
Related Topics•
•
Field Reference
Create a Clone of <device name> Page
Use the Create a Clone of <device name> page to duplicate a device.
Navigation PathRight-click the device in the Device selector, then select Clone.
Related Topics•
•
Field Reference
Device Properties Page
You can open the Device Properties page in three ways:
•
•
•
The following topics describe the options in the Device Properties page:
General Page
Use the General page to add or edit information for the following four elements:
•
•
•
•
Note
•
•
•
Navigation PathDouble-click a device in the Device selector, then click General from the Device Properties page.
Related Topics•
Field Reference
Table A-25 General Page
Device Type
The type of device. For example, if the device is a Firewall device, the type of Firewall, such as PIX or ASA is displayed.
IP Type
Provides two options: Static or Dynamic. Depending on the IP type you select, the displayed fields differ.
Hostname
Displayed for static IP types only.
The DNS hostname for the device. The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following character: -
Domain Name
Displayed for static IP types only.
The DNS domain name for the device.
The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following characters: . -
IP Address
Displayed for static IP types only.
The management IP address of the device.
Valid characters are 0-9. The IP address must be in the dotted quad format, for example 192.64.3.8.
Display Name
The display name of the device.
The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following characters: _ - . : and space
OS Type
The family of the operating system running on the device.
Image Name
The name of the image.
Running OS Version
The version of the operating system running on the device.
Target OS Version
The target OS version for which you want to apply the configuration.
Contexts
Displayed if the OS type is an FWSM, ASA, or PIX Firewall version 7.0. The two options are: Single or Multi.
Operational Mode
Displayed if the OS type is an FWSM, ASA, or PIX Firewall 7.0. The options are: Transparent or Routed, or Mixed. (Mixed applies only to FWSM 3.1 when the Contexts is Multi).
Transport Protocol
The transport protocol set on the device, such as SSL, SSH, AUS, CNS, or TMS. Security Manager deploys the configuration to the device according to the transport mechanism or protocols you set on the device.
For Cisco IOS routers, note the following:
•
•
•
•
Server
If you selected a server, that server name is displayed in the field.
If you want to select another server but it does not appear in the list, you could add it. To do so, select + Add Server... to display the Server Properties dialog box. For a description of the fields in the page, see Server Properties Dialog Box.
Device Identity
The string value that uniquely identifies the device in Auto Update Server or Configuration Engine.
Manage in Cisco Security Manager
If selected when you added the device, this check box remains selected.
If you do not want to manage this device in Security Manager, deselect the check box.
Manage in IPS Manager
If selected when you added the device, this check box remains selected.
If you do not want to manage this device in IPS Manager, deselect the check box. When you deselect it, IPS Manager stops managing the device and all its policies.
This field is active only if the device you selected in the Device selector is a Cisco IOS router. IPS Manager can manage only the IPS features on a Cisco IOS router that has IPS capabilities. For more information see the IPS documentation.
Note
If the selected device is IDS, this field is not active, but the check box is selected because IPS Manager manages IDS sensors.
If the selected device is PIX Firewall, ASA, or FWSM, this field is not active because IPS Manager does not manage these device types.
Note
Save button
Saves your changes.
Close button
Closes the page.
Help button
Opens help for this page.
Credentials Page
Use the Credentials page to add or edit device credential information. For information about device credentials, see Understanding Device Credentials, page 5-71.
Note
Navigation PathDouble-click a device in the Device selector, then click Credentials from the Device Properties page.
Related Topics•
•
Field Reference
Table A-26 Credentials Page
Username
The username for logging into the device.
Password
The password for logging into the device. In the Confirm field, enter the password again.
Enable Password
The password that activates enable mode on a Cisco IOS device if enable mode is configured on that device. In the Confirm field, enter the enable password again.
Authentication Certificate Thumbprint
Certificate thumbprint available in the certificate data store for the given device.
Username
The SDEE username.
Password
The SDEE password. In the Confirm field, enter the SDEE password again.
HTTP Port
Port 80.
HTTPs Port
Port 443.
Certificate Common Name
The name assigned to the certificate. The common name can be the name of a person, system, or other entity that was assigned to the certificate. In the Confirm field, enter the common name again.
Mode
HTTP or HTTPS.
For more information, see Rx-Boot Mode Credentials Dialog Box.
For more information, see SNMP Credentials Dialog Box.
For more information, see HTTP Credentials Dialog Box.
Save button
Saves your changes.
Close button
Closes the window.
Help button
Opens help for this page.
Device Groups Page
Use the Device Groups page to assign, edit, or delete groups.
Navigation PathDouble-click a device in the Device selector, then click Device Groups from the Device Properties page.
Related Topics•
Field Reference
Table A-27 Device Groups Page
Group Types, such as Department and Location
The group type, for example, Department or Location, into which the device is grouped or will be grouped. Enables you to select an existing group or to create a new group under a group type.
To create a new group, click the arrow, then select Edit Groups... The Edit Device Groups page appears. For a description of the fields in this page, see Edit Device Groups Page.
Set values as default
When selected, sets the current values as defaults for adding and editing device groups later.
Save button
Saves your changes.
Close button
Closes the window.
Help button
Opens help for this page.
Policy Object Override Pages
You can override the global settings for certain types of policy objects from the Device Properties window of a selected device. Overrides are managed using the following pages:
•
•
•
AAA Server Groups Override Page
Use the AAA Server Groups Override page to view, create, edit, or delete AAA server group override objects. These are objects whose global definition has been customized for the selected device. For more information, see Overriding Global Objects for Individual Devices, page 8-250.
Navigation PathOpen the Device Properties Page. From the selector, select Policy Object Overrides > AAA Server Groups.
Related Topics•
Field Reference
Table A-28 AAA Server Groups Override Page
Filter
Click the arrow to display the filtering bar, which enables you to filter the information displayed in the table. For more information, see Filtering Tables, page 3-19.
Name
The name of the object.
Protocol
The protocol defined for the AAA servers contained in the AAA server group.
Category
The category that is assigned to the object. See Working with Category Objects, page 8-68.
Value Overridden?
Indicates whether the global object definition has been overridden by values defined for the selected device. See Allowing a Global Object to Be Overridden, page 8-251.
Description
Displays an icon if a description is defined for the object. Point at the icon to display a tooltip with the text of the description.
TipCreate Override button
Opens the AAA Server Group Dialog Box, page C-36. From here you can create a AAA server group override object.
Edit Override button
Opens the AAA Server Group Dialog Box, page C-36. From here you can edit the selected AAA server group override object.
Delete Override button
Deletes the selected AAA server group override and restores the global object definition.
Interface Roles Override Page
Use the Interface Roles Override page to view, create, edit, or delete interface role override objects. These are objects whose global definition has been customized for the selected device. For more information, see Overriding Global Objects for Individual Devices, page 8-250.
Navigation PathOpen the Device Properties Page. From the selector, select Policy Object Overrides > Interface Roles.
Related Topics•
Field Reference
Table A-29 Interface Roles Override Page
Filter
Click the arrow to display the filtering bar, which enables you to filter the information displayed in the table. For more information, see Filtering Tables, page 3-19.
Name
The name of the object.
Interface Name Patterns
The naming patterns of interfaces that are included in the interface role object.
Category
The category that is assigned to the object. See Working with Category Objects, page 8-68.
Value Overridden?
Indicates whether the global object definition has been overridden by values defined for the selected device. See Allowing a Global Object to Be Overridden, page 8-251.
Description
Displays an icon if a description is defined for the object. Point at the icon to display a tooltip with the text of the description.
TipCreate Override button
Opens the Interface Role Dialog Box, page C-127. From here you can create an interface role override object.
Edit Override button
Opens the Interface Role Dialog Box, page C-127. From here you can edit the selected interface role override object.
Delete Override button
Deletes the selected interface role override and restores the global object definition.
Networks/Hosts Override Page
Use the Networks/Hosts Override page to view, create, edit, or delete network override objects. These are objects whose global definition has been customized for the selected device. For more information, see Overriding Global Objects for Individual Devices, page 8-250.
Navigation PathOpen the Device Properties Page. From the selector, select Policy Object Overrides > Networks/Hosts.
Related Topics•
Field Reference
Table A-30 Networks/Hosts Override Page
Filter
Click the arrow to display the filtering bar, which enables you to filter the information displayed in the table. For more information, see Filtering Tables, page 3-19.
Name
The name of the object.
Content
The network addresses and network/host objects contained in the selected object.
Category
The category that is assigned to the object. See Working with Category Objects, page 8-68.
Value Overridden?
Indicates whether the global object definition has been overridden by values defined for the selected device. See Allowing a Global Object to Be Overridden, page 8-251.
Description
Displays an icon if a description is defined for the object. Point at the icon to display a tooltip with the text of the description.
TipCreate Override button
Opens the Network/Host Dialog Box, page C-136. From here you can create a network override object.
Edit Override button
Opens the Network/Host Dialog Box, page C-136. From here you can edit the selected network override object.
Delete Override button
Deletes the selected network override and restores the global object definition.
PKI Enrollments Override Page
Use the PKI Enrollments Override page to view, create, edit, or delete PKI enrollment override objects. These are objects whose global definition has been customized for the selected device. For more information, see Overriding Global Objects for Individual Devices, page 8-250.
Navigation PathOpen the Device Properties Page. From the selector, select Policy Object Overrides > PKI Enrollments.
Related Topics•
Field Reference
Table A-31 PKI Enrollments Override Page
Filter
Click the arrow to display the filtering bar, which enables you to filter the information displayed in the table. For more information, see Filtering Tables, page 3-19.
Name
The name of the object.
CA Name
The name of the certification authority (CA) server used for enrollment.
URL
The URL of the CA server (or the TFTP server, in cases of indirect access) used for enrollment.
Certificate
The text of the CA server's certificate, if available.
CRL Support
The method for handling Certificate Revocation Lists (CRLs) on this CA server.
LDAP Server
The URL of the LDAP server from which the CRL is downloaded.
OCSP Server
The URL of the OCSP server that checks the revocation status of certificates.
Category
The category that is assigned to the object. See Working with Category Objects, page 8-68.
Value Overridden?
Indicates whether the global object definition has been overridden by values defined for the selected device. See Allowing a Global Object to Be Overridden, page 8-251.
Description
Displays an icon if a description is defined for the object. Point at the icon to display a tooltip with the text of the description.
TipCreate Override button
Opens the PKI Enrollment Dialog Box, page C-140. From here you can create a PKI enrollment override object.
Edit Override button
Opens the PKI Enrollment Dialog Box, page C-140. From here you can edit the selected PKI enrollment override object.
Delete Override button
Deletes the selected PKI enrollment override and restores the global object definition.
Port Lists Override Page
Use the Port Lists Override page to view, create, edit, or delete port list override objects. These are objects whose global definition has been customized for the selected device. For more information, see Overriding Global Objects for Individual Devices, page 8-250.
Navigation PathOpen the Device Properties Page. From the selector, select Policy Object Overrides > Port Lists.
Related Topics•
Field Reference
Table A-32 Port Lists Override Page
Filter
Click the arrow to display the filtering bar, which enables you to filter the information displayed in the table. For more information, see Filtering Tables, page 3-19.
Name
The name of the object.
Content
The port ranges included in the port list object.
Category
The category that is assigned to the object. See Working with Category Objects, page 8-68.
Value Overridden?
Indicates whether the global object definition has been overridden by values defined for the selected device. See Allowing a Global Object to Be Overridden, page 8-251.
Description
Displays an icon if a description is defined for the object. Point at the icon to display a tooltip with the text of the description.
TipCreate Override button
Opens the Port List Dialog Box, page C-153. From here you can create a port list override object.
Edit Override button
Opens the Port List Dialog Box, page C-153. From here you can edit the selected port list override object.
Delete Override button
Deletes the selected port list override and restores the global object definition.
Services Override Page
Use the Services Override page to view, create, edit, or delete service override objects. These are objects whose global definition has been customized for the selected device. For more information, see Overriding Global Objects for Individual Devices, page 8-250.
Navigation PathOpen the Device Properties Page. From the selector, select Policy Object Overrides > Services.
Related Topics•
Field Reference
Table A-33 Services Override Page
Filter
Click the arrow to display the filtering bar, which enables you to filter the information displayed in the table. For more information, see Filtering Tables, page 3-19.
Name
The name of the object.
Protocol
The protocol selected for the service.
Source Ports
The source port, or range of ports, specified for the service.
Destination Ports
The destination port, or range of ports, specified for the service.
ICMP Message Type
If ICMP is the selected protocol, this column displays the ICMP qualifier message.
Category
The category that is assigned to the object. See Working with Category Objects, page 8-68.
Value Overridden?
Indicates whether the global object definition has been overridden by values defined for the selected device. See Allowing a Global Object to Be Overridden, page 8-251.
Description
Displays an icon if a description is defined for the object. Point at the icon to display a tooltip with the text of the description.
TipCreate Override button
Opens the Service Dialog Box, page C-156. From here you can create a service override object.
Edit Override button
Opens the Service Dialog Box, page C-156. From here you can edit the selected service override object.
Delete Override button
Deletes the selected service override and restores the global object definition.
Service Groups Override Page
Use the Service Groups Override page to view, create, edit, or delete service override objects. These are objects whose global definition has been customized for the selected device. For more information, see Overriding Global Objects for Individual Devices, page 8-250.
Navigation PathOpen the Device Properties Page. From the selector, select Policy Object Overrides > Service Groups.
Related Topics•
Field Reference
Table A-34 Service Groups Override Page
Filter
Click the arrow to display the filtering bar, which enables you to filter the information displayed in the table. For more information, see Filtering Tables, page 3-19.
Name
The name of the object.
Content
The service objects contained in the service group.
Category
The category that is assigned to the object. See Working with Category Objects, page 8-68.
Value Overridden?
Indicates whether the global object definition has been overridden by values defined for the selected device. See Allowing a Global Object to Be Overridden, page 8-251.
Description
Displays an icon if a description is defined for the object. Point at the icon to display a tooltip with the text of the description.
TipCreate Override button
Opens the Service Group Dialog Box, page C-162. From here you can create a service group override object.
Edit Override button
Opens the Service Group Dialog Box, page C-162. From here you can edit the selected service group override object.
Delete Override button
Deletes the selected service group override and restores the global object definition.
Text Objects Override Page
Use the Text Objects Override page to view, create, edit, or delete text override objects. These are objects whose global definition has been customized for the selected device. For more information, see Overriding Global Objects for Individual Devices, page 8-250.
Navigation PathOpen the Device Properties Page. From the selector, select Policy Object Overrides > Free-Form Text Objects.
Related Topics•
Field Reference
Table A-35 Text Objects Override Page
Filter
Click the arrow to display the filtering bar, which enables you to filter the information displayed in the table. For more information, see Filtering Tables, page 3-19.
Name
The name of the object.
Category
The category that is assigned to the object. See Working with Category Objects, page 8-68.
Value Overridden?
Indicates whether the global object definition has been overridden by values defined for the selected device. See Allowing a Global Object to Be Overridden, page 8-251.
Description
Displays an icon if a description is defined for the object. Point at the icon to display a tooltip with the text of the description.
TipCreate Override button
Opens the Text Object Editor Dialog Box, page C-169. From here you can create a text override object.
Edit Override button
Opens the Text Object Editor Dialog Box, page C-169. From here you can edit the selected text override object.
Delete Override button
Deletes the selected text override and restores the global object definition.
Device Shortcut Menu Options
Use the device shortcut menu options to access several tasks, such as device properties, containment, cloning device, showing devices in a map, discovering policies on a device, and so on.
Navigation PathSelect a device in the Device selector, then right-click the device to display a list of menu options.
Related Topics•
Field Reference
Table A-36 Devices Shortcut Menu Options
Device Properties
Displays device properties for the selected device. Valid properties are: General, Credentials, Device Groups, and Policy Object Overrides. See Device Properties Page.
IPS Manager
Launches IPS Manager. See Managing Devices with IPS Manager, page 5-83.
Note
Show Containment
Displays information about composite devices.
Note
If you select this option, the containment of a device, that is service modules and security contexts supported on the selected device, is displayed:
•
•
•
•
For information about security contexts, see Configuring Security Contexts on Firewall Devices, page 13-103.
Health and Status
Enables you to view the health and status of FWSM and PIX Firewall devices.
Note
Show in Map View
Displays your network topology on a map. See Displaying Your Network on the Map, page 4-16.
Clone Device
Clones (duplicates) a device. The cloned device shares the configurations and properties of the source device. See Cloning a Device, page 5-82.
Note
Copy Policies Between Devices
Copies polices from one device to another or to a group of devices of the same type. See Copying Policies Between Devices, page 6-19.
Note
Share Policies Between Devices
Makes a private policy assigned to a single device available for assignment to multiple devices. See Sharing a Local Policy, page 6-23.
Note
Preview Configuration
Enables you to preview the complete proposed configuration that will be on the device after deployment, including the configuration changes you made using Security Manager and the existing configuration. See Preview Config Dialog Box, page H-8.
Delete Device
Deletes a selected device. See Deleting Devices from the Security Manager Inventory, page 5-83.
Discover Policies on Device
Initiates policy discovery for a selected device or a device group. See Discovering Policies, page 6-5.
Device Policies Shortcut Menu Options
Use the device policies shortcut menu options to access several tasks, such as assign shared policy, share policy, unassign policy, rename policy, and so on. The available options depend on whether the policy you selected is local, shared, or unassigned.
Navigation PathRight-click a policy in the Policy selector to display a list of menu options.
Related Topics•
Field Reference.
Table A-37 Policies Right-Click Menu Options
Assign Shared Policy
Assigns an existing shared policy of the selected type to the device. See Assigning a Shared Policy to a Selected Device, page 6-28.
Share Policy
Converts the local policy into a shared policy that you can assign to other devices. See Sharing a Local Policy, page 6-23.
Assign Shared Policy
Replaces the local policy assigned to the device with a shared policy of the same type. See Assigning a Shared Policy to a Selected Device, page 6-28.
Unassign Policy
Removes the local policy from the device, effectively removing it from the device configuration. See Unassigning a Policy, page 6-21.
Edit Policy Inheritance
Causes a rule-based policy to inherit the properties of a different shared policy of the same type. See Inheriting Rules, page 6-47.
Unshare Policy
Converts the shared policy into a local policy on the device you selected. Any changes made to the policy affect only the selected device. See Unsharing a Policy, page 6-27.
Assign Shared Policy
Replaces the shared policy assigned to the device with another shared policy of the same type. See Assigning a Shared Policy to a Selected Device, page 6-28.
Unassign Policy
Removes the shared policy from the device, effectively removing it from the device configuration. See Unassigning a Policy, page 6-21.
Edit Policy Assignments
Enables you to edit the list of devices to which you assigned the selected policy. See Modifying Shared Policy Assignments in Device View, page 6-34.
Save Policy As
Saves a new instance of the selected shared policy under a different name. Use this option to create a new policy with the same definition as the policy from which it was created. See Copying a Shared Policy, page 6-30.
Rename Policy
Renames the selected policy. See Renaming a Shared Policy, page 6-32.
Edit Policy Inheritance
Causes a rule-based policy to inherit the properties of a different shared policy of the same type. See Inheriting Rules, page 6-47.
Device Group Shortcut Menu Options
Use the device group shortcut menu options to access several grouping tasks, such as add group, edit group information, add devices to group, and add a device to Security Manager.
Navigation PathRight-click a group in the Device selector to display a list of menu options.
Related Topics•
Field Reference
Edit Device Groups Page
Use the Edit Device Groups page to edit groups, create new group types and groups, create subgroups under existing groups, and delete groups or subgroups.
Navigation PathDo one of the following:
•
•
•
Related Topics•
•
Field Reference
Add Devices to Group Page
Use the Add Devices to Group page to add devices to the selected group.
Navigation PathRight-click a group in the Device selector, then select Add Devices to Group.
Related Topics•
•
Field Reference
Table A-40 Add Devices to Groups Page
Available Devices pane
Contains two elements:
•
•
>> button
<< button
Moves the selected devices from one pane to the other pane.
To add a single device or multiple devices, select the devices or a group from the Available Devices pane, then click >>. The selected devices or all of the devices in the selected group move to the Selected Devices pane.
To remove a device from the Selected Devices pane, select the device from the Selected Devices pane, then click <<. The selected device moves to the Available Devices pane.
Selected Devices pane
Displays all the devices that you selected to add to a group.
OK button
Saves your changes and closes the page.
Cancel button
Closes the page without saving your changes.
Help button
Opens help for this page.
Add Group Dialog Box
Use the Add Group dialog box to create a group.
Navigation PathRight-click a group or group type in the Device selector, then select Add Group.
Related Topics•
•
Field Reference
