-
User Guide for Cisco Security Manager 3.2.1
-
Preface
-
Getting Started with Security Manager
-
Managing User Accounts
-
Working with the Security Manager User Interface
-
Using Map View
-
Preparing Devices for Management
-
Managing the Device Inventory
-
Managing Policies
-
Managing Activities
-
Managing Objects
-
Managing Site-to-Site VPNs
-
Managing Remote Access VPNs
-
Managing Firewall Services
-
Managing IPS Services
-
Managing Routers
-
Managing Firewall Devices
-
Managing Cisco Catalyst Switches and Cisco 7600 Series Routers
-
Managing IPS Devices
-
Managing Deployment
-
Managing FlexConfigs
-
Managing the Security Manager Server
-
Using Monitoring, Troubleshooting, and Diagnostic Tools
-
Administrative Settings User Interface Reference
-
Map View User Interface Reference
-
Device Inventory User Interface Reference
-
Policy User Interface Reference
-
Activities User Interface Reference
-
Policy Object Manager User Interface Reference
-
Site-to-Site VPN User Interface Reference
-
Remote Access VPN User Interface Reference
-
Firewall Services User Interface Reference
-
Router Platform User Interface Reference
-
PIX/ASA/FWSM Platform User Interface Reference
-
IPS User Interface Reference
-
Catalyst Platform User Interface Reference
-
Deployment User Interface Reference
-
FlexConfig User Interface Reference
-
Index
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Z
Index
Numerics
12.1 and 12.2
managing routers 14-2
12.2(33) SRA
running on Catalyst 6500/7600 devices
path MTU discovery and 10-29
12.2(33) SRB
running on Catalyst 6500/7600 devices
path MTU discovery and 10-29
12.2(33) SXH
running on Catalyst 6500/7600 devices
path MTU discovery and 10-29
3DES encryption algorithm
cluster load balancing
using FQDNs 11-16
in IKE proposals 10-46
4.3.2
MARS version
read-only policy lookup 21-41
4.3.4
MARS version
events lookup 21-68
policy lookup, read-write 21-41
5.3.4
MARS version
events lookup 21-68
policy lookup, read-write 21-41
5-tuple data
access rule lookup from MARS and 21-35
low-latency event query 21-44
parsing during access rule lookup 21-37
policy table lookup from MARS and 21-35
802.1x
802.1x Policy page J-135
defining policies 14-87
interface authorization states 14-86
on Cisco IOS routers 14-85
supported topologies 14-87
understanding device roles 14-85
A
AAA
accounting 11-2
authorization 11-2
Cisco IOS routers
AAA Policy page J-66
Accounting tab J-70
Authentication tab J-66
Authorization tab J-68
Command Accounting dialog box J-73
Command Authorization dialog box J-70
defining services 14-47
overview 14-45
supported accounting types 14-46
supported authorization types 14-45
understanding method lists 14-46
configuring on firewall devices 15-27
configuring settings 12-96
credentials for device access 6-4
local fallback 15-29
PIX/ASA/FWSM
AAA page K-56
Accounting tab K-58
Authentication tab K-56
Authorization tab K-58
support 15-28
user authentication 11-2
AAA authentication
and Cisco Secure ACS
for policy lookup 21-48
AAA authentication groups
predefined 9-11
using SDI
as the protocol 10-80
AAA firewall I-112
advanced setting
Interactive Authentication Configuration dialog box I-114
AAA Mode Setup page 2-1
AAA rules
AAA Rules page I-56
Add AAA Rules dialog box I-59
adding 12-60
AuthProxy dialog box I-73
configuring settings
for (PIX/ASA) 12-96
for IOS 12-100
deleting 12-65
disabling 12-63
Edit AAA Option dialog box I-72
Edit AAA Rules dialog box I-59
Edit AAA Server Group dialog box I-74
Edit Category dialog box I-74
Edit Description dialog box I-75
Edit Destinations dialog box I-66
editing 12-62
Edit Interface dialog box I-70
Edit Service dialog box I-43, I-68
Edit Sources dialog box I-64
enabling 12-63
MAC exempt address lists
adding 12-98
deleting 12-100
editing 12-99
understanding 12-98
moving down 12-64
moving up 12-64
Show Destination dialog box I-67
Show Interface Contents dialog box I-71
Show Service Contents dialog box I-69
Show Source Contents dialog box I-65
understanding 12-59
AAA Rules page I-56
AAA server group objects
AAA Server Group dialog box F-9
AAA Server Groups page F-8
creating 9-13
default server groups on IOS devices 9-12
predefined authentication groups 9-11
understanding 9-10
AAA server objects
AAA Server dialog box F-13
AAA Servers page F-12
creating 9-19
supported types 9-16
AAA servers
external servers 11-2
supported types on ASA devices 9-17
table of services on ASA devices 9-18
Abort the Job dialog box N-22
About Security Manager command 3-12
ABR
definition 15-73
access control list objects
creating 9-24
example
extended ACL 9-21
standard ACL 9-22
web ACL 9-22
Extended IP ACL tab
Add Extended Access Control Entry dialog box F-28
Add Extended Access List page F-26
Edit Extended Access Control Entry dialog box F-28
Edit Extended Access List page F-26
extended objects 9-24
Extended tab F-24
Add Extended Access Control Entry dialog box F-28
Add Extended Access List page F-26
Edit Extended Access Control Entry dialog box F-28
Edit Extended Access List page F-26
GUI
understanding 9-23
standard objects 9-26
Standard tab F-31
Add Standard Access Control Entry dialog box F-34
Add Standard Access List page F-32
Edit Standard Access Control Entry dialog box F-34
Edit Standard Access List page F-32
understanding 9-20
web objects 9-27
Web tab F-36
Add Web Access Control Entry dialog box F-39
Add WebType Access List page F-37
Edit Web Access Control Entry dialog box F-39
Edit WebType Access List page F-37
access control lists
policy discovery 7-13
Access Control page I-106
access controls
access list compilation
enabling 12-91
configuring settings 12-92
object group search
enabling 12-87
per user downloadable ACLs
enabling 12-89
settings 12-86
understanding settings 12-86
Access Group tab
Access Interface Configuration dialog box(ASA) H-101
access list compilation
enabling 12-91
understanding 12-90
access lists
adding an implicit ACE 21-76
configured on IOS devices with
log-input keyword 21-30
log keyword 21-30
implicit deny
and MARS events lookup 21-76
Access page (ASA) H-3
access permissions
maps 4-2
access policies, configuring 11-48
access ports
Create and Edit Interface dialog boxes-Access Port mode M-12
understanding 16-5
access rule events
in MARS
looking up policy table 21-35
keywords
ACE hashcodes 21-72
access rule lookup
authentication failure
during connection from MARS 21-34
communication
between MARS and Security Manager 21-47
deployed changes
synchronization with 21-44
device lookup query
sequence of actions 21-36
with a unique hostname 21-36
without any domain and hostname 21-36
device lookup results and 21-37
device software versions
supported for 21-48
devices with multiple contexts
prerequisites for 21-36
error message 21-45
expanding
network/host objects 21-45
service objects 21-45
for syslog messages
on IOS routers 21-39
for the selected MARS event
with multiple device matches 21-35
with no device match 21-35
from device manager syslog 21-29
from MARS
in read-only mode 21-33
in read-write mode 21-33
overview 21-37
sample case 21-33
taskflow 21-34
without Security Manager client running 21-35
from MARS events
in Security Manager 3.1.1 through 3.0.1 21-37
in Security Manager 3.2 21-37
guidelines for working 21-41
in MARS 4.3.4 and 5.3.4 21-37
parsing raw syslogs 21-37
in read-only mode
supported MARS versions 21-37
supported Security Manager versions 21-37
in read-write mode
improved rule matching accuracy 21-37
supported MARS versions 21-37
supported Security Manager versions 21-37
looking up device in MARS 21-36
MARS session object 21-37
multiple matches
for syslogs with insufficient details for parsing 21-38
starting a new client session 21-43
supported syslog IDs
for firewall devices 21-39
syslog messages supported
by IOS routers 21-39
by security appliances 21-39
syslogs supported for
by firewall devices 21-39
with multiple hostname matches 21-36
with Security Manager client active
in non-Workflow mode 21-35
in Workflow mode 21-35
with Security Manager client timed out 21-43
access rules
Access Rules page I-1
Adaptive Security Algorithm (ASA) and 12-38
Add Firewall Rule dialog box I-4
adding 12-40
Advanced dialog box I-9
ASA, and 12-39
conflicting with other ACEs 21-83
deleting 12-47
disabling 12-45
Edit Category dialog box I-20
Edit Description dialog box I-21
Edit Destinations dialog box I-13
Edit Firewall Option dialog box I-17
Edit Firewall Rule dialog box I-4
Edit Firewall Rule Expiration dialog box I-21
editing 12-43
Edit Interface dialog box I-18, I-45
Edit Service dialog box I-15
Edit Sources dialog box I-11
empty
policy lookup from MARS 21-44
enabling 12-45
events lookup
checklist 21-79
fields provided to MARS 21-75
guidelines 21-77
historical events 21-73
keywords 21-72
large number of hashcodes 21-76
overview 21-75
viewing historical events 21-75
viewing realtime events 21-75
warning message 21-79
FWSM, and 12-39
hashcodes
accuracy of syslog matches 21-75
hyperlink in rule number
read-only policy table 21-65
implicit
at the end of the access list 21-76
inbound
pre-NAT address 21-74
IOS router, and 12-39
logging events for an ACE 12-40
log message generation 21-76
looking up
from MARS events (prerequisites) 21-53
from MARS events (procedure) 21-53
looking up events
Query page, attributes 21-72
modified
after read-only policy display 21-46
modifying
query results in MARS 21-71
moving down 12-46
moving up 12-46
navigating from
ASDM syslog 21-30
SDM syslog 21-32
navigating to
historical events in MARS 21-84
realtime events in MARS 21-83
navigating to the first match
from syslog 21-29
notes 12-39
not synchronized with device 21-45
object grouping
events lookup and 21-78
on higher security interface, inbound
policy lookup 21-45
on lower security interface, inbound
policy lookup 21-45
policy query icon 21-45
on lower security interface, outbound
policy lookup 21-45
optimization
events lookup and 21-78
outbound
post-NAT address 21-74
PIX Firewalls, and 12-39
recognizing on devices 12-38
rule expiration 12-4
Show Destination Contents dialog box I-14
Show Interface Contents dialog box I-19
Show Service Contents dialog box I-16
Show Source Contents dialog box I-12
troubleshooting
using MARS events 21-68
unavailable on the device
for MARS syslogs 21-45
with NAT
MARS events lookup 21-74
without logging enabled
events matching a flow 21-76
with PAT
MARS events lookup 21-74
Access Rules page I-1
expanding objects
lookup from MARS events 21-57
highlighted row
after policy lookup from MARS 21-57
Login to CS-MARS dialog box 21-89
looking up
from MARS events 21-57
with Security Manager not installed 21-57
with Security Manager running 21-57
with Security Manager timed out 21-57
navigating
to historical events, matching destination 21-84
to historical events, matching flow 21-83
to historical events, matching rule 21-83
to historical events, matching source 21-84
to realtime events, matching flow 21-83
navigating from
to historical events, matching destination 21-84
to historical events, matching rule 21-83
to realtime events, matching rule 21-83
accounting
configuring on firewall devices 15-27
accounts and credentials
Cisco IOS routers
overview 14-49
accounts and credentials policies
Accounts and Credentials Policy page J-74
User Accounts dialog box J-76
ACL names
as keywords
in MARS events lookup 21-72
conflicts and resolutions 9-34
generating 9-32
identifying original 9-34
naming conventions 9-32
notes 9-35
preserving user-defined 9-30
ACLs
optimizing
caveats 12-35
notes 12-34
Actions Shortcut menu L-7
Active/Active failover
command replication 15-45
configuration synchronization 15-45
Active/Standby failover 15-44
activities
accessing functions 8-7
Activity Manager window E-1
Activity Required dialog box E-7
Approve Activity dialog box E-6
Approved state 8-4
benefits of 8-2
closing 8-9
Create Activity dialog box E-4
creating 8-9
Discard Activity dialog box E-7
discarding 8-14
Edit state 8-4
in an editable state
and policy table lookup from MARS 21-35
locking 8-2
managing 8-1
multiple users 8-3
Openable Activities dialog box E-8
opening 8-9
policy table lookup
with Security Manager client active 21-43
Reject Activity dialog box E-6
Rejected state 8-4
rejecting 8-14
states 8-4
Submit Activity dialog box E-5
Submitted state 8-4
submitting for approval 8-13
understanding 8-1
user interface reference E-1
validating 8-11
viewing change reports 8-10
viewing status and history 8-15
working with 8-6
Activities menu 3-11
Activity Manager command 3-10
Activity Manager window E-1
Activity Required dialog box E-7
activity states E-3
Adaptive Security Appliances
Add/Edit AnyConnect Client Image dialog box (ASA) H-117
Add/Edit AnyConnect Client Profile dialog box (ASA) H-117
Add/Edit Collector dialog box
description 15-61, K-99, K-120
Add/Edit Connection Profile dialog box
SSL tab
Add/Edit Connection Alias dialog box H-34
Add/Edit Connection URL dialog box H-35
Add/Edit Content Rewrite dialog box (ASA) H-105
Add/Edit File Encoding dialog box (ASA) H-108
Add/Edit IGMP Join Group dialog box
description 15-70
Add/Edit IGMP Static Group dialog box
description 15-70
Add/Edit Multicast Route dialog box
Add/Edit PIM Bidirectional Neighbor Filter dialog box
description K-150
Add/Edit PIM Neighbor Filter dialog box
description K-149
Add/Edit Plug-in Entry dialog box (ASA) H-114
Add/Edit Proxy Bypass dialog box (ASA) H-112
Add AAA Rules dialog box I-59
Add Access List dialog box L-78
Add an Entry dialog box L-48
Add Cat6k Block Vlan dialog box L-94
Add Certificate dialog box A-14
Add Custom Signature dialog box L-5
Add Device from Network wizard
Device Credentials page C-16
Add Devices to Group command 3-7
Add Devices to Group dialog box C-34
Add Event Action Filter dialog box
fields with
default values 21-62
values from MARS events 21-62
read-only signature policy page
in the MARS GUI 21-62
Add Firewall Rule dialog box I-4
Add Group dialog box C-35
Add Link command 3-9
Add Link dialog box B-14
Add Local Rules command 3-8
Add Map Object and Node Properties dialog boxes B-15
Add Map Object command 3-9
Add New Device wizard
Device Credentials page C-16
Add or Edit Status Providers dialog box A-36
Add Other Devices dialog box N-15
Add Permit Response dialog box F-204
Add Regular Expression dialog box F-336
Add Regular Expression Group dialog box F-333
address pools
defining 15-17
Address Resolution Protocol
Add Row command 3-7
Add Rule Section dialog box I-127
Add Signature Parameter--List Entry Dialog Box L-48
Add Standard Access Control Entry dialog box F-34
Add Standard Access List page F-32
Add Transparent Firewall Rule dialog box I-100
Add User Profile dialog box L-88
Add Virtual Sensor dialog box L-97
Add Web Access Control Entry dialog box F-39
Add WebType Access List page F-37
admin context
in Performance Monitor
deleting 21-13
importing 21-13
overview 15-80
administering Performance Monitor
event thresholds, working with 21-20
administration
selecting router policies to manage 7-10
administrative settings, configuring 20-2
Admin role
adding Security Manager
to MARS 21-50
ADSL
ADSL Policy page J-33
ADSL Settings dialog box J-34
defining settings 14-28
supported operating modes 14-27
Advanced dialog box
access rules I-9
advanced settings
configuring 11-47
Advanced tab (ASA) H-118
Advanced tab (IOS) H-98
AES encryption algorithm
in IKE proposals 10-46
in VPN SPA 10-28
aging timer
path MTU discovery 10-30
AIM-IPS interfaces
AIM-IPS Interface Settings page J-26
AIM-IPS module
credentials C-22
AIM-IPS Module Discovery dialog box C-22
Alarm Indication Signal (AIS) cells 14-35
Alarm Information table
description 21-28
Alert Aggregation table
description 21-28
Allowed host
use of 17-4
Allowed Hosts page L-78
Analysis Engine global variables
configuring 17-7
Analysis Engine tab L-84
analysis reports
generating 12-6
understanding 12-4
Analysis Reports page I-129
anomaly detection
limiting false positives L-56
worm attacks L-56
Anomaly Detection page L-50
anti-spoofing 15-76
anti-virus software policies
modifying
for device manager 21-6
appended CLI commands 19-2
Apply IPS Update command 3-11
Apply IPS Update wizard A-22
Approve Activity command 3-12
Approve Activity dialog box E-6
Approved activity state 8-4
Approve Deployment Job dialog box N-19
approver role 2-17
approvers
associating with user account
for policy lookup from MARS 21-49
archiving
IEV log files 21-25
Area Border Router
See ABR 15-73
ARP
Layer 2 signatures L-21
protocol L-21
ARP requests
and CPU usage 21-16
ARP spoof tools
dsniff L-21
ettercap L-21
ARP table
ASA
policy discovery 7-12
rollback, commands to recover from failover misconfiguration 18-38
rollback command conflicts 18-37
rollback restrictions for failover devices 18-34
rollback restrictions for multiple context mode 18-34
setting up AUS or CNS 5-8
setting up SSL (HTTPS) 5-3
ASA Cluster Load Balance page H-22
ASA devices
See also PIX/ASA/FWSM Platform policies
AAA support 9-17
adding SSL thumbprints manually 6-22
defining
DNS server IP address 11-15
enabling
DNS lookups 11-15
events lookup
ACE hashcodes 21-73
models supported
VPN cluster load balancing 11-16
outside IP addresses
associated with DNS entry 11-15
remote access IPSec VPNs
access policies 11-48
creating using wizard 11-11, 11-12
other settings 11-49
performance settings 11-50
remote access SSL VPNs
access settings 11-48
content rewrite rules 11-51
performance settings 11-50
proxy bypass rules 11-53, 11-54
remote access VPNs
access policies (ASA) H-99, H-101
advanced settings (ASA) H-118
AnyConnect client image settings (ASA) H-117
AnyConnect client profile settingss (ASA) H-117
browser plug-ins (ASA) H-113, H-114
certificate to connection profile map policies 11-34, 11-35
certificate to connection profile map rules 11-36
Certificate to Connection Profile Maps > Map Rule dialog box (lower pane) H-77
Certificate to Connection Profile Maps > Map Rule dialog box (upper pane) H-76
Certificate to Connection Profile Maps > Policies page H-74
Certificate to Connection Profile Maps > Rules page H-75
client settings (ASA) H-115
cluster load balancing 11-14, 11-15, H-22
connection profiles 11-16, 11-17, H-24
content rewrite settings (ASA) H-104, H-105
dynamic access policies 11-17, 11-18
dynamic access policy (DAP) attributes 11-20, 11-23
Dynamic Access policy page (ASA) H-35
encoding settings (ASA) H-106, H-108
fragmentation settings H-69
Global Settings page H-65
IKE proposals H-78
ISAKMP/IPsec settings H-66
NAT settings H-68
other settings (ASA) H-102
performance settings (ASA) H-102
proxy bypass settings (ASA) H-112
proxy settings (ASA) H-109
Public Key Infrastructure (PKI) H-73
secure desktop manager policies 11-24, 11-26
SSL certificate configuration A-13
supported OS versions
redirection using FQDNs 11-16
supported software versions
for policy and events lookup 21-48
syslog messages
looking up Access Rules page 21-30
table of AAA services 9-18
use of Kerberos 9-17
use of LDAP servers 9-17
use of NT servers 9-17
use of SDI servers 9-17
VPN cluster load balancing
3DES/AES license 11-16
overview 11-15
with multiple contexts
and policy lookup from MARS 21-36
MARS events lookup 21-77
prerequisite for policy table lookup 21-36
ASA User Group dialog box F-42
Auto Signon Rules F-56
Client Access Rules dialog box F-51
Client Configuration settings F-44
Client Firewall Attributes F-45
Connection settings F-59
DNS/WINS settings F-57
Hardware Client Attributes F-48
IPsec Settings F-49
Split Tunneling settings F-58
SSL VPN Clientless Settings F-51
SSL VPN Full Client Settings F-53
SSL VPN General Settings F-55
Technology settings F-42
ASA user group objects
ASA User Groups page F-41
Auto Signon Rules F-56
Client Access Rules dialog box F-51
Client Configuration settings F-44
Client Firewall Attributes F-45
Connection settings F-59
creating 9-37
DNS/WINS settings F-57
Hardware Client Attributes F-48
IPsec Settings F-49
Split Tunneling settings F-58
SSL VPN Clientless Settings F-51
SSL VPN Full Tunnel Settings F-53
SSL VPN General Settings F-55
Technology settings F-42
understanding 9-36
ASA User Groups page F-41
ASBR
definition 15-73
ASDM
connection graphs 21-3
connection-related messages 21-30
home page, viewing 21-4
Log Buffer panel 21-30
managing
ASA devices 21-3
firewalls 21-3
FWSM 21-3
multiple instances of 21-4
overview 21-3
performance monitoring and 21-3
Real-time Log Viewer panel 21-31
starting from Security Manager 21-3
syslog message
navigating to access rule in Security Manager 21-29
ASDM home page
at-a-glance monitoring 21-3
dynamic dashboard and 21-4
ASDM instances
maximum number of
for all firewall contexts 21-5
for all FWSM contexts 21-5
ASDM sessions
exceeding the limit 21-6
assignment overview 1-7
Assignments tab D-18
Assign Shared Policy command 3-8
Assign Shared Policy dialog box D-2
Asymmetric Digital Subscriber Line (ADSL)
on Cisco IOS routers 14-26
Asynchronous Transfer Mode (ATM) 14-31
ATM 14-31
virtual channel connections (VCCs) 14-32
virtual channel identifier (VCI) 14-32
virtual path connections (VPCs) 14-32
virtual path identifier (VPI) 14-32
Atomic ARP engine
described L-21
parameters (table) L-21
Atomic IP engine
parameters (table) L-16
audit logs
configuring default settings A-30
purging entries 20-12
understanding 20-10
working with 20-10
Audit Message Detail dialog box E-9
Audit Report command 3-11
audit reports
generating and viewing 20-11
understanding 20-10
working with 20-10
Audit Report window E-9
AUS
changing bootstrap password 5-12
deploying configurations 18-25
deployment method 18-12
setting up 5-8
setting up on PIX Firewall and ASA devices 5-8
authentication
configuring on firewall devices 15-27
of MARS for policy lookup
Security Manager deleted from MARS 21-42
of MARS with Security Manager
for events lookup 21-71
of Performance Monitor 21-10
of Security Manager with MARS
error message 21-71
successful 21-71
authentication methods
in IKE proposals 10-47
preshared keys 10-47
RSA signatures 10-47
authentication settings
events lookup
allowing saving of credentials 21-71
Security Manager user account not in MARS 21-78
using MARS credentials 21-71
using Security Manager credentials 21-71
for events lookup
Security Manager credentials 21-82
for MARS to access
Security Manager 21-48
policy table lookup
allow saving of credentials 21-52
using MARS credentials 21-52
using Security Manager credentials 21-52
authentication testing
SSH 5-6
authorization
configuring on firewall devices 15-27
AuthProxy dialog box
AAA rules I-73
AuthProxy General tab (IOS) I-119, I-121
AuthProxy page I-118
autolink
omitting reserved networks from maps A-2
Auto Signon Rules
ASA user group objects F-56
Auto Update Server (AUS)
licensing 20-4
Auto Update Server Properties dialog box C-11
Auto Update Servers (AUS)
configuring AUS settings on firewall devices 15-50
Available Bit Rate (ABR) 14-33
Available Servers dialog box C-13
B
background image, map
deleting 4-10
importing 4-9
overview 4-9
scale and position 4-11
setting 4-10
backslash
when defining subinterfaces 9-99
Backup command 3-11
backups, Security Manager database 20-13
backward compatibility
of policy table lookup
with Security Manager 3.0.x, 3.1.x 21-41
banners
Banner page K-60
configuring on firewall devices 15-31
benefits of product 1-2
BGP routing
BGP Routing Policy page J-165
defining routes 14-119
Neighbors dialog box J-166
on Cisco IOS routers 14-119
redistributing routes 14-121
Redistribution Mapping dialog box J-168
Redistribution tab J-167
Setup tab J-165
blocking
definition of 17-7
Blocking page L-85
boot image and configuration settings
configuring on firewall devices 15-32
bootstrapping
devices
for events lookup 21-80
for policy lookup 21-47
Security Manager server
for communication with MARS 21-48
for policy lookup 21-47
bootstrapping devices
integration with Performance Monitor 21-13
managed by MARS 21-47
bridge groups
defining 14-52
bridging
Cisco IOS routers
Bridge Group dialog box J-78
Bridging Policy page J-77
BVI interfaces 14-51
overview 14-51
PIX/ASA/FWSM
Add/Edit ARP Inspection dialog box K-52
Add/Edit ARP Table Entry dialog box K-50
Add/Edit MAC Learning dialog box K-55
Add/Edit MAC Table Entry dialog box K-53
ARP Inspection page K-51
ARP Table page K-49
configuring on 15-25
MAC Address Table page K-53
MAC Learning page K-54
Management IP page K-55
browser plug-ins
defining 11-57
understanding 11-56
browser settings
File Download dialog box 21-57
reusing windows
for events lookup 21-79
saving in trusted folder
SSL certificate of MARS 21-85
C
caching
device manager image 21-5
MARS events
sessionization 21-44
MARS login credentials
during events lookup 21-78
policy rules
in read-only policy window 21-43
reusing query results 21-43
Security Manager credentials
until MARS session is active 21-42
CA server authentication methods
SCEP (Simple Certificate Enrollment Protocol) 10-59
Cat6k Device dialog box L-93
Catalyst 6500/7600 devices
configuring FWSM on 10-32
configuring SSH 5-6
configuring VPNSM on 10-26
configuring VPN SPA on 10-28
default transport protocol A-12
deployment 18-18
path MTU discovery
on tunnel interface 10-29
packet fragmentation 10-29
policy discovery for FWSM 7-12
rollback restrictions 18-35
supported IOS versions
for path MTU discovery 10-29
Catalyst 6500/7600 switches
including in deployment jobs N-11
Catalyst 6500 Series switches
See Catalyst switches and Cisco 7600 Series routers
supported software versions
for policy and events lookup 21-48
Catalyst 6K tab L-93
Catalyst devices
policy discovery 7-12
remote access VPNs
Dynamic VTI/VRF Aware IPsec settings H-86
high availability H-90
IPsec proposals H-82
user group policies H-92
VPNSM/VPN SPA settings H-84
Catalyst platform policies
general reference M-1
IDSM settings policy
Create and Edit IDSM Data Port VLANs dialog boxes M-32
Create and Edit IDSM EtherChannel VLANs dialog boxes M-31
IDSM Settings page M-30
IDSM Slot-Port Selector dialog box M-33
interfaces/VLANs policy
Access Port Selector dialog box M-6
Create and Edit Interface dialog boxes-Access Port mode M-12
Create and Edit Interface dialog boxes-Dynamic Port mode M-21
Create and Edit Interface dialog boxes-Other mode M-26
Create and Edit Interface dialog boxes-Routed Port mode M-15
Create and Edit Interface dialog boxes-subinterfaces M-25
Create and Edit Interface dialog boxes-Trunk Port mode M-17
Create and Edit VLAN dialog boxes M-4
Create and Edit VLAN Group dialog boxes M-8
Interfaces/VLANs page M-2
Interfaces tab M-10
Service Module Slot Selector dialog box M-9
Summary tab M-28
Trunk Port Selector dialog box M-7
VLAN Groups tab M-7
VLAN Selector dialog box M-10
VLANs tab M-3
VLAN access lists policy
Create and Edit VLAN ACL Content dialog boxes M-37
Create and Edit VLAN ACL dialog boxes M-35
VLAN Access Lists page M-34
Catalyst Summary Info command 3-10
Catalyst switches
configuring SSH 5-6
default transport protocol A-12
showing modules, security contexts, and virtual sensors 6-24
Catalyst switches and 7600 Series routers
access ports 16-5
Catalyst Summary Info page M-1
defining IDSM Data Port VLANs 16-18
defining IDSM EtherChannel VLANs 16-16
defining ports 16-6
defining VACLs 16-13
defining VLAN groups 16-11
defining VLANs 16-9
deleting IDSM Data Port VLANs 16-19
deleting IDSM EtherChannel VLANs 16-17
deleting ports 16-8
deleting VACLs 16-15
deleting VLAN groups 16-12
deleting VLANs 16-10
discovering policies 16-4
generating interface names 16-7
IDSM settings 16-15
IDSM Settings page M-30
interfaces 16-5
Interfaces/VLANs page M-2
managing 16-1
migrating inventory from earlier release 16-2
migrating unmanaged service modules 16-3
routed ports 16-5
trunk ports 16-5
viewing configuration summary 16-20
VLAN Access Lists page M-34
VLAN ACLs (VACLs) 16-12
VLAN groups 16-10
VLANs 16-8
Catalyst VPN Services Module (VPNSM)
configuring 10-30
configuring in remote access VPNs 11-40
defining settings (site-to-site VPN) G-16
understanding configuration 10-26
VPNSM blade configuration 10-26
Catalyst VPN Shared Port Adapter (VPN SPA)
configuring a VPN SPA blade 10-30
configuring in remote access VPNs 11-40
defining settings (site-to-site VPN) G-16
path MTU discovery
crypto maps 10-29
enabling 10-29
supported IOS versions for 10-29
understanding configuration 10-28
categories
editing 9-40
understanding 9-39
category objects
Categories page F-61
Category Editor dialog box F-62
cautions
significance of i-lxiv
certificate comparison
by MARS
conflict detection 21-42
storing a fresh copy after prompting 21-42
storing a fresh copy automatically 21-42
certificates
presented by Security Manager
compared by MARS during policy lookup 21-42
certificates, SSL
adding thumbprints manually 6-22
configuring default settings for how handled A-13
certificate to connection profile map policies
configuring 11-35
understanding 11-34
certificate to connection profile map rules
configuring 11-36
understanding 11-36
Certification Authority (CA) servers
naming guidelines 9-113
Change Report dialog box E-8
change reports, viewing 8-10
Change Reports command 3-11
Cisco 7600 Series routers
See Catalyst switches and 7600 Series routers
Cisco Adaptive Security Device Manager
Cisco Discovery Protocol (CDP) J-23
Cisco Express Forwarding (CEF)
importance for QoS 14-100
Cisco IOS devices
access lists with
log-input keyword 21-30
log keyword 21-30
syslog messages
looking up Access Rules page 21-30
Cisco IOS routers
802.1x 14-85
AAA 14-45
access lists with
log-input keyword 21-39
log keyword 21-39
access rule lookup
from MARS 21-34
accounts and credentials 14-49
ADSL 14-26
advanced interface settings 14-20
available interface types 14-14
basic interface settings 14-14
BGP routing 14-119
CNS call-home mode 5-10
CNS event-bus mode 5-9
configuring SSH 5-6
CPU settings 14-55
default AAA server groups 9-12
deploying configurations using TMS 18-26
dialer interfaces 14-23
discovering policies 14-3
Domain Name System (DNS) 14-70
Dynamic Host Configuration Protocol (DHCP) 14-78
EIGRP routing 14-122
host and domain names 14-72
HTTP 14-56
IOS 12.1 and 12.2 14-2
line access 14-58
logging 14-96
managing 14-1
memory settings 14-72
NAT 14-4
Network Admission Control (NAC) 14-89
Network Time Protocol (NTP) 14-83
optional SSH settings 14-66
OSPF routing 14-127
permanent virtual connections (PVCs) 14-31
platform policies 14-1
Point-to-Point Protocol (PPP) 14-40
policy discovery 7-12
quality of service (QoS) 14-100
RIP routing 14-139
Secure Device Provisioning (SDP) 14-73
setting up SSL (HTTPS) 5-4
SHDSL 14-29
SNMP 14-68
static routing 14-142
supported software versions
for policy and events lookup 21-48
supported syslog IDs
for policy lookup 21-39
time zone settings 14-53
transparent bridging 14-51
Cisco IOS Software
selecting policy types to manage 7-10
Cisco IPS Event Viewer service
enabling with IEV 21-23
Cisco Network Security Database
Cisco PIX firewalls
See PIX/ASA/FWSM Platform policies
Cisco Router and Security Device Manager
Cisco Secure Access Control Server (ACS)
activating NDG feature 2-28
adding devices as AAA clients without NDGs 2-26
adding managed devices 2-26
adding managed devices and configuring NDGs 2-35
adding users 2-24
assigning roles to user groups 2-34
assigning roles to user groups with NDGs 2-35
assigning roles to user groups without NDGs 2-34
associating user roles and permissions 2-20
configuring CiscoWorks AAA mode 2-32
configuring network device groups 2-27
creating network device groups 2-29
customizing user roles 2-19
default roles 2-19
defining system identity user 2-31
integrating with Security Manager 2-21
integration checklist 2-23
integration requirements 2-22
performing integration 2-24
performing integration in CiscoWorks 2-30
registering Security Manager 2-33
restarting Daemon Manager 2-33
understanding user permissions 2-1
Cisco Secure Access Control Server (ACS) integration
creating administration control user 2-30
creating local users in CiscoWorks 2-30
Cisco Secure Access Control Server (ACS) user interface
Add Administrator page 2-30
Group Setup page 2-35
Cisco Secure ACS
access settings for
MARS appliance 21-48
roles for
policy table lookup 21-49
Cisco Security Agent
icon, waving
disallowing device manager 21-8
IEV and modifying policy 21-23
Messages tab
xdm-launcher.exe 21-8
modifying policies
for device manager 21-6
modifying policy for IEV
automatically 21-23
manually 21-23
not installed on Security Manager server
automatically modifying policy for IEV 21-23
preexisting on Security Manager server
manually modifying policy for IEV 21-23
security level
starting device manager 21-8
starting device manager
allowing xdm-launcher.exe 21-8
untrusted applications
xdm-launcher.exe 21-8
Cisco Security Management Suite server
logging into or exiting 1-8
Cisco Security Manager Policy Query page
Cisco Security MARS
Cisco Technical Assistance Center
creating diagnostic file 20-13
Cisco Trust Agent (CTA) 14-90
CiscoWorks Common Services
assigning roles to users 2-17
associating user roles and permissions 2-20
available user roles 2-17
backing up and restoring Security Manager 20-13
configuring AAA mode 2-32
creating local user for Cisco Secure ACS 2-30
defining system identity user 2-31
logging into or exiting 1-8
performing integration for Cisco Secure ACS 2-30
registering Security Manager with Cisco Secure ACS 2-33
understanding user permissions 2-1
Class-Based Policing 14-105
CLI commands
appended commands 19-2
in FlexConfigs 19-2
prepended 19-2
Client Access Rules dialog box
ASA user group objects F-51
Client Configuration settings
ASA user group objects F-44
client connection characteristics
Client Connection Characteristics page G-62
configuring policies for Easy VPN 10-81
Client Firewall Attributes
ASA user group objects F-45
clientless access mode 11-4
client settings
configuring 11-59
understanding 11-58
clock
Cisco IOS routers
overview 14-53
configuring on firewall devices 15-33
clock settings
Cisco IOS routers
Clock Policy page J-79
Clone Device command 3-6
cloning devices
in VPN topologies 10-16
Close Activity command 3-11
cluster load balancing
configuring 11-15
redirection using FQDNs
3DES/AES 11-16
ASA outside IP addresses 11-15
instead of IP addresses 11-16
OS versions supported 11-16
overview 11-15
reverse DNS lookup 11-15
understanding 11-14
CNS
call-home mode 5-10
changing bootstrap password 5-12
deploying configurations 18-25
deployment method 18-12
event-bus mode 5-9
setting up 5-8
setting up on PIX Firewall and ASA devices 5-8
CNS-Configuration Engine Properties dialog box C-11
collectors, NetFlow 15-61
color-coding
keywords
for first ten occurrences 21-86
query results page of MARS 21-86
Combine Rules
Rule Combiner Detail Report I-158
Combine Rules Results Summary dialog box I-155
Combine Rules Selection Summary dialog box I-154
combining rules 12-8
criteria notes 12-9
defining criteria 12-10
summary results 12-11
commands
Activities menu 3-11
Edit menu 3-7
Edit menu, table commands 3-20
File menu 3-6
Help menu 3-12
Map menu 3-9
Policy menu 3-8
Tools menu 3-10
View menu 3-8
Common Services
AAA authentication for
MARS appliance 21-48
licensing 20-4
MARS user account, creating 21-49
MARS user not defined in
policy lookup 21-43
user account not defined in
logging in to MARS 21-43
Common Services roles
policy table lookup from MARS
Help Desk role 21-41
communication
between IEV client and server 21-24
configuration
initial Security Manager 1-10
understanding rollback 18-33
Configuration Archive
adding configurations from devices 18-31
rolling back to archived configuration files 18-39
settings A-2
version viewer N-28
viewing and comparing configuration versions 18-32
window N-26
Configuration Archive command 3-11
Configuration Archive page A-2
configuration changes
and high CPU usage 21-15
configuration files
deploying in non-Workflow mode 18-17
deploying in Workflow mode 18-19, 18-23
deploying to 18-13
deploying to an AUS or CNS 18-25
deploying to a TMS 18-26
deployment process overview 18-2
factory-default configurations 15-1
previewing 18-27
redeploying to devices 18-28
rolling back to archived configurations 18-39
selecting 3-22
configurations
adding to the Configuration Archive 18-31
rollback, commands to recover from failover misconfiguration 18-38
rollback command conflicts 18-37
rolling back 18-33
rolling back Catalyst 6500/7600 18-35
rolling back failover devices 18-34
rolling back IPS and IOS IPS 18-35
rolling back multiple context mode 18-34
rolling back to devices 18-38
understanding out-of-band changes 18-13
viewing and comparing 18-32
configuration views 1-5
Configure DNS dialog box
inspection rules I-49
Configure ESMTP dialog box
inspection rules I-51
Configure Fragments dialog box
inspection rules I-51
Configure Hardware Ports dialog box K-47
Configure IMAP dialog box
inspection rules I-52
Configure POP3 dialog box
inspection rules I-53
Configure RPC dialog box
inspection rules I-54
Configure SMTP dialog box
inspection rules I-49
Config Version Viewer (Preview Configuration) dialog box N-17
connection establishment messages
looking up access rules from MARS 21-34
looking up from access rules
matching a flow 21-75
Connection Profile page (ASA) H-4
connection profiles
configuring 11-17
understanding 11-16
Connection Profiles page H-24
Add/Edit Connection Profile dialog box
AAA tab H-26
Add/Edit Interface Specific Authentication Server Groups dialog box H-29
General tab (ASA) H-24
IPSec tab H-31
SSL tab H-31
Connection Profiles Policy page
Add/Edit Connection Profile dialog box
IPSec tab H-30
connection protocol
between MARS and Security Manager
for policy table lookup 21-34
with device manager 21-4
with MARS 21-52
with Performance Monitor 21-10
connection-related messages
access rule lookup from MARS 21-35
contents 21-30
generated by
ASA devices 21-30
FWSM blades 21-30
outbound traffic, policy lookup 21-45
generation, interval 21-30
ICMP
access rule lookup from MARS events 21-37
management traffic
NP Identity Ifc keyword 21-38
number of matches
for access rule lookup 21-37
TCP
access rule lookup from MARS events 21-37
UDP
access rule lookup from MARS events 21-37
Connection settings
ASA user group objects F-59
connection setup message
and session termination 21-37
common ID with teardown message 21-37
defining 21-37
connection teardown messages
2-minute gap with
connection setup 21-45
and corresponding setup syslog 21-37
direction details 21-37
in a different session from setup 21-45
looking up access rules from MARS 21-34
looking up from access rules
for a traffic flow 21-75
pre-NATed address 21-37
realtime event viewer 21-45
connection timeout
device communication settings A-11
connectivity, testing device 6-16
connectivity failure
from MARS to Security Manager
error message 21-41
connectivity protocol
between Security Manager and MARS
for events lookup 21-71
connectivity test
between MARS and Security Manager
configuring administrative host 21-52
correct credentials 21-52
error message 21-52
failure due to incorrect credentials 21-42
success 21-52
console
Cisco IOS routers
AAA tab J-91
Accounting tab J-94
Authentication tab J-91
Authorization tab J-93
Console Policy page J-88
Setup tab J-89
console port
Cisco IOS routers
defining AAA settings 14-60
defining setup parameters 14-59
console timeout settings
configuring on firewall devices 15-35
Constant Bit Rate (CBR) 14-33
contact credentials
configuring on firewall devices 15-34
contained modules
showing 6-24
content rewrite rules
defining 11-51
understanding 11-51
Content Rewrite tab (ASA) H-104
Context Data events
looking up
from signature policies 21-76
on IPS and IDS sensors
policy query icon and 21-40
Context Editor dialog box (IOS) H-94
contexts
continuity check (CC) cells 14-35
control plane (CP)
defining QoS on 14-112
policing on 14-108
Control Plane Policing 14-108
conventions i-lxiii
Copy command 3-7
Copy Policies Between Devices command 3-8
Copy Policies wizard
Copy Policies from this Device page D-4
Copy Policies to these Devices page D-6
Select Policies to Copy page D-4
understanding D-3
CPU settings
defining utilization settings 14-55
overview 14-55
CPU usage
associated with services 21-16
causes for increase in
configuration change 21-15
debugging 21-16
disabling STP 21-16
excessive ARP requests 21-16
interrupt level 21-16
more VLANs 21-16
processes with high priority 21-16
security issue 21-15
TCP timer 21-16
description 21-15
increase on
Catalyst 6500/6000 switches 21-16
routers 21-16
show logging exec command
checking 21-16
throttles, overloaded router 21-16
CPU utilization
CPU Policy page J-81
Create/Edit Group Policies Dialog Box H-72
Create a Clone of Device dialog box C-25
Create Activity dialog box E-4
Create a Policy dialog box D-18
Create Filter dialog box C-1
Create Overrides for Device dialog box F-459
Create Text Object dialog box O-10
Create VPN Topology wizard G-6
credential objects
creating 9-41
understanding 9-40
credentials
AIM-IPS module C-22
service module C-20
specifying for device manager 21-6
testing 6-16
understanding device 6-4
validation for device manager
error message 21-6
Credentials objects
Credentials dialog box F-63
Credentials page
HTTPS port number
overriding with HTTP policy C-30
Credentials page (Devices) C-29
Credentials page (Policy Objects) F-62
cross-launch authentication settings
for events lookup
disabling saving of credentials 21-82
using MARS login credentials 21-82
using Security Manager credentials 21-82
for policy lookup
allow saving of credentials 21-52
prompting user for credentials 21-52
using MARS credentials 21-52
modifying
to disable saving of Security Manager credentials 21-42
saving in MARS
for Security Manager not added 21-49
cross-launching
Security Manager client
from MARS events 21-33
without secure connection 21-41
crypto engine slot command 10-28
crypto engine slot slot/subslot {inside | outside} command
VRF-Aware IPsec 10-28
crypto maps
dynamic 10-49
in IPsec proposals 10-49
on interface VLANs
IPsec VPN SPAs 10-29
static 10-49
CSDM Policy Editor dialog box H-63
CS-MARS
configuring 1-17
configuring servers A-3
discovering or changing server used by device 6-23
CS-MARS page A-3
authentication, configuring
to query events 21-81
configuring MARS devices
for querying events 21-81
CsmContentProvider file
downloading
during policy lookup 21-57
File Download dialog box
preventing from appearing 21-57
CSMDiagnostics.zip
setting debug options A-6
CSM tab, Licensing page A-26
CSV file
adding devices from
to Performance Monitor 21-13
Customize Desktop Settings page A-5
Custom Protocol dialog box
inspection rules I-50
custom signatures
policy lookup for 21-40
unknown device event type 21-61
Cut command 3-7
D
Daemon Manager
not running on Security Manager
policy table lookup 21-41
restarting after Cisco Secure ACS integration 2-33
database
backing up and restoring 20-13
data polling
CPU usage 21-16
for incremental changes 21-11
VPN tunnel status 21-15
data redundancy
of Security Manager and IEV 21-23
Days of Week dialog box L-53
DCE/RPC policy map objects
creating 9-58
understanding 9-58
DCE/RPC Policy Maps
Add DCE/RPC dialog box F-150
DCE/RPC Maps page F-148
Edit DCE/RPC dialog box F-150
DCR
adding devices from
to Performance Monitor 21-13
DCS properties file, SSH settings 6-23
DDNS
configuring on firewall devices 15-55
DDoS
protocols L-47
Stacheldraht L-47
TFN L-47
dead-peer detection (DPD) 10-53
debugging
configuring debug levels A-6
high CPU usage and 21-16
Debug Options page A-6
defaults, configuring 20-2
Defaults page (ASA) H-17
Defaults page (IOS) H-20
default virtual sensor
vs0 17-10
Delete Device command 3-6
Delete Map command 3-9
Delete Map dialog box B-10
Delete Row command 3-7
Deploy command 3-6
Deploy Job dialog box N-19
deployment
Abort the Job dialog box N-22
Add Other Devices dialog box N-15
Auto Update Server 18-25
Catalyst 6500/7600 devices 18-18
Cisco Networking Services configuration engine 18-25
clearing XLATE on 15-79
configuration files, to 18-13
configurations 18-17
configuring status provider 1-16
creating or editing schedules 18-30
Deploy Job dialog box N-19
Deployment—Create or Edit a Job dialog box N-12
device communication settings 6-21
devices, directly to 18-11
devices, through intermediate server 18-12
Edit Deploy Method dialog box N-14
Edit Selected Deployment Method dialog box N-14
errors
OS version mismatches 18-14
handling OS version mismatches 18-14
IPsec on VPNs
using RADIUS 10-80
managing 18-1
methods 18-10
non-Workflow mode 18-5
Deploy Saved Changes dialog box N-9
of access rule changes
synchronization with device 21-44
out-of-band changes 18-13
process overview 18-2
Redeploy a Job dialog box N-22
Rollback a Job dialog box N-24
rolling back configurations 18-33
rolling back configurations, Catalyst 6500/7600 18-35
rolling back configurations, command conflicts 18-37
rolling back configurations, commands to recover from failover misconfiguration 18-38
rolling back configurations, failover devices 18-34
rolling back configurations, IPS and IOS IPS devices 18-35
rolling back configurations, multiple context mode 18-34
setting debug options A-6
Submit Deployment Job dialog box N-18
suspending or resuming schedules 18-31
system settings A-7
task flow
non-Workflow mode 18-5
Workflow mode 18-7
TMS server 18-26
troubleshooting SSL certificate errors 6-22
understanding 18-1
understanding configuration rollback 18-33
using a Cisco Networking Services (CNS) server 18-25
viewing device details 18-16
viewing job summary 18-16
viewing status and history for jobs and schedules 18-16
Warning - Partial VPN Deployment dialog box N-16
Workflow mode 18-6, 18-19, 18-23
Deployment—Create or Edit a Job dialog box N-12
Deployment Manager window N-3
working with 18-16
Deployment—Create or Edit a Job dialog box N-12
deployment jobs
aborting 18-29
approval 18-9
approving 18-23
creating and editing 18-20
Deployment Manager 18-2
discarding 18-24
including devices in 18-10
multiple users 18-10
redeploying 18-28
rejecting 18-23
states
non-Workflow mode 18-6
Workflow mode 18-8
submitting 18-22
viewing history 18-16
Deployment Manager
overview 18-2
Deployment Manager command 3-10
Deployment Manager window
Deployment Schedules tab N-6
Deployment Manager window in non-Workflow mode N-1
Deployment Manager window in Workflow mode N-3
Deployment Schedules tab N-6
Deployment Settings page A-7
Deployment Status Details dialog box N-20
Deployment Workflow Commentary dialog boxes N-19
Deploy Saved Changes dialog box N-9
DES encryption algorithm
in IKE proposals 10-46
Dest Port Map dialog box L-55
device
admin contexts
deleting from Performance Monitor 21-13
importing into Performance Monitor 21-13
export inventory 6-26
viewing inventory status 6-25
device access
configuring on firewall devices 15-35
device access policies
defining 14-49
device administration policies
configuring on firewall devices 15-26
device authentication
adding SSL thumbprints manually 6-22
SSL certificate default configuration A-13
Device Communication page A-11
device communication settings
connection timeout A-11
managing 6-21
retry count A-12
socket read timeout A-12
device connectivity error
device manager and 21-7
Device Connectivity Test dialog box C-20
device credentials
starting device manager and 21-6
understanding 6-4
Device Credentials page C-16
Device Delete Validation page C-24
device group
adding to Performance Monitor 21-13
definition in Performance Monitor 21-13
Device Grouping page C-23
adding or removing devices 6-31
creating group types 6-30
deleting groups or types 6-31
understanding 6-29
Device Information page - Add Device from File C-14
Device Information page - Configuration File C-7
Device Information page - Network C-4
Device Information page- New Device C-9
device inventory
exporting
DCR and CS-MARS formats 6-26
overview 6-26
using command line utility 6-27
managing 6-1
testing device connectivity 6-16
understanding 6-1
understanding contents 6-3
user interface reference C-1
working with 6-7
device lists
adding sensors 21-25
deleting sensors 21-25
device lookup
for policy query from MARS
discovered devices 21-36
multiple matching hostnames 21-36
parameters passed 21-36
renaming device name 21-36
reporting IP address 21-36
single matching hostname 21-36
without domain name 21-36
device manager
and exiting Security Manager 21-5
and Security Manager communication
enabling HTTPS on the device 21-7
associating user roles and permissions 21-5
Cisco Security Agent
modifying policies 21-6
communicating with Security Manager 21-4
connection protocol 21-4
error message 21-7
exiting 21-7
guidelines for working 21-5
hardware requirements 21-9
instances of 21-5
interception of requests from 21-4
interoperability with device software version 21-9
latest IOS versions, support for 21-6
memory impact on
Security Manager client 21-6
Security Manager server 21-6
multiple instances
from different clients 21-5
on the same client 21-5
out-of-band change and 21-2
preferences across sessions 21-7
prerequisites for starting 21-7
progress of the launch 21-8
read-only view 21-2
running show commands 21-7
starting
one instance per device per client 21-5
starting (procedure) 21-5, 21-7
starting for a device
without image installed 21-5
without management IP address 21-6
starting for virtuals sensors 21-6
starting from Security Manager 21-1
syslog
navigating to Security Manager 21-29
Tools menu
show commands 21-7
uninstalling 21-1
versions supported for device software 21-9
Device Manager command 3-10
device manager image
caching 21-5
default location 21-1
downloading from server 21-5
shipping with Security Manager server 21-1
supported versions (table) 21-9
device manager window
inactive 21-5
minimized 21-5
Device OS Management command 3-11
device OS version
device manager interoperability with 21-9
Device Properties
Credentials page C-29
Device Groups page C-31
General page C-26
Policy Object Override pages
general reference C-32
device properties
changes with policy effects 6-19
changing critical 6-18
image version changes with no policy effects 6-18
understanding 6-5
viewing or changing 6-17
Device Properties command 3-10
Device Properties page
creating object overrides 9-165
deleting a MARS appliance 21-78
deleting overrides 9-167
discovering
MARS 21-78
overview C-26
Device properties page
selecting a MARS device
from a list 21-78
device reachability
description 21-13
viewing from
Inventory Status window 21-14
devices
access rule lookup
from MARS 21-34
added to MARS only
policy lookup 21-44
adding 6-7
adding configurations to the Configuration Archive 18-31
adding from configuration files 6-10
adding from export file 6-13
adding from network 6-8
adding local rules to shared policies 7-29
adding manually 6-11
adding to MARS 21-47
adding to Performance Monitor
from CSV file 21-13
from DCR 21-13
manually 21-13
assigning shared policies 7-28
bootstrapping
for policy lookup 21-47
managed by MARS 21-47
changing critical properties 6-18
cloning or duplicating 6-24
communication requirements 5-1
communication settings and certificates 6-21
configuring local policies 7-20
copying policies between 7-21
copying shared policies 7-31
creating policy object overrides 9-165
deleting from inventory 6-25
deleting policy object overrides 9-167
deployment through intermediate server 18-12
deployment to 18-11
discovered but not submitted
policy lookup, error 21-44
discovering or changing CS-MARS server 6-23
discovering policies 7-11
discovering policies on existing devices 7-14
dynamic IP addresses 6-14
image version changes with no policy effects 6-18
including in deployment jobs N-11
including in deployment jobs or schedules 18-10
including in jobs N-13
inheriting policy rules 7-30
in MARS
multiple matches during policy lookup 21-35
no match during policy lookup 21-35
time synchronization, recommendation 21-46
managed by MARS and Security Manager
running compatible software version 21-46
managed by Security Manager
preparing for policy lookup 21-47
management traffic
between MARS and 21-46
managing operating system 6-28
maps
adding existing managed 4-13
adding new managed 4-12
displaying devices from Device View 4-13
displaying managed 4-12
showing containment for Catalyst switches, ASA, PIX, IPS devices 4-13
mitigation
monitored by MARS 21-46
modifying policy assignment 7-33
modifying shared policies 7-32
monitored by
multiple MARS appliances 21-71
one MARS appliance 21-71
monitoring
enabling and disabling in Performance Monitor 21-13
naming conventions 6-3
not added to MARS
events lookup, error 21-77
notification traffic
between MARS and 21-46
policy status icons 7-19
preparing for management 5-1
property changes with policy effects 6-19
redeploying configuration files to 18-28
renaming policies 7-32
replacing policies 7-28
reporting
monitored by MARS 21-46
rolling back configurations 18-38
sharing multiple policies 7-26
show commands
accessing from device manager 21-7
showing contained modules 6-24
signature policies
unassigned from 21-78
software versions
supported by MARS and Security Manager 21-48
synchronization with
changed policies 21-44
testing connectivity 6-16
unassigning policies 7-22
understanding out-of-band changes 18-13
unsharing policies 7-27
validating
scheduling device validations 21-13
validation by Performance Monitor 21-13
versions supported for policy lookup
by MARS and Security Manager 21-44
viewing configuration
from device manager 21-7
what counts as a device 6-3
with IP address and hostname
for events lookup 21-73
with matching hostname
policy lookup from MARS 21-36
with matching IP address
policy lookup from MARS 21-36
with multiple contexts
Device Properties page 21-36
differing host and context names 21-36
logging configuration 21-39
policy query icon 21-41
reporting IP address in MARS 21-41
setting hostname for policy lookup from MARS 21-36
without a unique match
policy lookup from MARS 21-36
without matching host and domain names
policy lookup from MARS 21-36
Device selector
Access Rules page
for events lookup 21-89
device selector
filtering 3-14
Device view
adding local rules to shared policies 7-29
assigning shared policies 7-28
configuring local policies 7-20
copying policies between devices 7-21
copying shared policies 7-31
editing site-to-site VPN policies in 10-43
inheriting policies 7-30
managing policies 7-18
managing VPN devices in 10-42
modifying policy assignments 7-33
modifying shared policies 7-32
overview 1-5
policy banner 7-24
policy status icons 7-19
renaming policies 7-32
sharing local policies 7-25
sharing multiple policies 7-26
Site-to-Site VPN Topologies page G-65
unassigning policies 7-22
understanding basic policy management 7-19
understanding shared policies 7-23
unsharing policies 7-27
device view
remote access VPNs
managing 11-8
understanding 6-1
Device View command 3-8
DHCP
Cisco IOS routers
defining address pools 14-82
defining policies 14-81
DHCP Database dialog box J-128
DHCP Policy page J-126
IP Pool dialog box J-129
overview 14-78
understanding database agents 14-79
understanding option 82 14-80
understanding relay agents 14-79
understanding secured ARP 14-80
PIX/ASA/FWSM
configuring DHCP relay 15-51
configuring DHCP servers 15-52
diagnostics
setting debug options A-6
diagnostics file, creating 20-13
dial backup
configuring 10-25
configuring in Easy VPN 10-73
Dial Backup Settings dialog box G-23
understanding 10-24
dialer interfaces
defining BRI properties 14-25
defining profiles 14-23
Dialer Physical Interface dialog box J-31
Dialer Policy page J-28
Dialer Profile dialog box J-30
on Cisco IOS routers 14-23
Diffie-Hellman groups
in IKE proposals 10-46
Digital Subscriber Line (DSL) 14-26
digital subscriber line-access multiplexer (DSLAM) 14-26
directed broadcasts
enabling J-26
Discard Activity command 3-12
Discard Activity dialog box E-7
Discard command 3-6
Discard Deployment Job dialog box N-19
discovering
MARS
after deleting 21-78
saving setting across instances 21-78
MARS device
before events lookup 21-71
during events lookup 21-71
discovering remote access VPNs 11-7
discovering site-to-site VPNs 10-11
Discover VPN Policies wizard G-66
Discover Policies on Device command 3-8
Discover Policies On Device dialog box D-11
Discover VPN Policies command 3-8
Discover VPN Policies wizard G-66
Device Selection page G-68
Name and Technology page G-67
discovery
default behavior settings A-16
in MARS
devices that do not allow 21-36
devices that support 21-36
Map View 4-25
of MARS
into Security Manager 21-78
overview 1-7
setting debug options A-6
Discovery Settings page A-16
Discovery Status dialog box D-13
discovery task
frequently asked questions 7-16
starting 7-14
viewing status 7-15
Display Actual Size command 3-9
Distributed Denial of Service
Distributed Traffic Shaping (DTS) 14-105
DMVPN (Dynamic Multipoint VPN)
advantages of using with GRE 10-68
configuring policies 10-69
IPsec technology 10-5
large scale DMVPNs
configuring 10-72
understanding 10-71
understanding 10-68
using with GRE 10-68
DNS
configuring on firewall devices 15-54
DNS/WINS settings
ASA user group objects F-57
DNS class map objects
Add DNS Class Map dialog box F-71
creating 9-48
Edit DNS Class Map dialog box F-71
match criterion
DNS class F-74
DNS type F-75
domain name F-75
header flag F-76
question F-77
resource record F-78
DNS Class Maps page F-70
DNS policy map objects
Add DNS Map dialog box F-152
creating 9-60
DNS Maps page F-151
Edit DNS Map dialog box F-152
Filtering tab F-155
match condition
DNS class F-161
DNS type F-162
domain name F-163
header flag F-164
question F-165
resource record F-166
use values in class map F-167
Match Condition and Action tab F-157
Mismatch Rate tab F-156
Protocol Conformance tab F-153
understanding 9-59
Dock Map View command 3-9
documentation
conventions i-lxiii
Domain Name System (DNS)
Cisco IOS routers
defining policies 14-71
DNS Policy page J-119
IP Host dialog box J-120
overview 14-70
do not ask warnings, resetting A-5
Drill Down Dialog table
description 21-28
DSLAM 14-26
duplex
interface K-48
dynamic access policies
configuring 11-18
understanding 11-17
dynamic access policy (DAP) attributes
configuring 11-23
understanding 11-20
Dynamic Access Policy page
Add/Edit Dynamic Access Policy dialog box
Add/Edit DAP Entry dialog box H-43
Add/Edit DAP Entry dialog box > AAA Attributes Cisco H-46
Add/Edit DAP Entry dialog box > AAA Attributes LDAP H-47
Add/Edit DAP Entry dialog box > AAA Attributes RADIUS H-48
Add/Edit DAP Entry dialog box > Anti-Spyware H-49
Add/Edit DAP Entry dialog box > Anti-Virus H-50
Add/Edit DAP Entry dialog box > Application H-51
Add/Edit DAP Entry dialog box > File H-52
Add/Edit DAP Entry dialog box > NAC H-53
Add/Edit DAP Entry dialog box > Operating System H-54
Add/Edit DAP Entry dialog box > Personal Firewall H-55
Add/Edit DAP Entry dialog box > Policy H-56
Add/Edit DAP Entry dialog box > Process H-57
Add/Edit DAP Entry dialog box > Registry H-58
Advanced Expressions tab H-62
Logical Operators tab H-59
Main tab H-38
Dynamic Access policy page (ASA) H-35
Add/Edit Dynamic Access Policy dialog box H-37
Cisco Secure Desktop Manager Policy Editor dialog box H-63
dynamic crypto maps 10-49
dynamic IP devices
GRE for 10-65
dynamic NAT
creating rules on Cisco IOS routers 14-11
dynamic VTI
configuring in Easy VPN 10-74
Dynamic VTI tab (site-to-site VPN) G-54
in remote access VPNs 11-38
Dynamic VTI/VRF Aware IPsec settings tab H-86
E
Easy VPN
Advanced tab G-60
client connection characteristics 10-81
Client VPN Software Update tab G-61
configuring dial backup in 10-73
configuring dynamic VTI in 10-74
configuring high availability in 10-74
Dynamic VTI tab G-54
General tab G-57
IPsec Proposal page G-51
Dynamic VTI tab G-54
IPsec Proposal tab G-51
IPsec proposals 10-76
IPsec tab G-59
IPsec technology 10-5
tunnel group policies 10-79
Tunnel Group Policy page G-56
understanding 10-73
user group policies 10-78
User Group Policy page G-55
Edit AAA Option dialog box I-72
Edit AAA Rules dialog box I-59
Edit AAA Server Group dialog box I-74
Edit Actions dialog box L-7
Edit Auto Update Settings dialog box A-21
Edit Category dialog box
AAA rules I-74
access rules I-20
inspection rules I-55
transparent rules I-105
web filter rules I-90
Edit Deploy Method dialog box N-14
Edit Description dialog box
AAA rules I-75
access rules I-21
inspection rules I-56
transparent rules I-105
web filter rules I-91
Edit Destinations dialog box I-13
AAA rules I-66
inspection rules I-41
web filter rules I-84
Edit Device Groups command 3-6
Edit Device Groups dialog box C-34
Edit Endpoints dialog box G-12
Protected Networks tab G-18
VPN Interface tab G-12
Edit Extended Access List page F-26
Edit Fidelity dialog box L-9
Edit Firewall Option dialog box I-17
Edit Firewall Rule dialog box I-4
Edit Firewall Rule Expiration dialog box I-21
Edit Inspected Protocol dialog box I-47
Edit Interface dialog box
AAA rules I-70
transparent rules I-104
Edit menu 3-7
Edit menu, table commands 3-20
Edit Permit Response dialog box F-204
Edit Policy Assignments command 3-8
Edit Regular Expression dialog box F-336
Edit Regular Expression Group dialog box F-333
Edit Row command 3-7
Edit Rule Section dialog box I-127
Edit Selected Deployment Method dialog box N-14
Edit Service dialog box
access rules I-15
web filter rules I-86
Edit Signature dialog box L-3
Edit Signature Parameter—Component List dialog box L-48
Edit Signature Parameter—List Entry Dialog Box L-48
Edit Signature Parameters dialog box L-10
Edit Signatures page, Apply IPS Update wizard A-25
Edit Sources dialog box I-11
AAA rules I-64
inspection rules I-39
web filter rules I-82
Edit Standard Access Control Entry dialog box F-34
Edit Standard Access List page F-32
Edit state 8-4
Edit Transparent EtherType dialog box I-102
Edit Transparent Firewall Rule dialog box I-100
Edit Transparent Mask dialog box
transparent rules I-103
Edit Update Server Settings dialog box A-20
Edit Virtual Sensor dialog box L-98
Edit Web Access Control Entry dialog box F-39
Edit Web Filter Options dialog box I-89
Edit Web Filter Type dialog box I-88
Edit WebType Access List page F-37
EIGRP routing
defining interface properties 14-124
defining routes 14-123
Edit Interfaces dialog box J-172
EIGRP Routing Policy page J-169
Interface dialog box J-173
Interfaces tab J-172
on Cisco IOS routers 14-122
redistributing routes 14-126
Redistribution Mapping dialog box J-175
Redistribution tab J-174
Setup dialog box J-171
Setup tab J-170
e-mail notifications
configuring SMTP server 1-12
enabling
HTTPS on the device
for starting device manager 21-7
encoding rules
defining 11-53
understanding 11-52
Encoding tab (ASA) H-106
encryption algorithms
3DES (Triple DES) 10-46
AES (Advanced Encryption Standard) 10-46
DES (Data Encryption Standard) 10-46
in IKE proposals 10-46
endpoints and protected networks
defining in VPN topologies 10-18
Protected Networks tab G-18
understanding 10-17
VPN Interface tab G-12
error message
events lookup from policies
MARS appliance not configured 21-77
IEV server installation 21-25
testing connectivity
between MARS and Security Manager 21-52
error messages
device manager-related
connectivity to the device 21-7
credentials validation 21-6
hostname not configured 21-7
SSL not enabled on the device 21-7
starting a second instance 21-7
events lookup from policies
authentication failure 21-71
device not added to MARS 21-77
HTTPS not enabled on Security Manager 21-77
MARS appliance is shut down 21-77
MARS unreachable during discovery 21-78
Security Manager user not in MARS database 21-78
policy table lookup from MARS
access rules not on device 21-45
addition of multiple Security Managers to Local Controller 21-41
changed Security Manager credentials not updated in MARS 21-42
connection setup syslog unavailable 21-45
connection teardown events in realtime viewer 21-45
connectivity to Security Manager 21-41
Daemon Manager not running on Security Manager 21-41
device added to MARS only 21-44
discovered but unsubmitted devices 21-44
empty access rules 21-44
HTTPS not enabled on Security Manager 21-41
implicit permit statement in access rules 21-45
incorrect Security manager login credentials 21-42
management traffic events 21-45
modal dialog box open 21-43
modified signature on device 21-46
RPC connection failure 21-44
unsynchronized changes 21-44
ESMTP policy map objects
Add ESMTP Map dialog box F-170
Add Match Condition and Action tab F-172
creating 9-62
Edit ESMTP Map dialog box F-170
Edit Match Condition and Action tab F-172
ESMTP Maps page F-168
match condition
Body Length F-173
Body Line Length F-174
Command Line Length F-177
Command Recipient Count F-176
Commands F-175
EHLO Reply Parameters F-178
Header Length F-179
Header Line Length F-180
Invalid Recipients Count F-182
MIME Encolding F-185
MIME Filename Length F-184
MIME File Type F-183
Sender Address F-186
Sender Address Length F-187
To Recipients Count F-181
Parameters tab F-170
understanding 9-61
EtherChannel
Create and Edit IDSM EtherChannel VLANs dialog boxes M-31
defining IDSM VLANs 16-16
deleting IDSM VLANs 16-17
Ethereal
description 21-25
location 21-25
evaluation license
upgrading to permanent license 20-3
event action filter
configuring
during policy table lookup from MARS 21-35
saving as a local policy 21-62
Event Action Filters page L-59
Event Action Filters tab
described L-68
Event Action Override dialog box L-63
Event Action Overrides page L-62
Event Action policies L-58
Event Browser window
viewing VPN tunnel status 21-14
event data
Inventory Status window 21-12
network outage 21-11
overwriting older events 21-11
persisting new events 21-11
restarting Daemon Manager 21-11
viewing in real time 21-27
events
categories
failure 21-20
performance 21-20
definition 21-12
examining
generated by access rule 21-71
generated by signature 21-71
in MARS
caching, sessionization 21-44
identifier 21-72
in MARS, generated by
access rules 21-35
connection setup/teardown 21-35
IPS signatures 21-35
management traffic 21-45
in MARS, identifying
for access rule lookup 21-54
logs
countering security threats 21-68
editing policies 21-68
querying for
from access rule table 21-71
threshold 21-12
thresholds, working with 21-20
events lookup
ACE hashcodes 21-73
adding MARS
to Security Manager 21-81
advantages 21-68
browser settings 21-79
caching
MARS credentials 21-78
device software versions
supported for 21-48
discovering MARS devices 21-71
for the first time
prompting for MARS credentials 21-88
from access rules
hashcodes 21-75
object grouping 21-78
optimization enabled 21-78
prepopulated fields in Query page 21-72
with NAT 21-74
with PAT 21-74
from default signatures 21-78
from policies
checklist 21-79
for multiple contexts 21-77
guidelines 21-77
historical events, overview 21-73
overview 21-68
realtime event viewer 21-74
reusing discovered MARS 21-78
with added and reachable devices 21-73
from signatures
for virtual sensors 21-73
Query page 21-73
with multiple selections 21-73
HTTPS connection 21-71
Login to CS-MARS dialog box
from Access Rules page 21-89
from Signatures page 21-89
MARS session timeout
and user credentials 21-88
matching a flow
fields passed to MARS 21-76
matching an access rule 21-75
realtime events
most current data 21-74
taskflow 21-71
XML queries
from Security Manager to MARS 21-73
event threshold
configuring (procedure) 21-20
creating, guidelines 21-20
recording, alarm 21-20
event type
configuring for service 21-18
enabling threshold 21-18
supported for service type 21-18
event types
in MARS
definition 21-72
predefined 21-72
matching rules
for deny ACEs 21-75
for permit ACEs 21-75
Exclusive Domain Name dialog box
web filter rules I-97
exclusive domains
adding (IOS) 12-76
deleting (IOS) 12-78
editing (IOS) 12-78
Exclusive Domains tab
web filter rules I-94
Exit command 3-7
exiting
Cisco Security Management Suite server 1-8
CiscoWorks Common Services 1-8
device manager 21-7
IEV client 21-24
Expanded Details Dialog table
description 21-28
export
device inventory 6-26
Export Inventory command 3-10
Export Inventory dialog box C-33
Export Map command 3-9
Extended tab F-24
Add Extended Access List page F-26
Edit Extended Access List page F-26
External Product Interface dialog box L-82
External Product Interface page L-81
F
factory-default configurations 15-1
failover
link 15-43
PIX/ASA/FWSM
active/standby 15-44
configuring 15-43
configuring on 15-47
stateless 15-44
types of 15-44
understanding 15-43
failure metric
configuring threshold 21-20
false positives
definition of 13-11
minimizing
signature tuning 21-40
tuning signatures 21-40
feature sets 1-3
File Download dialog box
policy table lookup
from MARS events 21-57
preventing from appearing 21-57
File menu 3-6
file objects
creating 9-43
understanding 9-42
file objects page F-64
files
deploying to 18-13
selecting or specifying 3-22
Filter Item dialog box L-60
filters
defined using signature categories 13-15
filtering selectors 3-14
filtering tables 3-17
find and replace
defining criteria 12-15
notes 12-13
understanding regular expressions 12-14
using 12-12
Find and Replace page I-128
Finding CS-MARS Device dialog box
discovery, aborting 21-84
progress of discovery 21-84
Find Map Node command 3-9
Find Node dialog box B-10
Firewall AAA IOS Timeout Value Setting dialog box I-121
Firewall AAA MAC Exempt Setting dialog box I-117
Firewall ACL Setting dialog box I-109
Firewall Device dialog box L-92
firewall devices
policy discovery 7-12
firewall policy properties 12-2
firewall service module (FWSM)
including in deployment jobs N-11, N-13
firewall services
AAA rules
adding 12-60
understanding 12-59
access rules
adding 12-40
deleting 12-47
disabling 12-45
editing 12-43
enabling 12-45
logging events for an ACE 12-40
moving down 12-46
moving up 12-46
notes 12-39
recognizing on devices 12-38
ACL names
conflicts and resolutions 9-34
generating 9-32
identifying original 9-34
naming conventions 9-32
notes 9-35
preserving user-defined 9-30
analysis reports 12-4
generating 12-6
Combine Rules
Rule Combiner Detail Report I-158
Combine Rules Results Summary dialog box I-155
Combine Rules Selection Summary dialog box I-154
combining rules 12-8
criteria notes 12-9
defining criteria 12-10
summary results 12-11
find and replace
defining criteria 12-15
notes 12-13
understanding regular expressions 12-14
using 12-12
Find and Replace page I-128
firewall settings
access list compilation 12-90
configuring settings 12-92, 12-94, 12-96, 12-103
firewall ACL 12-93
for (PIX/ASA) 12-96
for IOS 12-100
per user downloadable ACLs 12-88
hit count
changing displayed results 12-20
changing displayed results, filtering columns 12-21
generating reports 12-17
sorting columns 12-21
understanding 12-16
understanding report results 12-18
viewing details 12-22
importing rules 12-22
extended access list 12-23
how to 12-25
notes 12-23
standard access list 12-24
Import Rules
Show Destination Contents dialog box I-139
Show Interface Contents dialog box I-140
Show Service Contents dialog box I-139
Show Source Contents dialog box I-138
Import Rules - Enter Parameters dialog box I-132
Import Rules - Preview page I-134
Objects tab I-137
Rules tab I-135
Import Rules - Status page I-133
inspection rules
custom destination ports 12-51
default inspection traffic 12-50
deleting 12-58
destination address and port (IOS) inspection rules 12-52
disabling 12-56
editing 12-55
enabling 12-56
moving down 12-57
moving up 12-57
source and destination address and port 12-53
supported features 12-95
managing 12-1
managing rules tables 12-3
Map View 4-16
object groups
expanding during discovery 12-36
optimizing ACLs 12-33
caveats 12-35
notes 12-34
optimizing policy objects
in rules 12-35
notes 12-36
policy query
generating reports 12-27
report results 12-27
understanding 12-26
policy query details example 12-30
policy query parameters 12-28
policy query results table 12-28
rule sections
Add Rule Section dialog box I-127
Edit Rule Section dialog box I-127
rule table sections
adding 12-31
adding to an existing section 12-32
editing 12-32
notes 12-31
removing an existing section 12-32
removing from an existing section 12-32
understanding 12-30
Firewall Services Module (FWSM)
See also PIX/ASA/FWSM Platform policies
configuring with VPNSM 10-33
FWSM blades 10-32
FWSM tab (site-to-site VPN) G-19
understanding configuration 10-32
firewall settings
AAA firewall I-112
advanced setting I-112
Access Control page I-106
access controls
access list compilation 12-90
object group search 12-86
per user downloadable ACLs 12-88
AuthProxy General tab (IOS) I-119
AuthProxy page I-118
AuthProxy Timeout tab (IOS) I-121
configuring settings
firewall ACL 12-93
Firewall AAA IOS Timeout Value Setting dialog box I-121
Firewall AAA MAC Exempt Setting dialog box I-117
Firewall ACL Setting dialog box I-109
Inspection page I-111
Web Filter page I-123
Web Filter Server Configuration dialog box I-126
Firewall tab L-91
Fit to Window command 3-9
FlexConfig Editor dialog box O-8
FlexConfig objects
deleting 19-30
duplicating 19-27
editing 19-28
generating usage reports for 19-30
viewing details 19-29
FlexConfig object variables
deleting 19-33
FlexConfig policies O-1
understanding 19-22
FlexConfig Policy page O-1
FlexConfig Policy Preview dialog box O-6
FlexConfigs
adding 19-31
CLI commands in 19-2
creating (scenario) 19-22
deleting 19-32
example 19-5
managing 19-1
previewing 19-33
reordering 19-32
scripting language
understanding 19-2
working with 19-25
FlexConfigs objects page O-7
FlexConfig system variables
understanding 19-10
FlexConfig Undefined Variables dialog box O-11
Flood engine
described L-23
floodguard 15-76
Flood Host engine
parameters (table) L-23
Flood Net engine
parameters (table) L-24
FQDN
redirection using
cluster load balancing and 11-15
fragmentation
in remote access VPNs 11-28
in site-to-site VPNs
General Settings tab G-36
understanding 10-55
maximum transmission unit (MTU) 10-55
path MTU discovery and 10-29
fragments settings 15-76
frequently asked questions
policy discovery 7-16
FTP class map objects
Add FTP Class Map dialog box F-80
Add Match Criterion dialog box F-81
creating 9-49
Edit FTP Class Map dialog box F-80
Edit Match Criterion dialog box F-81
FTP Class Maps page F-79
match criterion
filename F-83
file type F-84
request command F-82
server F-85
username F-86
FTP policy map objects
creating 9-64
FTP Maps page F-188
match condition
filename F-194
file type F-195
request command F-193
server F-196
username F-197
use values in class map F-198
Match Conditions and Actions tab F-191
Parameters tab F-190
understanding 9-63
full mesh topologies
description 10-4
diagram 10-4
full tunnel client access mode 11-5
FWSM
See Firewall Services Module (FWSM)
access rule lookup
from MARS 21-34
credentials C-20
multiple contexts
MARS events lookup 21-77
policy discovery 7-12
rollback, commands to recover from failover misconfiguration 18-38
rollback command conflicts 18-37
rollback restrictions for failover devices 18-34
rollback restrictions for multiple context mode 18-34
setting up SSL (HTTPS) 5-3
supported software versions
for policy and events lookup 21-48
syslog messages
looking up Access Rules page 21-30
with multiple contexts
and policy lookup from MARS 21-36
prerequisite for policy table lookup 21-36
FWSM devices
adding SSL thumbprints manually 6-22
SSL certificate configuration A-13
G
Gateway and Context page H-12
gateways
intermediate
allowing flows between MARS and devices 21-46
General Configuration tab L-79
General page, device properties C-26
general settings
configuring 11-44
General Settings tab H-69
General sub-tab L-54
General tab L-85
General tab (IOS) H-94
Global Controller
adding to
Security Manager 21-77
policy query icon for events 21-41
policy table lookup and 21-41
viewing Security Manager server from 21-41
zone planning for
Security Manager mapping 21-49
global settings
configuring 11-28
understanding 11-27
Global Settings page H-65
GRE (generic routing encapsulation)
advantages of IPsec tunneling with GRE 10-63
configuring policies 10-66
for devices with dynamic IP 10-65
GRE Modes page G-42
implementation 10-63
IPsec technology 10-5
prerequisites for successful configuration 10-64
understanding in site-to-site VPNs 10-63
using DMVPN with 10-68
GRE Dynamic IP
configuring policies 10-66
for dynamically addressed spokes 10-65
IPsec technology 10-5
group policies
understanding 11-30
Group Policies page H-71
groups
adding or removing devices 6-31
creating 6-31
deleting 6-31
understanding 6-29
working with 6-28
group types
creating 6-30
deleting 6-31
GTP map objects
Add Country Network Codes dialog box F-203
Add Permit Response dialog box F-204
Edit Country Network Codes dialog box F-203
Edit Permit Response dialog box F-204
GTP Map Timeouts dialog box F-205
GTP Map Timeouts dialog box F-205
GTP policy map objects
Add GTP Map dialog box F-200
creating 9-66
Edit GTP Map dialog box F-200
GTP Maps page F-199
GTP Map Timeouts dialog box F-205
match condition
access point name F-208
message ID F-209
message length F-210
version F-211
Match Condition and Action tab F-206
Parameters tab F-201
understanding 9-65
H
H.323 class map objects
Add H.323 Class Map dialog box F-88
Add Match Criterion dialog box
Called Party F-90
Calling Party F-91
Media Type F-92
creating 9-51
Edit H.323 Class Map dialog box F-88
Edit Match Criterion dialog box
Called Party F-90
Calling Party F-91
Media Type F-92
H.323 Class Maps page F-87
H.323 policy map objects
Add H.323 Map dialog box F-213
Match Condition and Action tab F-216
Parameters tab F-214
Add HSI Endpoint IP Address dialog box F-216
Add HSI Group dialog box F-215
creating 9-68
Edit H.323 Map dialog box F-213
Match Condition and Action tab F-216
Parameters tab F-214
Edit HSI Endpoint IP Address dialog box F-216
Edit HSI Group dialog box F-215
H.323 Maps page F-211
match parameters
called party F-217
calling party F-218
media type F-219
use values in class map F-220
understanding 9-68
Hardware Client Attributes
ASA user group objects F-48
hardware requirements
for device manager 21-9
hash algorithms
in IKE proposals 10-46
MD5 10-46
SHA 10-46
hashcodes
ACE
accuracy of syslog matches 21-75
ASA 7.0 and later 21-73
PIX 7.0 and later 21-73
supported device OS versions 21-75
as a keyword
in MARS query criteria 21-75
exceeding 10000
error message during events lookup 21-76
in large access rules
looking up events 21-76
not supported in syslogs
events lookup 21-79
warning message
for devices that do not support 21-84
help
accessing 3-22
Help About This Page command 3-12
Help Desk role
modifying policy
from read-only policy table 21-49
help desk user role 2-17
helper addresses 14-20
Help menu 3-12
Help Topics command 3-12
Hide Navigation Window command 3-9
high availability
of Security Manager and IEV 21-23
high availability (HA groups)
configuring in Easy VPN 10-74
configuring in site-to-site VPN 10-41
High Availability page (site-to-site VPN) G-24
in remote access VPNs 11-41, 11-42
prerequisites 10-40
stateful failover 10-39
stateless failover 10-39
understanding in site-to-site VPN 10-39
High Availability page H-90
high availability policies
configuring 11-42
understanding 11-41
Histogram dialog box L-55
historical events
filtering time 21-72
forensic analysis tools 21-73
looking up
from signature policies 21-87
lookup, fields populated
in query criteria results 21-71
lookup from access rules
connection-related messages 21-75
matching a flow 21-75
matching a rule 21-75
matching destination 21-84
matching source 21-84
lookup from policies
running query manually 21-72
matching
destination 21-84
flow 21-84
for the last 10 minutes 21-71
rule 21-84
source 21-84
overview 21-73
policy lookup
error message 21-44
querying for
Query Criteria Result page 21-71
sessionizing data 21-73
historical events lookup
device versions
supported for 21-48
hit count
changing displayed results 12-20
filtering columns 12-21
sorting columns 12-21
viewing details 12-22
generating reports 12-17
understanding 12-16
understanding report results 12-18
Hit Count page I-150
home page
ASDM, viewing 21-4
PDM, viewing 21-3
SDM, viewing 21-4
hostnames
Cisco IOS routers
defining 14-72
Hostname Policy page J-121
overview 14-72
hostname settings
configuring on firewall devices 15-49
hosts
adding Security Manager on
a new one 21-50
an existing one 21-50
HSRP 15-25