User Guide for Cisco Security Manager 3.2.1
Using Map View
Download this chapter
Using Map ViewUsing Map View
Download the complete book
User Guide for Cisco Security Manager 3.2.1 - Whole Book PDFUser Guide for Cisco Security Manager 3.2.1 - Whole Book PDF (PDF - 36 MB)
give_us_feedback

Table Of Contents

Using Map View

Understanding Maps

Working With Maps

Access Permissions for Maps

Creating Maps

Saving Maps

Opening Maps

Deleting Maps

Exporting Maps

Navigating Maps

Using the Navigation Window

Panning Maps

Changing the Zoom Level of Maps

Selecting Map Elements

Centering Map Elements

Using Map Layouts

Undocking the Map Window

Searching for Map Elements

Refreshing Maps

Using Linked Maps

Using the Default Map

Changing the Map Background Color

Working With Map Background Images

Importing Map Background Images

Setting Map Background Images

Deleting Map Background Images

Using Background Image Coordinates and Scale

Displaying Your Network on the Map

Understanding Map Elements

Displaying Managed Devices on the Map

Adding a New Managed Device to the Map

Displaying an Existing Managed Device on the Map

Showing Containment of Catalyst Switches, Firewalls, and Adaptive Security Appliances

Displaying Devices on the Map from the Device View

Using Map Objects To Represent Network Topology

Adding Map Objects

Deleting Map Objects

Displaying Layer 3 Links on the Map

Creating Layer 3 Links

Deleting Layer 3 Links

Understanding Automatic Layer 3 Connectivity Display

Managing Firewall Services in Map View

Managing Firewall Policies (Map View)

Managing Firewall Access Rules (Map View)

Managing Firewall Inspection Rules (Map View)

Managing Firewall AAA Rules (Map View)

Managing Web Filter Rules (Map View)

Managing Firewall Transparent Rules (Map View)

Managing Firewall Settings (Map View)

Managing Firewall Access Control Settings (Map View)

Managing Firewall Inspection Settings (Map View)

Managing AuthProxy Firewall Settings (Map View)

Managing Web Filter Settings (Map View)

Managing VPNs in Map View

Creating VPN Topologies (Map View)

Creating a Point-to-Point VPN Connection

Creating Full Mesh or Hub and Spoke VPNs (Map View)

Editing VPN Policies From the Map

Editing VPN Peers From the Map

Displaying Existing VPNs on the Map

Adding and Removing VPN Tunnels on the Map

Listing VPN Peers on the Map

Managing Device Policies in Map View

Copying Policies Between Devices (Map View)

Sharing Device Policies (Map View)

Cloning Devices (Map View)

Previewing Device Configuration

Discovering Device Configurations


Using Map View

The following topics describe how to use the Map view:

Understanding Maps

Working With Maps

Displaying Your Network on the Map

Managing Firewall Services in Map View

Managing VPNs in Map View

Managing Device Policies in Map View

Understanding Maps

The Security Manager Map view provides a graphical view of your VPN and Layer 3 network topology.

Using the map view, you can investigate details of your VPN configuration graphically. Topological display of tunnels enables you to easily derive the relationship among multiple VPN configurations (for example, a hierarchical VPN). You can group devices to achieve a more complete picture of your VPN configuration. This is useful in situations where a hub failover pair is a peer with hundreds of spokes.

You can represent your Layer 3 network topology graphically, populating it with managed devices (called device nodes). You can make the picture of the topology more complete by adding unmanaged objects (called map objects) such as devices, clouds, and networks. For large networks, you can choose to simplify the topology graph by incorporating only a portion of the overall topology. You can save the topology maps for future use.

You can save multiple topology maps to reflect your network's geographical or functional organization. You can link a saved map to a node on a parent map, so that from the parent map you can drill down to the linked map with more detailed information (for more information, see Using Linked Maps). Saved maps are shared among all users who have the necessary access privileges.

You can launch other Security Manager features from the map view. In some cases, you can simplify the use of features by selecting nodes from the map before you start another feature. For example, you can select multiple nodes, then create a VPN that includes those nodes as members.

Working With Maps

A map is a representation of a portion of your network. You can create and save multiple maps to address your network management needs. To work with any map, you must be in Map view (select View > Map View).

After you create and save a map, the map is available to all users on the system that have at least read privileges to all the devices on the map. Users that do not have read privileges to a device on a map do not see the map in the list of existing maps when they try to open a map. For more information, see Access Permissions for Maps.

You can only have one map open at a time. If a map is open and you create a new map or open an existing map, you are prompted to save or discard any unsaved changes that you made to the current map.

Multiple users can open and modify a map at the same time. When a user saves changes to a map, any other users who are using the map are notified and have the option to do one of the following:

Update their map to the version saved by the other user, losing any changes they have made.

Save their version of the map as a new map, preserving any changes they made.

The following topics describe how to manage maps:

Access Permissions for Maps

Creating Maps

Saving Maps

Opening Maps

Deleting Maps

Exporting Maps

Access Permissions for Maps

Access to maps is controlled, based on two systems of user privileges:

Device privileges—You must have at least read privileges to all the devices in a map to open the map.

Map privileges—Access to maps is based on your Security Manager user role. There are two levels of map access:

Read-only—You can open maps, but you cannot modify them. If you have this map privilege level, the features for modifying maps are not available.

Read-write—You can modify maps. All map modification features are available.

Related Topics

Working With Maps

Understanding Map Elements

Creating Maps

To create a new map, select Map > New Map. You must already be in Map view (select View > Map View).

New maps do not contain any elements. For information about adding elements to a map, see Displaying Your Network on the Map

Related Topics

Working With Maps

Understanding Map Elements

Saving Maps

To save the active map, select Map > Save Map.

Any changes that you made since you last saved it are saved. If you did not save the map previously, the Save Map As dialog box opens, enabling you to assign a name to the map and save it.

If you close a map that contains unsaved changes, you are prompted to save the changes.

If your Security Manager session closes automatically because of inactivity when a map is open with unsaved changes, the current version of the map is saved if it has a name. If you have not yet saved the map, the map is discarded. For example, if you generate the default map, or create a new map, and do not save it before your session times out, you cannot retrieve that map.

Related Topics

Save Map As Dialog Box, page B-9

Working With Maps

Understanding Map Elements

Opening Maps

You can open any map that you have created. You can also open any map that another user has created, provided you have the requisite permission settings with regard to the devices shown on that map.

Before You Begin

You must be in Map view to open a map. Select View > Map View.

Related Topics

Open Map Dialog Box, page B-9

Working With Maps

Understanding Map Elements

Step 1 Select Map > Open Map. The Open Map dialog box opens.

Step 2 Select a map from the Available Maps list and click OK.

Deleting Maps

If you no longer need a map, you can delete it (presuming that you have edit permission). Deleting a map does not delete any devices or VPNs shown on the map, nor does it delete or modify their configurations; only the map is deleted.

Caution When you delete a map, it is permanently deleted from the server. Other users cannot use the deleted map.

Before You Begin

You must be in Map view to delete a map. Select View > Map View.

Related Topics

Working With Maps

Understanding Map Elements

Step 1 Select Map > Delete Map. The Delete Map dialog box appears.

Step 2 Select the map to delete from the Available Maps list.

Step 3 Click OK.

Step 4 In the confirmation dialog box, click Yes.

The map is deleted.

Exporting Maps

You can export a map to an scalable vector graphics (SVG) image file for use outside of Security Manager.

Note You can import the SVG image file into Microsoft Visio Professional 2003, where you can modify and print the file.

Before You Begin

You must be in Map view to export a map. Select View > Map View.

Related Topics

Working With Maps

Understanding Map Elements

Step 1 Select Map > Export Map. The Export Topology Map to SVG dialog box opens.

Step 2 Browse to the location in which to save the file.

Step 3 Enter a filename in the File name field.

Note As SVG is the only file type currently supported, you can ignore the Save as type field.

Step 4 Click Save.

The map file is saved, in SVG format, to the location you indicated.

Navigating Maps

Several methods of navigating within a map enable you to see the portion of the map that you want, at the level of detail that you want.

The following topics describe how to navigate within a map:

Using the Navigation Window

Panning Maps

Changing the Zoom Level of Maps

Selecting Map Elements

Centering Map Elements

Using Map Layouts

Using the Navigation Window

The navigation window displays a smaller version of the entire active map. The shaded rectangle defines the area of the map that is currently displayed.

Use the navigation window to select the portion of the map to view and to change the map zoom level.

To toggle the display of the navigation window on and off, select Map > Show/Hide Navigation Window.

To pan the navigation control to select which portion of the map to display, click within the shaded rectangle and drag it to a new location.

To change the zoom level, click and drag one of the resizing handles in the corners of the shaded rectangle to increase or decrease the area of the map displayed.

The title bar in the navigation window displays the name of the map. If the map has unsaved changes, an asterisk (*) appears next to the map name.

Related Topics

Navigating Maps

Panning Maps

You can pan the map to select the portion of the map to display, using any of the following methods:

Click the Pan Map toolbar button, then click and hold anywhere on the map and drag the cursor.

Use the vertical and horizontal scroll bars that are available if the entire map does not fit in the visible page.

Click and drag the shaded rectangle in the navigation window.

Related Topics

Navigating Maps

Using the Navigation Window

Changing the Zoom Level of Maps

You can change the zoom level of the map to select how much of the open map to display.

To change the zoom level of the map in predefined increments:

To zoom in on the map, select Map > Zoom In, or click the Zoom In toolbar button.

To zoom out from the map, select Map > Zoom Out, or click the Zoom Out toolbar button.

To zoom into a specific area of the map, click Zoom Rectangle in the map toolbar, then click the map and drag a rectangle around the area. When you release the mouse button, the map zooms to display the area defined by the rectangle.

Alternatively, to zoom in to or out of a specific area of the map, click and drag the corner of the shaded rectangle in the navigation window.

To display the entire map, select Map > Fit to Window.

To display the map at actual size, select Map > Display Actual Size.

Related Topics

Navigating Maps

Selecting Map Elements

Table 4-1 describes how to select map elements.

Table 4-1 Selecting Network Elements 

To select...
Do the following

A single map element

Click the element.

Multiple noncontiguous map elements

Ctrl+click each element.

Multiple contiguous map elements

Click the map and drag a rectangle that includes the elements.


Centering Map Elements

To center the display of the map on a particular map element, right-click the element, then select Move to Center.

Using Map Layouts

You can automatically arrange the network nodes on the active map in several predefined layouts. Only nodes that are already displayed on the map are arranged. Any nodes that you later add do not follow the layout.

To select a map layout, right-click the map background, then select one of the following layouts from the map context menu:

Hierarchical Layout—Arranges the nodes in a hierarchical layout.

Radial Layout—Arranges the nodes in a radial layout.

Circular Layout—Arranges the nodes in a circular layout.

Undocking the Map Window

You can undock the map window, which enables you to use other product features while keeping the map open.

Step 1 To undock the map, select Map > Undock Map View.

Step 2 To dock the map window, select Map > Dock Map View.

Searching for Map Elements

This procedure describes how to find a node that is displayed on the active map.

Related Topics

Find Node Dialog Box, page B-10

Step 1 Select Map > Find Map Node. The Find Node dialog box appears.

Step 2 Enter search criteria in the dialog box.

You can search for a node based on its name, interface IP addresses, and device type. As you enter criteria, the list of nodes is updated to include only the devices that match all of the entered criteria.

Step 3 Select the node to find from the node list, then click OK.

The selected node is highlighted and appears in the center of the map.

Refreshing Maps

The network data that is displayed on maps is typically updated as this data changes. However, to be certain that a map displays current network data, you can refresh it manually by selecting Map > Refresh Map.

Using Linked Maps

A linked map is a map that you associate with a map element on another map. Because it not practical to include all the nodes on a large network in a single map, you can use linked maps to create a hierarchical topology of your network.

You cannot link a node to the open map.

Before You Begin

You must create the map to link to before you can link to it.

Related Topics

Set Linked Map Dialog Box, page B-13

Step 1 Right-click the map element to which to link a map, then select Set Linked Map. The Set Linked Map dialog box opens.

Step 2 Select a map to associate with the selected map element, then click OK.

Step 3 To open the linked map, right-click the linked node, then select Open Linked Map.

Using the Default Map

You can create a default map that contains all of the managed devices and VPNs in the Security Manager inventory.

Generating the default map is a good way to create a map. After generating the map, save it with a unique name to make it a standard map, and modify it as desired.

You can generate the default map whenever you want to, and it contains the inventory as it exists at the time you generate it. You cannot specifically save the default map as the default map; it is regenerated every time you select it.

To create the default map, you must have sufficient access rights to the devices in the inventory. For more information, see Access Permissions for Maps.

Before You Begin

You must be in Map view to create the default map. Select View > Map View.

Tips

If you refresh the map (select Map > Refresh Map ), items that you added to the inventory after generating the default map are not added to the map. You must regenerate the default map to see new devices.

Step 1 Select Map > Open Map.

Step 2 Select Default Map from the Available Maps list, then click OK.

Note If you have do not have sufficient access rights to all devices in the inventory, the default map that opens shows only the subset of devices for which you do have access rights.

Step 3 To save the default map as a standard map, select Map > Save Map, then enter a name for the map and click OK.

Changing the Map Background Color

The default map background color is white. You can set a different color.

Related Topics

Map Settings Dialog Box, page B-11

Select Color Dialog Box, page B-12

Step 1 Select Map > Map Properties.

The Map Settings dialog box opens.

Step 2 Click Select. The Select Color dialog box opens.

Step 3 Select a color from the Select Color dialog box, then click OK.

Step 4 Click OK in the Map Settings dialog box.

Working With Map Background Images

A background image is an image that appears in the background of a map, behind the map elements.

A suggested use for a background image is to use an image that represents a geographic area. Then you can position map elements according to their geographic locations.

Some background images are installed on the Security Manager server. You can also transfer images to the server to use as background images. You can use background images of the following file formats: JPEG, GIF, PNG, IVL, and SVG. You must transfer images to the Security Manager server file system by accessing the server directly. For security reasons, Security Manager does not provide a way to transfer files to the server.

To use an image on the server as a background image, you must first import it into Security Manager.

The following topics describe how to use map background images:

Importing Map Background Images

Setting Map Background Images

Deleting Map Background Images

Using Background Image Coordinates and Scale

Importing Map Background Images

To use a new image as a background image, you must first import it into Security Manager.

Before You Begin

Transfer the image file to import onto the Security Manager server file system by connecting directly to the server. For security reasons, Security Manager does not provide a method of transferring files to the server.

Related Topics

Import Background Image Dialog Box, page B-12

Working With Map Background Images

Step 1 Select Map > Map Properties. The Map Settings dialog box opens.

Step 2 Click the Add button. The Import Background Image dialog box opens.

Step 3 Click Browse. A file browser dialog box opens.

Step 4 Browse to the image file to import, then click OK.

Setting Map Background Images

To select a background image for a map, you must modify the map properties.

Related Topics

Map Settings Dialog Box, page B-11

Working With Map Background Images

Step 1 Select Map > Map Properties. The Map Settings dialog box opens.

Step 2 Set a background image by selecting an image from the Available Background Images list, then click OK.

Deleting Map Background Images

Deleting a map background image only removes it from the list of available background images. It does not remove the image file from the Security Manager server. For security reasons, you must connect to the server directly to delete a file.

Related Topics

Working With Map Background Images

Step 1 Select Map > Map Properties. The Map Settings dialog box opens.

Step 2 Select the image to delete in the Available Background Images list, then click the Remove button.

Step 3 Select the image to delete, then click OK.

Using Background Image Coordinates and Scale

You can adjust the default position and scale of background image.

Step 1 Select Map > Map Properties. The Map Settings dialog box opens.

Step 2 Adjust the background image position by entering coordinate values in the Map X and Map Y fields.

Tip Due to the variability of image positioning variables, the most effective approach is to enter a pair of X,Y coordinate values, gauge the result on the image position, and then adjust the values to achieve the desired result. You can enter negative values.

Step 3 Set the background image scale by entering a percentage in the Scale (%) field.

Displaying Your Network on the Map

You use the map view to represent your network topology by creating maps. A map is a visual representation of your network, or a portion of it if it is too large to fit on a single map. Maps consist of map elements that represent devices, links, and other objects in your network. For more information about map, see Working With Maps.

The following topics describe how to create maps:

Understanding Map Elements

Displaying Managed Devices on the Map

Using Map Objects To Represent Network Topology

Displaying Layer 3 Links on the Map

Understanding Map Elements

All objects that can appear on a map are map elements. You display map elements on a map to create a representation of a portion of your network.

The following types of map elements are available:

Device nodes—Elements that represent managed devices. Examples:

Router

Firewall device

Adaptive Security Appliance (ASA)

Catalyst 6500 switch or 7600 router

Firewall Services Module (FWSM)

Map objects—Elements that are not managed. Examples:

Unmanaged device

Network

Network cloud

Host

Links—Elements that represent network connections. Examples:

Layer 3 link

VPN tunnels

Related Topics

Using Map Objects To Represent Network Topology

Understanding Automatic Layer 3 Connectivity Display

Displaying Layer 3 Links on the Map

Displaying Managed Devices on the Map

A device node represents a device that is managed by Security Manager. You add a device node to a map by selecting the device from the Security Manager inventory.

When you add a device node to a map, its Layer 3 connectivity to other nodes on the map is created automatically. For more information, see Understanding Automatic Layer 3 Connectivity Display.

The following sections describe how to use device nodes:

Adding a New Managed Device to the Map

Displaying an Existing Managed Device on the Map

Showing Containment of Catalyst Switches, Firewalls, and Adaptive Security Appliances

Displaying Devices on the Map from the Device View

Adding a New Managed Device to the Map

You can create a new device node by adding a new device to the Security Manager inventory from the Map view. After you create the new device in the inventory from the Map view, it is added to the active map as a device node.

If you add a device using the Device view, you must manually add the device to the map (see Displaying an Existing Managed Device on the Map).

Related Topics

Understanding Map Elements

Step 1 Click the New Device button in the map toolbar. The New Device dialog box opens.

Step 2 Add a new device.

For more information about this dialog box, click its Help button.

Step 3 The new device is added to the center of the map. Move the device icon to the desired position on the map.

Displaying an Existing Managed Device on the Map

This procedure describes how to add a device node to a map.

Before You Begin

The device that you want to add must be in the Security Manager inventory.

Related Topics

Understanding Map Elements

Step 1 Right-click the map, then select Show Devices on Map. The Show Devices on Map dialog box appears.

Step 2 Select the device nodes to display by doing the following:

a. To add a device node, select a device from the Available Devices list, then click >>. The device is added to the Selected Devices list.

b. To remove a device node, select it from the Selected Devices list, then click <<. The device is removed from the Selected Devices list.

Step 3 When the Selected Devices list contains only the nodes that you want to display, click OK.

The dialog box closes, and the map is updated to display only the device nodes you selected.

Step 4 To remove a managed node, select Remove from Map from the node context menu.

Showing Containment of Catalyst Switches, Firewalls, and Adaptive Security Appliances

The containment relationship between Catalyst 6500/7600 and Adaptive Security Appliance (ASA) devices and their service modules and security contexts, between PIX 7.x devices and FWSM and their security contexts, or between IPS devices and their virtual sensors, is displayed in maps as follows:

When you select a Catalyst 6500/7600 device, nodes that represent its Firewall Services Modules (FWSM) are highlighted.

When you select an ASA, nodes that represent its Security Service Modules are highlighted.

When you select a service module, the device that contains it is highlighted.

When you select an IPS device, the nodes that represent virtual sensors defined on the device are highlighted.

You can view a list of the security contexts contained in an ASA, firewall, or FWSM device, or the virtual sensors contained in an IPS device, by right-clicking the node and selecting Show Containment. This command also shows the service modules in a device that has them.

When you select a security context node, all its ancestor device nodes are highlighted.

When you select a virtual sensor, the device on which it is defined is highlighted.

Displaying Devices on the Map from the Device View

From the device selector in the Device view, you can locate a device node on the active map. The device node is centered on the map and highlighted. The device must be displayed on the active map. Otherwise, you are notified that it cannot be found.

Step 1 Right-click a device in the device tree.

Step 2 Select Show in Map view from the context menu.

If the device is shown on the active map, it is shown centered and highlighted on the undocked map. You are notified if the device is not shown on the active map.

Using Map Objects To Represent Network Topology

You can add map elements to a map that represent objects (such as devices and links) that Security Manager does not manage. These nodes are called map objects. You can use map objects to create a more useful representation of your network topology.

You can add Layer 3 links between any map elements, whether they are device nodes, map nodes, or a combination of both types.

The following topics describe using map objects:

Adding Map Objects

Deleting Map Objects

Adding Map Objects

Use this procedure to add a map object to the map.

Related Topics

Select Policy Object Dialog Box, page B-16

Using Map Objects To Represent Network Topology

Displaying an Existing Managed Device on the Map

Step 1 Select Map > Add Map Object. The Add Map Object dialog box appears.

Step 2 Enter a name for the node in the Device Name field.

Step 3 Select the type of device that the node represents from the Type list.

Step 4 (Optional) Add interfaces to the node by doing the following:

a. Click Add. The Interface Properties dialog box opens.

b. Enter an interface name, IP address, and network mask, then click OK.

c. Repeat this procedure to add additional interfaces.

Step 5 (Optional) Select a policy object as the basis for the map object:

a. Click Copy Policy Object. The Select Policy Object dialog box opens.

b. Select a policy object type from the Select a policy object list.

c. Click Select. The Single Selection Objects Selector dialog box opens.

d. Select a policy object, then click OK.

e. Click OK in the Select Policy Object dialog box. Information from the policy object is entered in the Add Map Object dialog box.

Step 6 Click OK. The map object is added to the center of the map. Move it to the desired location.

Deleting Map Objects

To delete a map object, right-click the object, then select Delete Map Object.

Displaying Layer 3 Links on the Map

A Layer 3 link is a line on the map that represents a network connection between two device interfaces.

Layer 3 links are added to the map automatically when you add a new map element that contains interface information. Network nodes are added as needed to represent Layer 3 connectivity when you add a new element. When you delete an interface that is a Layer 3 link endpoint, the link is removed.

You can add additional Layer 3 links between device nodes and map objects to illustrate your network's connectivity. Adding Layer 3 links to a map does not configure any network devices. Layer 3 links are just visual elements on the map.

You can use Layer 3 links to connect any two interfaces on a map. Depending on the interfaces that you choose, the Layer 3 link might include intermediary networks or network clouds. In some cases, you have the option to select which intermediary networks and networks clouds are inserted between the connected interfaces.

The following topics describing using Layer 3 links:

Creating Layer 3 Links

Deleting Layer 3 Links

Understanding Automatic Layer 3 Connectivity Display

Creating Layer 3 Links

Use this procedure to add a Layer 3 link between two map elements.

When you add a Layer 3 link, intermediary networks and network clouds are automatically inserted, depending on the node interfaces that you select to connect. In some cases, you have the option to select which intermediary networks and networks clouds are inserted between the connected interfaces.

Related Topics

Select Interfaces Dialog Box, page B-14

Add Link Dialog Box, page B-14

Step 1 Click Map > Add Link.

Step 2 Click one of the map elements to connect, then click the other map element to connect.

Step 3 If the map elements contain interfaces, select the source and destination interfaces for the link in the Select Interfaces dialog box, then click OK.

The Add Link dialog box might open, depending on which interfaces you select.

Step 4 If the Add Link dialog box opens, select which intermediary objects and network clouds to insert, then click OK.

Deleting Layer 3 Links

Use this procedure to delete a Layer 3 link between two map elements.

Deleting a Layer 3 link does not delete any intermediary network or network clouds between map elements.

Related Topics

Creating Layer 3 Links

Displaying Layer 3 Links on the Map

Step 1 Right-click the Layer 3 link to be removed.

Step 2 Select Delete Link.

Understanding Automatic Layer 3 Connectivity Display

Layer 3 connectivity information is automatically added to the map when you add map elements that have interface information. When you add a map element that has interface information, one of the following happens:

If the interface is on a network that is not represented on the map as a network map object, a network map object is added to the map with a Layer 3 link to the new map element.

If the interface is on a network that is represented on the map as a network map object, a Layer 3 link is added between the new map element and the network map object.

When you remove a node interface that is a Layer 3 link endpoint, the link is also removed.

The automatic addition of network objects and links is called Autolink. You can configure Autolink to not automatically add private or certain reserved network addresses. To configure these settings, select Tools > Security Manager Administration, then click Autolink.

Managing Firewall Services in Map View

The following topics describe how to manage firewall services from the map view:

Managing Firewall Policies (Map View)

Managing Firewall Settings (Map View)

Managing Firewall Policies (Map View)

The following topics describe how to manage firewall policies from the map view:

Managing Firewall Access Rules (Map View)

Managing Firewall Inspection Rules (Map View)

Managing Firewall AAA Rules (Map View)

Managing Web Filter Rules (Map View)

Managing Firewall Transparent Rules (Map View)

Managing Firewall Access Rules (Map View)

The following procedure describes how to manage access rules from a map device node.

Step 1 Right-click the device node to manage.

Step 2 Select Edit Firewall Policies > Access Rules from the context menu.

The Rules dialog box opens.

Step 3 Use the Access Rules dialog box to manage access rules on the device.

This dialog box has the same contents as the Access Rules page in the Device view. For information about this dialog box, see Access Rules Page, page I-1.

Step 4 Click Save to save your changes and close the dialog box.

Managing Firewall Inspection Rules (Map View)

The following procedure describes how to manage inspection rules from a map device node.

Step 1 Right-click the device node to manage.

Step 2 Select Edit Firewall Policies > Inspection Rules from the context menu.

The Inspection Rules dialog box opens.

Step 3 Use the Inspection Rules dialog box to manage inspection rules on the device.

This dialog box has the same contents as the Inspection Rules page in the Device view. For information about this dialog box, see Inspection Rules Page, page I-22.

Step 4 Click Save to save your changes and close the dialog box.

Managing Firewall AAA Rules (Map View)

The following procedure describes how to manage AAA rules from a map device node.

Step 1 Right-click the device node to manage.

Step 2 Select Edit Firewall Policies > AAA Rules from the context menu.

The AAA Rules dialog box opens.

Step 3 Use the AAA Rules dialog box to manage AAA rules on the device.

This dialog box has the same contents as the AAA Rules page in the Device view. For information about this dialog box, see AAA Rules Page, page I-56.

Step 4 Click Save to save your changes and close the dialog box.

Managing Web Filter Rules (Map View)

The following procedure describes how to manage web filter rules from a map device node.

Step 1 Right-click the device node to manage.

Step 2 Select Edit Firewall Policies > Web Filter Rules from the context menu.

The Web Filter Rules dialog box opens.

Step 3 Use the Web Filter Rules dialog box to manage web filter rules on the device.

This dialog box has the same contents as the Web Filter Rules page in the Device view. For information about this dialog box, see Web Filter Rules Page (PIX/ASA), page I-76.

Step 4 Click Save to save your changes and close the dialog box.

Managing Firewall Transparent Rules (Map View)

The following procedure describes how to manage transparent firewall rules from a map device node.

Step 1 Right-click the device node to manage.

Step 2 Select Edit Firewall Policies > Transparent Rules from the context menu.

The Transparent Rules dialog box opens.

Step 3 Use the Transparent Rules dialog box to manage transparent rules on the device.

This dialog box has the same contents as the Transparent Rules page in the Device view. For information about this dialog box, see Transparent Rules Page, page I-98.

Step 4 Click Save to save your changes and close the dialog box.

Managing Firewall Settings (Map View)

The following topics describe how to manage firewall settings from the Map view:

Managing Firewall Access Control Settings (Map View)

Managing Firewall Inspection Settings (Map View)

Managing AuthProxy Firewall Settings (Map View)

Managing AuthProxy Firewall Settings (Map View)

Managing Web Filter Settings (Map View)

Managing Firewall Access Control Settings (Map View)

The following procedure describes how to manage firewall access control settings from a map device node.

Step 1 Right-click the device node to manage.

Step 2 Select Edit Firewall Settings > Access Control from the context menu. The Access Control dialog box opens.

Step 3 Use the Access Control dialog box to manage access control settings on the device.

This dialog box has the same contents as the Access Control page in the Device view. For information about this dialog box, see Access Control Page, page I-106.

Step 4 Click Save to save your changes and close the dialog box.

Managing Firewall Inspection Settings (Map View)

The following procedure describes how to manage firewall inspection settings from a map device node.

Step 1 Right-click the device node to manage.

Step 2 Select Edit Firewall Settings > Inspection from the context menu. The Inspection dialog box opens.

Step 3 Use the Inspection dialog box to manage inspection settings on the device.

This dialog box has the same contents as the Inspection page in the Device view. For information about this dialog box, see Inspection Page, page I-111.

Step 4 Click Save to save your changes and close the dialog box.

Managing AuthProxy Firewall Settings (Map View)

The following procedure describes how to manage AuthProxy firewall settings from a map device node.

Step 1 Right-click the device node to manage.

Step 2 Select Edit Firewall Settings > AuthProxy from the context menu. The AuthProxy dialog box opens.

Step 3 Use the AuthProxy dialog box to manage AuthProxy settings on the device.

This dialog box has the same contents as the AuthProxy page in the Device view. For information about this dialog box, see AuthProxy Page, page I-118.

Step 4 Click Save to save your changes and close the dialog box.

Managing Web Filter Settings (Map View)

The following procedure describes how to manage web filter settings from a map device node.

Step 1 Right-click the device node to manage.

Step 2 Select Edit Firewall Settings > Web Filter from the context menu.

Step 3 Use the Web Filter dialog box to manage web filter settings on the device.

This dialog box has the same contents as the Web Filter page in the Device view. For information about this dialog box, see Web Filter Page, page I-123.

Step 4 Click Save to save your changes and close the dialog box.

Managing VPNs in Map View

The following topics describe how to manage VPNs in the Map view:

Creating VPN Topologies (Map View)

Editing VPN Policies From the Map

Editing VPN Peers From the Map

Displaying Existing VPNs on the Map

Adding and Removing VPN Tunnels on the Map

Listing VPN Peers on the Map

Creating VPN Topologies (Map View)

You can create VPN connections between VPN-capable device nodes that are displayed on the open map.

The following topics describe the methods for creating VPN connections:

Creating a Point-to-Point VPN Connection

Creating Full Mesh or Hub and Spoke VPNs (Map View)

Creating a Point-to-Point VPN Connection

Use this procedure to create a point-to-point VPN connection between two VPN-capable device nodes. Creating a VPN connection changes the device configuration of the connected devices.

Before You Begin

This procedure describes how to create a VPN by first selecting the devices you want to configure. Alternatively, you can create a VPN by clicking the New VPN button in the toolbar and selecting the type of VPN you want to configure. This will open the wizard for creating VPNs, and you have to select the devices within the wizard.

Related Topics

Selecting Map Elements

Step 1 Select the devices between which you want to create a VPN. Click the first device, then Ctrl+click the second device.

Step 2 Click the New VPN button in the maps toolbar and select Create Point to Point VPN. The Point to Point VPN wizard opens.

If workflow is enabled, you are prompted to open an activity if one is not open.

Step 3 Configure the point-to-point VPN connection. For more information about this wizard, click its Help button. The VPN connection is displayed on the map when you finish the wizard.

Creating Full Mesh or Hub and Spoke VPNs (Map View)

Use this procedure to create a full mesh or hub and spoke VPN that includes two or more VPN-capable device nodes. Creating a VPN connection between device nodes changes the device configuration of the connected devices.

Before You Begin

This procedure describes how to create a VPN by first selecting the devices you want to configure. Alternatively, you can create a VPN by clicking the New VPN button in the toolbar and selecting the type of VPN you want to configure. This will open the wizard for creating VPNs, and you have to select the devices within the wizard.

Step 1 Select multiple VPN-capable device nodes on the map.

For more information, see Selecting Map Elements.

Step 2 Right-click one of the selected nodes.

If you are creating a hub-and-spoke VPN, the node that you right-click becomes the hub.

Step 3 Select one of the following commands:

Create Full Meshed VPN—To create a meshed VPN that includes the selected nodes.

Create Hub & Spoke VPN—To create a hub-and-spoke VPN that includes the selected nodes.

If workflow is enabled, you are prompted to open an activity if one is not open.

The Create VPN wizard opens to the tab for configuring the VPN type that you selected.

Step 4 Configure the VPN connection. For information about this dialog box, click its Help button. The VPN is displayed on the map when you are finished with the wizard.

Editing VPN Policies From the Map

The following procedure describes how to edit VPN policies from the Map view.

Step 1 Select a VPN to edit by doing one of the following:

Right-click a VPN tunnel, then select Edit VPN Policies.

Right-click a device node, then select Edit VPN Policies.

The Select VPN to Configure dialog box appears if there are multiple VPNs.

Step 2 If necessary, select the VPN to configure from the Select VPN to Configure dialog box, then click OK.

The Site-To-Site VPN Manager window opens.

Step 3 Use the Site-To-Site VPN Manager window to edit the VPN.

For information about this window, see Site-to-Site VPN Manager Window, page G-1.

Step 4 Click Close to return to the Map view.

Editing VPN Peers From the Map

The following procedure describes how to edit VPN peers from the Map view.

Step 1 Select a VPN to edit by doing one of the following:

Right-click a VPN tunnel, then select Edit VPN Peers.

Right-click a device node, then select Edit VPN Peers.

The Select VPN to Configure dialog box appears if there are multiple VPNs.

Step 2 If necessary, select the VPN to configure from the Select VPN to Configure dialog box, then click OK.

A dialog box opens for editing the type of VPN you selected. For information on using the dialog box, click its Help button.

Displaying Existing VPNs on the Map

When you display a VPN, all of the its member devices are added to the map as device nodes, and all of its tunnels are highlighted. However, devices that you removed from the map previously are not added, even if they are members of a VPN that you display. You can add such devices to the map manually, and their VPN connectivity is displayed.

When you remove a VPN, only the VPN tunnels are removed. The device nodes remain on the map.

Adding and Removing VPN Tunnels on the Map

A VPN tunnel is a line on the map that represents a VPN connection between two devices. VPN tunnels are not added to the map automatically when you add a device node that is a member of a VPN. However, if the VPN was already selected to be shown on the map, adding a device in the VPN to the map will also display the VPN.

When you display a VPN on a map, all of the its member devices are added to the map as device nodes and are highlighted. All of its tunnels are added to the map and are highlighted.

Removing a VPN removes only the VPN tunnels. No device nodes are removed.

Note You cannot delete VPNs from the map view.

Step 1 Select Map > Show VPNs on Map.

The Show VPNs on Map dialog box opens.

Step 2 Select the VPNs to display by doing the following:

a. To add a VPN, select it from the Available VPNs list, then click >>.

b. To remove a VPN, select it from the Selected VPNs list, then click <<.

Step 3 When the Selected VPNs list contains only the VPNs that you want to display, click OK.

Listing VPN Peers on the Map

You can list the peers that participate in a VPN that is displayed on the map.

Step 1 Right-click a node that participates in a VPN.

Step 2 Select Show VPN Peers.

If the selected device participates in more than one VPN, the Show VPN Peers dialog box opens. Select the VPN whose peers you want to list, then click OK. The VPN Peers dialog box opens, listing the peers in the selected VPN.

If the selected device participates in only one VPN, the VPN Peers dialog box opens, listing the peers in the selected VPN.

Managing Device Policies in Map View

The following topics describe how to manage policies from the Map view:

Copying Policies Between Devices (Map View)

Sharing Device Policies (Map View)

Cloning Devices (Map View)

Previewing Device Configuration

Discovering Device Configurations

Copying Policies Between Devices (Map View)

You can copy policies from a map device node to other devices. You can also begin this task from the Device view.

Step 1 Right-click a device node, then select Copy Policies Between Devices. The Copy Policies wizard opens so you can select the devices to which you want to copy policies.

Step 2 Use the Copy Policies wizard to copy policies from the selected device to other devices. For more information, see Copy Policies Wizard—Copy Policies to these Devices Page, page D-6.

Sharing Device Policies (Map View)

You can share a device node's local policies from the map. You can also begin this task from the Device view.

Step 1 Right-click a device node, then select Share Device Policies. The Share Policies wizard opens to the Select Policies page.

Step 2 Use the Share Policies wizard to share local policies.

For more information, see Share Policies Wizard—Select Policies to Share Page, page D-8.

Cloning Devices (Map View)

You can clone a device from a device node on the map. You can also begin this task from the Device view.

The cloned device automatically appears on the map.

Step 1 Right-click a device node, then select Clone Device. The Create a Clone of <Device Name> dialog box opens.

Step 2 Use the Create a Clone of <Device Name> dialog box to clone the device.

For more information, see Create a Clone of Device Dialog Box, page C-25.

Previewing Device Configuration

You can preview a device node's configuration from the map. You can also begin this task from the Device view.

Step 1 Right-click a device node, then select Preview Configuration.

A preview configuration is generated for the device and is displayed in the The Configuration Preview dialog box.

Step 2 Use the Configuration Preview dialog box to preview the configuration.

For more information, see Config Version Viewer (Preview Configuration) Dialog Box, page N-17.

Discovering Device Configurations

You can discover a device node's configuration from the map. You can also begin this task from the Device view.

Step 1 Right-click a device node, then select Discover Policies on Device. The Create Discovery Task dialog box opens.

Step 2 Use the Create Discovery Task dialog box to discover policies on the device.

For more information, see Discover Policies On Device Dialog Box, page D-11.