FAQ and Troubleshooting Guide for Cisco Security Manager 3.2 - Index [Cisco Security Manager]

Table Of Contents

A - B - C - D - E - F - G - H - I - L - M - N - O - P - Q - R - S - T - U - V - W -

Index

A

AAA

accounting not implemented on SSL VPN 9-8

discovered configuration not displayed 6-5

discovering servers with server-private command 6-5

method lists partially discovered 6-5

name changes when discovering policies 6-13

name changes when discovering rules 6-9

removing aaa new-model command 9-7

access control lists (ACLs)

creating during IOS IPS configuration 8-3

deployment errors on FWSMs 12-7

handling names during discovery 6-3

name changes during discovery 6-9

names preserved during discovery 6-6

naming conventions 6-7

resolving naming conflicts 6-7

using ACL manager 12-6

access rule lookup

deployed changes

synchronization with 13-7

device software versions

supported for 13-8

devices with multiple contexts

prerequisites for 13-12

error message 13-4

from MARS

without Security Manager client running 13-8

syslogs supported for

by firewall devices 13-11

with Security Manager client active

in non-Workflow mode 13-8

in Workflow mode 13-8

access rules

cannot save combined rules 7-3

events lookup

large number of hashcodes 13-14

warning message 13-15

hashcodes

accuracy of syslog matches 13-17

modified

after read-only policy display 13-5

not synchronized with device 13-4

object grouping

events lookup and 13-17

on higher security interface, inbound

policy lookup 13-4

on lower security interface, inbound

policy lookup 13-4

policy query icon 13-4

on lower security interface, outbound

policy lookup 13-4

optimization

events lookup and 13-17

unavailable on the device

for MARS syslogs 13-4

activities

in an editable state

and policy table lookup from MARS 13-8

policy table lookup

with Security Manager client active 13-8

address pools

deployment failure 9-7

on same subnet as interface 9-8

overriding in connection profiles 9-7

ADSL policies

unable to deploy 10-4

approvers

associating with user account

for policy lookup from MARS 13-9

ASA devices

with multiple contexts

and policy lookup from MARS 13-12

MARS events lookup 13-14

prerequisite for policy table lookup 13-12

authentication

of MARS for policy lookup

Security Manager deleted from MARS 13-7

authentication settings

for events lookup

Security Manager credentials 13-16

authorization

changes in ACS for devices 3-3

Auto Update Server (AUS)

discovering policies 6-3

failure during deployment 12-10

B

browser settings

reusing windows

for events lookup 13-15

C

Catalyst switches and 7600 devices

adding 6503-E devices 11-1

discovering failover pairs 11-2

discovering policies on security contexts 6-4

IDSM support 11-2

interface deployment failure 11-3

internal VLAN deployment failure 11-3

migrating to 3.2 11-2

performing rollback 11-3

supported modes 11-1

supported VACLs 11-2

troubleshooting 11-1

undefined VLANs 11-2

changes, out-of-band 12-4

Cisco Marketplace 1-x

Cisco Networking Services (CNS)

debugging IOS device 5-9

debugging PIX device 5-9

deployment failures to PIX device 5-8

device id not connected error 5-8

device name does not exist error 5-8

discovery failure for IOS device 5-9

event mode router does not appear 5-9

first deployment to PIX fails 5-8

InvalidParameterException error 5-7

troubleshooting device setup 5-7

Cisco Press 1-x

Cisco Product Quick Reference Guide, obtaining 1-x

Cisco product security

PSIRT 1-x

vulnerability policy portal 1-x

Cisco Secure ACS (ACS)

adding multihomed devices 3-4

authentication fails 3-2

changes not appearing in Security Manager 3-3

devices not appearing in Security Manager 3-3

effect on policy discovery 6-3

read-only access for system administrators 3-2

restoring access 3-4

updating device credentials in Security Manager 3-5

using multiple versions of Security Manager 3-1

working after ACS becomes unreachable 3-3

Cisco Secure ACS roles

policy table lookup from MARS 13-9

Cisco Security Agent

already installed on server 4-1, 11-2

co-existing with IPS systems 4-2

error message in event log 4-2

frequently asked questions 4-1

reinstalling bundled version 4-1

client installation

troubleshooting 2-6

client log files

locating 2-2

CNS

lists applied to wrong SSL VPN context 9-8

combining rules

cannot save changes 7-3

Common Services

MARS user account, creating 13-7

MARS user not defined in

policy lookup 13-11

user account not defined in

logging in to MARS 13-11

Common Services roles

policy table lookup from MARS 13-9

communication, device

troubleshooting 5-1

configuration ownership 12-4

configuration rollback

cannot connect to a Cisco IOS router after 5-2

performing reload 12-8

configure replace command 12-8

connection profiles

sharing among multiple ASAs 9-7

connection-related messages

generated by

outbound traffic, policy lookup 13-4, 13-5

connection teardown messages

2-minute gap with

connection setup 13-3

in a different session from setup 13-3

realtime event viewer 13-3

connectivity test

between MARS and Security Manager

configuring administrative host 13-10

correct credentials 13-10

error message 13-7, 13-10

success 13-7, 13-10

console port

name changes during discovery 6-14

Context Data events

on IPS and IDS sensors

policy query icon and 13-5

cross-launch authentication settings

for events lookup

disabling saving of credentials 13-16

using MARS login credentials 13-16

using Security Manager credentials 13-16

custom signatures

policy lookup for 13-10

D

Daemon Manager

not running on Security Manager

policy table lookup 13-11

deleting

referenced interfaces 10-2

deployment

ADSL deployment failures 10-4

Catalyst interface settings 11-3

Catalyst internal VLANs 11-3

changing default deployment methods 12-6

determining method to use 12-3

devices with same IP address 5-7

duplicate SSL VPN gateway failure 9-7

errors with ACLs 12-7

failure due to overlapping pools 9-7

failure due to pools not on interface subnet 9-8

failures with AUS-managed devices 12-10

failure when modifying WINS master server 9-8

failure when port forwarding list removed 9-8

fixing an OS version mismatch 12-4

ignoring errors 12-7

IOS errors 12-6

IOS IPS 8-3

layer 2 interfaces 10-2

maximum number of devices 12-6

mixing methods 12-9

of access rule changes

synchronization with device 13-7

performing immediately after discovery 6-3

PVC deployment failures 10-4

PVC IP protocol mappings 10-4

rolling back configurations 12-4

setting default directory 12-3

SSL handshake failure 12-10

understanding

effects of deploying to files 12-3

full vs. delta configurations 12-6

process 12-2

device communication

FAQs 5-2

loss of contact due to NAT 10-3

routers without K8/K9 crypto image 5-2

troubleshooting 5-1

device configuration

discovering commands 6-3

unable to configure 10-5

device management 12-4

changes that affect the feature set 5-4

changing critical device properties 5-2

image version changes not affecting feature set 5-3

simultaneous operations on device 5-7

Device Properties page

deleting a MARS appliance 13-18

discovering

MARS 13-17

device response

to appear as an error message 12-8

devices

added to MARS only

policy lookup 13-6

changes to ACS authorization not appearing in Security Manager 3-3

signature policies

not discovered 13-14

software versions

supported by MARS and Security Manager 13-8

synchronization with

changed policies 13-7

updating credentials from ACS 3-5

with multiple contexts

Device Properties page 13-12

differing host and context names 13-12

policy query icon 13-12

reporting IP address in MARS 13-12

setting hostname for policy lookup from MARS 13-12

device type

changing 5-4

DHCP

traffic blocked 10-5

diagnostic information

generating 1-1

dialers

name changes during discovery 6-12

discovering

MARS

after deleting 13-18

discovery

Catalyst failover pairs 11-2

devices with same IP address 5-7

invalid certificate error 5-6

of MARS

into Security Manager 13-17

security certificate error 5-6

discovery task

frequently asked questions 6-2

DNS

configuring for SSL VPN 9-7

documentation

on Cisco.com 1-x

ordering 1-x

documentation feedback, sending to Cisco 1-x

E

error message

events lookup from policies

MARS appliance not configured 13-17

testing connectivity

between MARS and Security Manager 13-10

error messages

events lookup from policies

MARS appliance is shut down 13-17

policy table lookup from MARS

access rules not on device 13-4

addition of multiple Security Managers to Local Controller 13-11

connection setup syslog unavailable 13-3

connection teardown events in realtime viewer 13-3

Daemon Manager not running on Security Manager 13-11

device added to MARS only 13-6

implicit permit statement in access rules 13-4, 13-5

modal dialog box open 13-11

RPC connection failure 13-4

unsynchronized changes 13-4

errors

deployment 12-6

event action filter

configuring

during policy table lookup from MARS 13-8

event log

CSA error message 4-2

events lookup

advantages 13-14

browser settings 13-15

device software versions

supported for 13-8

from access rules

ACE hashcodes 13-17

hashcodes 13-17

object grouping 13-17

optimization enabled 13-17

from default signatures 13-14

from policies

error message 13-17

for multiple contexts 13-14

from signatures

for virtual sensors 13-16

F

FAQ

Catalyst switches and 7600 devices 11-1

policy discovery

AAA configuration not displayed 6-5

AAA method lists partially discovered 6-5

AAA servers and server-private command 6-5

deploying after discovering VPN and router policies 6-3

determining results 6-2

device hostnames 6-5

discovering configuration commands 6-3

discovering with AUS 6-3

discovery and ACS 6-3

FWSM and Catalyst security contexts 6-4

how it works 6-2

naming ACLs and object groups 6-3

PIX/ASA security contexts 6-4

redeploying after discovery 6-3

rediscovering existing policies 6-3

unable to submit changes 6-4

using existing policies and objects 6-4

viewing discovered policies 6-2

viewing undiscovered policies 6-2

when to perform 6-2

FAQs

device communication 5-2

firewall services

cli for authentication proxy 7-2

configuring management IP of security contexts 7-2

hit count 7-1

standard ACLs 7-2

losing connection to a device 7-2

negating addresses within a range 7-2

removal of bound ACEs 7-2

unable to deploy using BGP 7-2

validation error on transparent rules 7-2

Firewall Services Module (FWSM)

deployment error 12-7

discovering policies on security contexts 6-4

FWSM

multiple contexts

MARS events lookup 13-14

with multiple contexts

and policy lookup from MARS 13-12

prerequisite for policy table lookup 13-12

G

gateways

sharing address and port 9-7

Global Controller

adding to

Security Manager 13-14

policy query icon for events 13-11

policy table lookup and 13-11

viewing Security Manager server from 13-11

group-policy

removing SSL VPN definitions 9-9

H

hashcodes

ACE

accuracy of syslog matches 13-17

supported device OS versions 13-17

in large access rules

looking up events 13-14

Help Desk role

policy table lookup and 13-9

historical events

filtering time 13-14

lookup from policies

running query manually 13-14

policy lookup

error message 13-4

historical events lookup

device versions

supported for 13-8

hostnames

effect on policy discovery 6-5

HTTP

name changes during discovery 6-14

HTTPS mode

determining 2-2

I

idle timeout

exceeded for MARS session

without Security Manager client open before lookup 13-6

with Security Manager login credentials for lookup 13-6

IDSM

support limitations 11-2

IDS sensors

Context Data events

and signature policy lookup 13-5

Packet Data events

and signature policy lookup 13-5

ignore error message

configure Security Manager to 12-8

image version

changes that affect the feature set 5-4

implicit permit

configured in access rules

lookup from MARS events 13-4, 13-5

inspection rules

name changes during discovery 6-10

installation

troubleshooting 2-6

Internet Explorer

accessing MARS GUI using

for access rule lookup 13-8

cached passwords

policy table lookup 13-8

remembered passwords

policy table lookup 13-8

IOS 12.1 and 12.2

configuring in Security Manager 10-1

IOS 12.4(11)T

address pool deployment failure 9-8

CNS problem with SSL VPN contexts 9-8

IOS 12.4(9)T

AAA accounting failure 9-8

port forwarding list deployment failure 9-8

WINS master server deployment failure 9-8

IP mappings

unable to deploy 10-4

IPS

co-existing with CSA 4-2

creating ACLs 8-3

deploying 8-3

importing 5.0 sensors 8-1

performing updates 8-2

provisioning trusted hosts 8-3

retrieving signature updates 8-1

signature updates 8-3

updating IOS IPS crypto configurations 8-2

IPS sensors

Context Data events

and signature policy lookup 13-5

Packet Data events

and signature policy lookup 13-5

IPS signature policy lookup

device software versions

supported for 13-8

event action filter, configuring 13-8

for MARS events of type

Context Data 13-5

Packet Data 13-5

from MARS

without Security Manager client running 13-8

with Security Manager client active

in non-Workflow mode 13-8

in Workflow mode 13-8

IPS virtual sensors

signature policy lookup

from MARS events 13-5

L

license

SSL VPN import 9-7

line access

name changes during discovery 6-14

Local Controller

adding

multiple Security Manager servers to 13-11

one Security Manager server to 13-11

adding multiple

to Security Manager 13-14

logging

disabled for permit ACEs

events lookup 13-15

logging in to

MARS

using an account not defined in Common Services 13-11

Security Manager

after error during policy lookup 13-4

using a different account from the one in MARS 13-7

logging level

changing for firewalls

and syslogs in MARS 13-11

login credentials

of Security Manager

saved in MARS during policy lookup 13-12

login credentials, Security Manager

authenticating MARS

Security Manager deleted from MARS 13-7

editing

from User Configuration page in MARS 13-7

using a different account from the one in MARS

for policy lookup 13-7

looking up

events from signatures

for virtual sensors 13-16

MARS events

advantages 13-14

from default signature 13-14

from large access rules 13-14

M

management IP address

defining for multiple contexts

events lookup 13-14

MARS

adding Security Manager to

users with admin privileges 13-9

committed view

of Security Manager policy 13-7

deployed view

of Security Manager policy 13-7

downloading Security Manager 13-6

policy table lookup

time taken for 13-10

with Security Manager client not running 13-8

with Security Manager in non-Workflow mode 13-8

with Security Manager in Workflow mode 13-8

starting a new instance of Security Manager

with client session active 13-7

starting Security Manager for policy lookup

using Security Manager credentials 13-7

User Configuration page

Security Manager credentials 13-7

MARS appliance

automatic mapping

with Security manager 13-18

deleting

from Security Manager 13-18

not associated with monitored device

in Security Manager 13-17

shutting down

events lookup 13-17

testing connectivity

with Security Manager 13-7, 13-10

version 4.3.4, 5.3.4

adding to Security Manager 13-14

MARS authentication

with Security Manager for policy lookup

deleting Security Manager from MARS 13-7

editing Security Manager credentials in MARS 13-7

MARS database

deleting

Security Manager server from 13-7

saving Security Manager credentials

during policy lookup 13-6

MARS events

for connection teardown

in realtime event viewer 13-3

generated by custom signatures

and policy lookup 13-10

of type

Context Data 13-5

Packet Data 13-5

MARS Global Controller

See Global Controller

MARS GUI

accessing using

Internet Explorer, note 13-8

MARS Local Controller

See Local Controller

MARS session

idle timeout, exceeding

using Security Manager credentials for policy lookup 13-6

MARS user account

defining in Common Services

for policy lookup 13-7

not defined in Common Services

prompting for credentials 13-11

MARS user roles

Admin

editing Security Manager credentials 13-7

for modifying Security Manager credentials 13-9

Notifications Only 13-9

Operator 13-9

Security Analyst

editing Security Manager credentials 13-7

MARS web interface

policy table lookup

with Security Manager not installed 13-6

max-webvpn-session-limit

cannot be imported 9-7

MD5 hashcodes

See hashcodes

modal dialog box

looking up policy table

from MARS 13-11

N

NAC

deployment fails 10-7

name changes during discovery 6-15

posture validation not occurring 10-7

NAT

discovering rules with route maps 10-3

name changes during discovery 6-11

VPN traffic sent unencrypted 10-3

navigating

from multiple signature IDs

to historical events in MARS 13-17

to realtime events in MARS 13-17

from policies

to MARS events, advantages 13-14

network administrators

associating with user account

for policy lookup from MARS 13-9

Networking Professionals Connection 1-x

network operators

associating with user account

for policy lookup from MARS 13-9

non-Workflow mode

policy table lookup

from MARS events 13-8

with Security Manager client active 13-8

number of rules 13-10

O

object groups

enabled for access rules

MARS events lookup 13-17

object-groups

name changes during discovery 6-8

objects

expanding contents

in MARS event query 13-14

query criteria in MARS 13-14

using existing objects during discovery 6-4

online help

loading 2-5

preserving search results 2-6

operational mode

changing 5-4

OS version mismatch

fixing 12-4

out-of-band changes

resolving 12-4

P

Packet Data events

huge syslog messages 13-5

on IPS and IDS sensors

policy query icon and 13-5

parsing

invalid syslog messages

13-4

passwords

encrypted passwords on routers 10-2

peer support, Networking Professionals Connection 1-x

performance

of MARS

number of rules 13-10

of Security Manager 13-10

PIX/ASA devices

discovering policies on security contexts 6-4

discovering policies when using AUS 6-3

PIX firewalls

multiple contexts

MARS events lookup 13-14

PIX object groups

handling names during discovery 6-3

policies

policy discovery FAQ 6-2

rediscovery and current assignments 6-3

using existing policies during discovery 6-4

policy discovery

AAA commands not displayed in AAA policy 6-5

AAA method lists partially discovered 6-5

AAA servers and server-private command 6-5

deploying after discovering VPN and router policies 6-3

determining results 6-2

device hostnames 6-5

discovering configuration commands 6-3

discovering with AUS 6-3

discovery and ACS 6-3

frequently asked questions 6-2

FWSM and Catalyst security contexts 6-4

how it works 6-2

naming ACLs and object groups 6-3

NAT rules with route maps 10-3

negated SSL VPN policies 6-5

PIX/ASA security contexts 6-4

preserving ACL names 6-6

redeploying after discovery 6-3

rediscovering existing policies 6-3

resource names changed during discovery 6-8

unable to submit changes 6-4

undiscovered VPN features 6-6

using existing policies and objects 6-4

viewing discovered policies 6-2

viewing undiscovered policies 6-2

when to perform 6-2

while deploying to device 6-5

policy lookup 13-3

policy lookup from MARS 13-7

policy query icon

for access rules

not found on the device 13-4

for Context Data events 13-5

for devices with multiple contexts

without reporting IP address 13-12

for events in Global Controller 13-11

for Packet Data events 13-5

for Unknown Device Event Type

triggered by custom signatures 13-10

for unsupported syslog IDs 13-3

policy query login dialog box

saving Security Manager credentials 13-12

Policy Query popup window

See read-only policy table

policy table lookup

devices with multiple contexts

prerequisites for 13-12

error message 13-11

event action filter, configuring 13-8

MARS user roles 13-9

modal dialog box 13-11

prompting for credentials

MARS user not in Common Services 13-11

time taken for 13-10

with Security Manager client active

in non-Workflow mode 13-8

in Workflow mode 13-8

with Security Manager client not running 13-8

port forwarding list

applied to wrong SSL VPN context 9-8

deployment failure when removed 9-8

PPP

name changes during discovery 6-13

properties, changing critical device 5-2

proxy-bypass interfaces

configured for SSL VPN 9-7

PSIRT 1-x

publications, obtaining additional 1-x

PVC policies

unable to deploy 10-4

Q

quality of service (QoS)

name changes during discovery 6-16

queries

criteria

complexity 13-14

objects in policies 13-14

populated from policies 13-14

expanding objects in MARS 13-14

for historical events

run manually 13-14

for realtime events

run automatically 13-14

Query/Reports tab

identifying incident

for signature policy lookup 13-5

querying

for MARS events from devices

without reporting IP address 13-12

for Unknown Reporting Devices in MARS 13-12

Query page

reusing browser window

during events lookup 13-15

R

read-only policy table

after display of

access rules, modifying 13-5

error message

corrective action 13-6

device added to MARS only 13-6

read-only signature policy page

viewing

Security Manager details 13-9

realtime events

policy lookup

error message 13-4

running query automatically 13-14

realtime events lookup

device versions

supported for 13-8

realtime event viewer

access rule lookup

for connection teardown events 13-3

in MARS

navigating from policies 13-14

reload

after configuration rollback 12-8

Reporting Applications tab

Security Manager user credentials

for initial communication 13-12

using MARS credentials

not defined in Common Services 13-11

reporting IP address

for devices with multiple contexts

policy table lookup 13-12

resources

AAA name changes 6-9

AAA policy name changes 6-13

ACL name changes 6-9

dialer name changes 6-12

dynamic NAT name changes 6-11

HTTP name changes 6-14

inspection rule name changes 6-10

line access name changes 6-14

NAC name changes 6-15

names changed during discovery 6-8

object-group name changes 6-8

PPP name changes 6-13

QoS name changes 6-16

service policy rule name changes 6-11

transparent rule name changes 6-10

rollback 12-4

Catalyst switches and 7600 devices 11-3

performing when deploying to file 12-9

router platform

policy troubleshooting 10-1

device access policies 10-4

device interface policies 10-2

DHCP policies 10-5

DSL policies 10-3

NAC policies 10-6

NAT policies 10-2

PVC policies 10-4

SDP policies 10-5

SNMP policies 10-6

static routing policies 10-7

routers

configuring routers with 12.1 or 12.2 10-1

managing encrypted passwords 10-2

S

security

advisories 1-x

incidents, obtaining assistance 1-x

news from Cisco

registering to receive 1-x

RSS feed URL 1-x

notices 1-x

PSIRT 1-x

vulnerabilities, reporting 1-x

Security Agent installation

troubleshooting 2-6

security certificate

invalid during discovery 5-6

security context

configuring management IP 7-2

security contexts

changing 5-4

deleting configuration file 5-6

discovering policies on FWSM and Catalyst devices 6-4

discovering policies on PIX/ASA devices 6-4

Security Manager client

cleaning server list in Login window 2-2

determining HTTPS mode 2-2

entering server names after installation 2-2

frequently asked questions 2-1

installing on same machine as server 2-2

loading online help 2-5

locating client logs 2-2

reinstalling 2-4

removing locks of another user 2-5

resetting password 2-2

resolving version mismatch 2-2

running in dual-screen mode 2-3

upgrading

from a previous version 2-4

using HTTP 2-3

Security Manager database

corrupted 1-2

troubleshooting 1-2

Security Manager Diagnostics utility

accessing 1-1

Security Manager policy query icon

See policy query icon

Security Manager server

collecting troubleshooting information 1-1

database issues 1-2

installation 1-4

restoring database from files 1-3

restricting access 1-4

unable to launch 1-3

sensor ID

in IPS syslog messages in MARS

for virtual sensors 13-5

service policy rules

name changes during discovery 6-11

service requests

submitting 1-x

services

creating groups from nameless services 7-3

signature policy

default

assigned to devices 13-14

excluded from discovery

empty icon 13-14

not discovered on device

and events lookup 13-14

signatures

default

editing, policy icon 13-14

events lookup 13-14

managing updates 8-3

retrieving updates 8-1

signature summary table

navigating to

historical events in MARS 13-15

realtime events in MARS 13-15

SNMP

removing traps unintentionally 10-6

traps not being sent 10-6

SSL

handshake failure during deployment 12-10

SSL VPN

AAA accounting not implemented 9-8

address pools on interface subnet 9-8

cannot import license information 9-7

detecting overlapping pools 9-7

limitations 9-7

limitations due to OS defects 9-8

lists applied to wrong context 9-8

modifying WINS master server 9-8

need for DNS 9-7

removing aaa new-model command 9-7

removing group policies from PIX/ASAs 9-9

removing port forwarding list 9-8

sharing connection profiles on ASAs 9-7

sharing gateway addresses 9-7

use of proxy-bypass interfaces 9-7

using interface roles 9-7

static routing

deployment fails after upgrade 10-7

floating route not inserted 10-7

support

Networking Professionals Connection 1-x

obtaining from Cisco 1-x

syslog message IDs

for IOS routers

supported for policy lookup from MARS 13-11

supported for policy lookup from MARS

by firewall devices 13-11

unsupported

for policy lookup 13-3

policy query icon 13-3

syslog messages

accuracy of matches

hashcodes 13-17

for IPS events

absence of sensor ID 13-5

for Packet Data events 13-5

system administrators

associating with user account

for policy lookup from MARS 13-9

system log messages

connection teardown

policy lookup, error 13-3

deployed rules

synchronization with device 13-7

generated by access rules

unavailable on device 13-4

invalid format

policy lookup 13-4

T

technical support (TAC)

obtaining 1-x

URL for service requests 1-x

testing

connectivity

between MARS and Security Manager 13-7, 13-10

time consumption

for policy table lookup

number of rules 13-10

with Security Manager client open 13-10

timezone settings

certificate errors 5-6

training, obtaining 1-x

transparent rules

name changes during discovery 6-10

troubleshooting information

generating 1-1

trusted hosts

provisioning 8-3

U

Unknown Device Event Type

custom signatures and 13-10

Unknown Reporting Devices

querying for

in MARS 13-12

URL list

applied to wrong SSL VPN context 9-8

user account

creating a separate one

for policy lookup 13-7

with admin privileges

for adding Security Manager to MARS 13-9

User Configuration page

in MARS

editing Security Manager credentials 13-7

Security Manager credentials disabled 13-7

user credentials

of Security Manager added to MARS

in Reporting Applications tab 13-12

in the User Configuration page 13-12

Reporting Applications tab of MARS

different from those in User Configuration page 13-12

User Configuration page of MARS

authenticating Security Manager 13-12

populated from policy query login dialog box 13-12

user roles

in MARS

editing Security Manager credentials 13-7

modifying Security Manager credentials 13-9

V

version mismatch, resolving 2-2

views

committed 13-7

deployed

policy lookup from MARS 13-7

virtual sensors

signature policy lookup

from MARS events 13-5

VLAN ACLs (VACLs)

supported types 11-2

VLANs

referencing undefined 11-2

VPN

defining multiple CA servers 9-2

defining multiple spoke definitions 9-6

discovering after configuring 9-4

enabling/disabling VRF on Catalyst 6500/7600 9-4

loss of communication with spoke 9-2

negated SSL VPN policies 6-5

PKI with AAA 9-2

SSL VPN limitations 9-7

SSL VPN limitations due to OS defects 9-8

traffic sent unencrypted 10-3

unconfigurable commands when Easy VPN enabled 9-5

undiscovered features 6-6

unneeded Easy VPN policies 9-4

updating routing processes 9-1

vpn sessiondb

cannot be imported 9-7

VTY

name changes during discovery 6-14

W

WINS

modifying master server 9-8

Workflow mode

policy table lookup

editable activities 13-8

from MARS events 13-8

with Security Manager client active 13-8

	FAQ and Troubleshooting Guide for Cisco Security Manager 3.2
	Index
FAQ and Troubleshooting Guide for Cisco Security Manager 3.2 Preface Security Manager Server Security Manager Client Security Manager and Cisco Secure ACS Cisco Security Agent Device Management Policy Discovery Firewall Services IPS VPNs Router Platform Policies Catalyst 6500/7600 Devices Deployment Interoperation of MARS and Security Manager Index	Download this chapter Index Download the complete book FAQ and Troubleshooting Guide for Cisco Security Manager 3.2 (PDF - 4 MB) Feedback Table Of Contents A - B - C - D - E - F - G - H - I - L - M - N - O - P - Q - R - S - T - U - V - W - Index A AAA accounting not implemented on SSL VPN 9-8 discovered configuration not displayed 6-5 discovering servers with server-private command 6-5 method lists partially discovered 6-5 name changes when discovering policies 6-13 name changes when discovering rules 6-9 removing aaa new-model command 9-7 access control lists (ACLs) creating during IOS IPS configuration 8-3 deployment errors on FWSMs 12-7 handling names during discovery 6-3 name changes during discovery 6-9 names preserved during discovery 6-6 naming conventions 6-7 resolving naming conflicts 6-7 using ACL manager 12-6 access rule lookup deployed changes synchronization with 13-7 device software versions supported for 13-8 devices with multiple contexts prerequisites for 13-12 error message 13-4 from MARS without Security Manager client running 13-8 syslogs supported for by firewall devices 13-11 with Security Manager client active in non-Workflow mode 13-8 in Workflow mode 13-8 access rules cannot save combined rules 7-3 events lookup large number of hashcodes 13-14 warning message 13-15 hashcodes accuracy of syslog matches 13-17 modified after read-only policy display 13-5 not synchronized with device 13-4 object grouping events lookup and 13-17 on higher security interface, inbound policy lookup 13-4 on lower security interface, inbound policy lookup 13-4 policy query icon 13-4 on lower security interface, outbound policy lookup 13-4 optimization events lookup and 13-17 unavailable on the device for MARS syslogs 13-4 activities in an editable state and policy table lookup from MARS 13-8 policy table lookup with Security Manager client active 13-8 address pools deployment failure 9-7 on same subnet as interface 9-8 overriding in connection profiles 9-7 ADSL policies unable to deploy 10-4 approvers associating with user account for policy lookup from MARS 13-9 ASA devices with multiple contexts and policy lookup from MARS 13-12 MARS events lookup 13-14 prerequisite for policy table lookup 13-12 authentication of MARS for policy lookup Security Manager deleted from MARS 13-7 authentication settings for events lookup Security Manager credentials 13-16 authorization changes in ACS for devices 3-3 Auto Update Server (AUS) discovering policies 6-3 failure during deployment 12-10 B browser settings reusing windows for events lookup 13-15 C Catalyst switches and 7600 devices adding 6503-E devices 11-1 discovering failover pairs 11-2 discovering policies on security contexts 6-4 IDSM support 11-2 interface deployment failure 11-3 internal VLAN deployment failure 11-3 migrating to 3.2 11-2 performing rollback 11-3 supported modes 11-1 supported VACLs 11-2 troubleshooting 11-1 undefined VLANs 11-2 changes, out-of-band 12-4 Cisco Marketplace 1-x Cisco Networking Services (CNS) debugging IOS device 5-9 debugging PIX device 5-9 deployment failures to PIX device 5-8 device id not connected error 5-8 device name does not exist error 5-8 discovery failure for IOS device 5-9 event mode router does not appear 5-9 first deployment to PIX fails 5-8 InvalidParameterException error 5-7 troubleshooting device setup 5-7 Cisco Press 1-x Cisco Product Quick Reference Guide, obtaining 1-x Cisco product security PSIRT 1-x vulnerability policy portal 1-x Cisco Secure ACS (ACS) adding multihomed devices 3-4 authentication fails 3-2 changes not appearing in Security Manager 3-3 devices not appearing in Security Manager 3-3 effect on policy discovery 6-3 read-only access for system administrators 3-2 restoring access 3-4 updating device credentials in Security Manager 3-5 using multiple versions of Security Manager 3-1 working after ACS becomes unreachable 3-3 Cisco Secure ACS roles policy table lookup from MARS 13-9 Cisco Security Agent already installed on server 4-1, 11-2 co-existing with IPS systems 4-2 error message in event log 4-2 frequently asked questions 4-1 reinstalling bundled version 4-1 client installation troubleshooting 2-6 client log files locating 2-2 CNS lists applied to wrong SSL VPN context 9-8 combining rules cannot save changes 7-3 Common Services MARS user account, creating 13-7 MARS user not defined in policy lookup 13-11 user account not defined in logging in to MARS 13-11 Common Services roles policy table lookup from MARS 13-9 communication, device troubleshooting 5-1 configuration ownership 12-4 configuration rollback cannot connect to a Cisco IOS router after 5-2 performing reload 12-8 configure replace command 12-8 connection profiles sharing among multiple ASAs 9-7 connection-related messages generated by outbound traffic, policy lookup 13-4, 13-5 connection teardown messages 2-minute gap with connection setup 13-3 in a different session from setup 13-3 realtime event viewer 13-3 connectivity test between MARS and Security Manager configuring administrative host 13-10 correct credentials 13-10 error message 13-7, 13-10 success 13-7, 13-10 console port name changes during discovery 6-14 Context Data events on IPS and IDS sensors policy query icon and 13-5 cross-launch authentication settings for events lookup disabling saving of credentials 13-16 using MARS login credentials 13-16 using Security Manager credentials 13-16 custom signatures policy lookup for 13-10 D Daemon Manager not running on Security Manager policy table lookup 13-11 deleting referenced interfaces 10-2 deployment ADSL deployment failures 10-4 Catalyst interface settings 11-3 Catalyst internal VLANs 11-3 changing default deployment methods 12-6 determining method to use 12-3 devices with same IP address 5-7 duplicate SSL VPN gateway failure 9-7 errors with ACLs 12-7 failure due to overlapping pools 9-7 failure due to pools not on interface subnet 9-8 failures with AUS-managed devices 12-10 failure when modifying WINS master server 9-8 failure when port forwarding list removed 9-8 fixing an OS version mismatch 12-4 ignoring errors 12-7 IOS errors 12-6 IOS IPS 8-3 layer 2 interfaces 10-2 maximum number of devices 12-6 mixing methods 12-9 of access rule changes synchronization with device 13-7 performing immediately after discovery 6-3 PVC deployment failures 10-4 PVC IP protocol mappings 10-4 rolling back configurations 12-4 setting default directory 12-3 SSL handshake failure 12-10 understanding effects of deploying to files 12-3 full vs. delta configurations 12-6 process 12-2 device communication FAQs 5-2 loss of contact due to NAT 10-3 routers without K8/K9 crypto image 5-2 troubleshooting 5-1 device configuration discovering commands 6-3 unable to configure 10-5 device management 12-4 changes that affect the feature set 5-4 changing critical device properties 5-2 image version changes not affecting feature set 5-3 simultaneous operations on device 5-7 Device Properties page deleting a MARS appliance 13-18 discovering MARS 13-17 device response to appear as an error message 12-8 devices added to MARS only policy lookup 13-6 changes to ACS authorization not appearing in Security Manager 3-3 signature policies not discovered 13-14 software versions supported by MARS and Security Manager 13-8 synchronization with changed policies 13-7 updating credentials from ACS 3-5 with multiple contexts Device Properties page 13-12 differing host and context names 13-12 policy query icon 13-12 reporting IP address in MARS 13-12 setting hostname for policy lookup from MARS 13-12 device type changing 5-4 DHCP traffic blocked 10-5 diagnostic information generating 1-1 dialers name changes during discovery 6-12 discovering MARS after deleting 13-18 discovery Catalyst failover pairs 11-2 devices with same IP address 5-7 invalid certificate error 5-6 of MARS into Security Manager 13-17 security certificate error 5-6 discovery task frequently asked questions 6-2 DNS configuring for SSL VPN 9-7 documentation on Cisco.com 1-x ordering 1-x documentation feedback, sending to Cisco 1-x E error message events lookup from policies MARS appliance not configured 13-17 testing connectivity between MARS and Security Manager 13-10 error messages events lookup from policies MARS appliance is shut down 13-17 policy table lookup from MARS access rules not on device 13-4 addition of multiple Security Managers to Local Controller 13-11 connection setup syslog unavailable 13-3 connection teardown events in realtime viewer 13-3 Daemon Manager not running on Security Manager 13-11 device added to MARS only 13-6 implicit permit statement in access rules 13-4, 13-5 modal dialog box open 13-11 RPC connection failure 13-4 unsynchronized changes 13-4 errors deployment 12-6 event action filter configuring during policy table lookup from MARS 13-8 event log CSA error message 4-2 events lookup advantages 13-14 browser settings 13-15 device software versions supported for 13-8 from access rules ACE hashcodes 13-17 hashcodes 13-17 object grouping 13-17 optimization enabled 13-17 from default signatures 13-14 from policies error message 13-17 for multiple contexts 13-14 from signatures for virtual sensors 13-16 F FAQ Catalyst switches and 7600 devices 11-1 policy discovery AAA configuration not displayed 6-5 AAA method lists partially discovered 6-5 AAA servers and server-private command 6-5 deploying after discovering VPN and router policies 6-3 determining results 6-2 device hostnames 6-5 discovering configuration commands 6-3 discovering with AUS 6-3 discovery and ACS 6-3 FWSM and Catalyst security contexts 6-4 how it works 6-2 naming ACLs and object groups 6-3 PIX/ASA security contexts 6-4 redeploying after discovery 6-3 rediscovering existing policies 6-3 unable to submit changes 6-4 using existing policies and objects 6-4 viewing discovered policies 6-2 viewing undiscovered policies 6-2 when to perform 6-2 FAQs device communication 5-2 firewall services cli for authentication proxy 7-2 configuring management IP of security contexts 7-2 hit count 7-1 standard ACLs 7-2 losing connection to a device 7-2 negating addresses within a range 7-2 removal of bound ACEs 7-2 unable to deploy using BGP 7-2 validation error on transparent rules 7-2 Firewall Services Module (FWSM) deployment error 12-7 discovering policies on security contexts 6-4 FWSM multiple contexts MARS events lookup 13-14 with multiple contexts and policy lookup from MARS 13-12 prerequisite for policy table lookup 13-12 G gateways sharing address and port 9-7 Global Controller adding to Security Manager 13-14 policy query icon for events 13-11 policy table lookup and 13-11 viewing Security Manager server from 13-11 group-policy removing SSL VPN definitions 9-9 H hashcodes ACE accuracy of syslog matches 13-17 supported device OS versions 13-17 in large access rules looking up events 13-14 Help Desk role policy table lookup and 13-9 historical events filtering time 13-14 lookup from policies running query manually 13-14 policy lookup error message 13-4 historical events lookup device versions supported for 13-8 hostnames effect on policy discovery 6-5 HTTP name changes during discovery 6-14 HTTPS mode determining 2-2 I idle timeout exceeded for MARS session without Security Manager client open before lookup 13-6 with Security Manager login credentials for lookup 13-6 IDSM support limitations 11-2 IDS sensors Context Data events and signature policy lookup 13-5 Packet Data events and signature policy lookup 13-5 ignore error message configure Security Manager to 12-8 image version changes that affect the feature set 5-4 implicit permit configured in access rules lookup from MARS events 13-4, 13-5 inspection rules name changes during discovery 6-10 installation troubleshooting 2-6 Internet Explorer accessing MARS GUI using for access rule lookup 13-8 cached passwords policy table lookup 13-8 remembered passwords policy table lookup 13-8 IOS 12.1 and 12.2 configuring in Security Manager 10-1 IOS 12.4(11)T address pool deployment failure 9-8 CNS problem with SSL VPN contexts 9-8 IOS 12.4(9)T AAA accounting failure 9-8 port forwarding list deployment failure 9-8 WINS master server deployment failure 9-8 IP mappings unable to deploy 10-4 IPS co-existing with CSA 4-2 creating ACLs 8-3 deploying 8-3 importing 5.0 sensors 8-1 performing updates 8-2 provisioning trusted hosts 8-3 retrieving signature updates 8-1 signature updates 8-3 updating IOS IPS crypto configurations 8-2 IPS sensors Context Data events and signature policy lookup 13-5 Packet Data events and signature policy lookup 13-5 IPS signature policy lookup device software versions supported for 13-8 event action filter, configuring 13-8 for MARS events of type Context Data 13-5 Packet Data 13-5 from MARS without Security Manager client running 13-8 with Security Manager client active in non-Workflow mode 13-8 in Workflow mode 13-8 IPS virtual sensors signature policy lookup from MARS events 13-5 L license SSL VPN import 9-7 line access name changes during discovery 6-14 Local Controller adding multiple Security Manager servers to 13-11 one Security Manager server to 13-11 adding multiple to Security Manager 13-14 logging disabled for permit ACEs events lookup 13-15 logging in to MARS using an account not defined in Common Services 13-11 Security Manager after error during policy lookup 13-4 using a different account from the one in MARS 13-7 logging level changing for firewalls and syslogs in MARS 13-11 login credentials of Security Manager saved in MARS during policy lookup 13-12 login credentials, Security Manager authenticating MARS Security Manager deleted from MARS 13-7 editing from User Configuration page in MARS 13-7 using a different account from the one in MARS for policy lookup 13-7 looking up events from signatures for virtual sensors 13-16 MARS events advantages 13-14 from default signature 13-14 from large access rules 13-14 M management IP address defining for multiple contexts events lookup 13-14 MARS adding Security Manager to users with admin privileges 13-9 committed view of Security Manager policy 13-7 deployed view of Security Manager policy 13-7 downloading Security Manager 13-6 policy table lookup time taken for 13-10 with Security Manager client not running 13-8 with Security Manager in non-Workflow mode 13-8 with Security Manager in Workflow mode 13-8 starting a new instance of Security Manager with client session active 13-7 starting Security Manager for policy lookup using Security Manager credentials 13-7 User Configuration page Security Manager credentials 13-7 MARS appliance automatic mapping with Security manager 13-18 deleting from Security Manager 13-18 not associated with monitored device in Security Manager 13-17 shutting down events lookup 13-17 testing connectivity with Security Manager 13-7, 13-10 version 4.3.4, 5.3.4 adding to Security Manager 13-14 MARS authentication with Security Manager for policy lookup deleting Security Manager from MARS 13-7 editing Security Manager credentials in MARS 13-7 MARS database deleting Security Manager server from 13-7 saving Security Manager credentials during policy lookup 13-6 MARS events for connection teardown in realtime event viewer 13-3 generated by custom signatures and policy lookup 13-10 of type Context Data 13-5 Packet Data 13-5 MARS Global Controller See Global Controller MARS GUI accessing using Internet Explorer, note 13-8 MARS Local Controller See Local Controller MARS session idle timeout, exceeding using Security Manager credentials for policy lookup 13-6 MARS user account defining in Common Services for policy lookup 13-7 not defined in Common Services prompting for credentials 13-11 MARS user roles Admin editing Security Manager credentials 13-7 for modifying Security Manager credentials 13-9 Notifications Only 13-9 Operator 13-9 Security Analyst editing Security Manager credentials 13-7 MARS web interface policy table lookup with Security Manager not installed 13-6 max-webvpn-session-limit cannot be imported 9-7 MD5 hashcodes See hashcodes modal dialog box looking up policy table from MARS 13-11 N NAC deployment fails 10-7 name changes during discovery 6-15 posture validation not occurring 10-7 NAT discovering rules with route maps 10-3 name changes during discovery 6-11 VPN traffic sent unencrypted 10-3 navigating from multiple signature IDs to historical events in MARS 13-17 to realtime events in MARS 13-17 from policies to MARS events, advantages 13-14 network administrators associating with user account for policy lookup from MARS 13-9 Networking Professionals Connection 1-x network operators associating with user account for policy lookup from MARS 13-9 non-Workflow mode policy table lookup from MARS events 13-8 with Security Manager client active 13-8 number of rules 13-10 O object groups enabled for access rules MARS events lookup 13-17 object-groups name changes during discovery 6-8 objects expanding contents in MARS event query 13-14 query criteria in MARS 13-14 using existing objects during discovery 6-4 online help loading 2-5 preserving search results 2-6 operational mode changing 5-4 OS version mismatch fixing 12-4 out-of-band changes resolving 12-4 P Packet Data events huge syslog messages 13-5 on IPS and IDS sensors policy query icon and 13-5 parsing invalid syslog messages 13-4 passwords encrypted passwords on routers 10-2 peer support, Networking Professionals Connection 1-x performance of MARS number of rules 13-10 of Security Manager 13-10 PIX/ASA devices discovering policies on security contexts 6-4 discovering policies when using AUS 6-3 PIX firewalls multiple contexts MARS events lookup 13-14 PIX object groups handling names during discovery 6-3 policies policy discovery FAQ 6-2 rediscovery and current assignments 6-3 using existing policies during discovery 6-4 policy discovery AAA commands not displayed in AAA policy 6-5 AAA method lists partially discovered 6-5 AAA servers and server-private command 6-5 deploying after discovering VPN and router policies 6-3 determining results 6-2 device hostnames 6-5 discovering configuration commands 6-3 discovering with AUS 6-3 discovery and ACS 6-3 frequently asked questions 6-2 FWSM and Catalyst security contexts 6-4 how it works 6-2 naming ACLs and object groups 6-3 NAT rules with route maps 10-3 negated SSL VPN policies 6-5 PIX/ASA security contexts 6-4 preserving ACL names 6-6 redeploying after discovery 6-3 rediscovering existing policies 6-3 resource names changed during discovery 6-8 unable to submit changes 6-4 undiscovered VPN features 6-6 using existing policies and objects 6-4 viewing discovered policies 6-2 viewing undiscovered policies 6-2 when to perform 6-2 while deploying to device 6-5 policy lookup 13-3 policy lookup from MARS 13-7 policy query icon for access rules not found on the device 13-4 for Context Data events 13-5 for devices with multiple contexts without reporting IP address 13-12 for events in Global Controller 13-11 for Packet Data events 13-5 for Unknown Device Event Type triggered by custom signatures 13-10 for unsupported syslog IDs 13-3 policy query login dialog box saving Security Manager credentials 13-12 Policy Query popup window See read-only policy table policy table lookup devices with multiple contexts prerequisites for 13-12 error message 13-11 event action filter, configuring 13-8 MARS user roles 13-9 modal dialog box 13-11 prompting for credentials MARS user not in Common Services 13-11 time taken for 13-10 with Security Manager client active in non-Workflow mode 13-8 in Workflow mode 13-8 with Security Manager client not running 13-8 port forwarding list applied to wrong SSL VPN context 9-8 deployment failure when removed 9-8 PPP name changes during discovery 6-13 properties, changing critical device 5-2 proxy-bypass interfaces configured for SSL VPN 9-7 PSIRT 1-x publications, obtaining additional 1-x PVC policies unable to deploy 10-4 Q quality of service (QoS) name changes during discovery 6-16 queries criteria complexity 13-14 objects in policies 13-14 populated from policies 13-14 expanding objects in MARS 13-14 for historical events run manually 13-14 for realtime events run automatically 13-14 Query/Reports tab identifying incident for signature policy lookup 13-5 querying for MARS events from devices without reporting IP address 13-12 for Unknown Reporting Devices in MARS 13-12 Query page reusing browser window during events lookup 13-15 R read-only policy table after display of access rules, modifying 13-5 error message corrective action 13-6 device added to MARS only 13-6 read-only signature policy page viewing Security Manager details 13-9 realtime events policy lookup error message 13-4 running query automatically 13-14 realtime events lookup device versions supported for 13-8 realtime event viewer access rule lookup for connection teardown events 13-3 in MARS navigating from policies 13-14 reload after configuration rollback 12-8 Reporting Applications tab Security Manager user credentials for initial communication 13-12 using MARS credentials not defined in Common Services 13-11 reporting IP address for devices with multiple contexts policy table lookup 13-12 resources AAA name changes 6-9 AAA policy name changes 6-13 ACL name changes 6-9 dialer name changes 6-12 dynamic NAT name changes 6-11 HTTP name changes 6-14 inspection rule name changes 6-10 line access name changes 6-14 NAC name changes 6-15 names changed during discovery 6-8 object-group name changes 6-8 PPP name changes 6-13 QoS name changes 6-16 service policy rule name changes 6-11 transparent rule name changes 6-10 rollback 12-4 Catalyst switches and 7600 devices 11-3 performing when deploying to file 12-9 router platform policy troubleshooting 10-1 device access policies 10-4 device interface policies 10-2 DHCP policies 10-5 DSL policies 10-3 NAC policies 10-6 NAT policies 10-2 PVC policies 10-4 SDP policies 10-5 SNMP policies 10-6 static routing policies 10-7 routers configuring routers with 12.1 or 12.2 10-1 managing encrypted passwords 10-2 S security advisories 1-x incidents, obtaining assistance 1-x news from Cisco registering to receive 1-x RSS feed URL 1-x notices 1-x PSIRT 1-x vulnerabilities, reporting 1-x Security Agent installation troubleshooting 2-6 security certificate invalid during discovery 5-6 security context configuring management IP 7-2 security contexts changing 5-4 deleting configuration file 5-6 discovering policies on FWSM and Catalyst devices 6-4 discovering policies on PIX/ASA devices 6-4 Security Manager client cleaning server list in Login window 2-2 determining HTTPS mode 2-2 entering server names after installation 2-2 frequently asked questions 2-1 installing on same machine as server 2-2 loading online help 2-5 locating client logs 2-2 reinstalling 2-4 removing locks of another user 2-5 resetting password 2-2 resolving version mismatch 2-2 running in dual-screen mode 2-3 upgrading from a previous version 2-4 using HTTP 2-3 Security Manager database corrupted 1-2 troubleshooting 1-2 Security Manager Diagnostics utility accessing 1-1 Security Manager policy query icon See policy query icon Security Manager server collecting troubleshooting information 1-1 database issues 1-2 installation 1-4 restoring database from files 1-3 restricting access 1-4 unable to launch 1-3 sensor ID in IPS syslog messages in MARS for virtual sensors 13-5 service policy rules name changes during discovery 6-11 service requests submitting 1-x services creating groups from nameless services 7-3 signature policy default assigned to devices 13-14 excluded from discovery empty icon 13-14 not discovered on device and events lookup 13-14 signatures default editing, policy icon 13-14 events lookup 13-14 managing updates 8-3 retrieving updates 8-1 signature summary table navigating to historical events in MARS 13-15 realtime events in MARS 13-15 SNMP removing traps unintentionally 10-6 traps not being sent 10-6 SSL handshake failure during deployment 12-10 SSL VPN AAA accounting not implemented 9-8 address pools on interface subnet 9-8 cannot import license information 9-7 detecting overlapping pools 9-7 limitations 9-7 limitations due to OS defects 9-8 lists applied to wrong context 9-8 modifying WINS master server 9-8 need for DNS 9-7 removing aaa new-model command 9-7 removing group policies from PIX/ASAs 9-9 removing port forwarding list 9-8 sharing connection profiles on ASAs 9-7 sharing gateway addresses 9-7 use of proxy-bypass interfaces 9-7 using interface roles 9-7 static routing deployment fails after upgrade 10-7 floating route not inserted 10-7 support Networking Professionals Connection 1-x obtaining from Cisco 1-x syslog message IDs for IOS routers supported for policy lookup from MARS 13-11 supported for policy lookup from MARS by firewall devices 13-11 unsupported for policy lookup 13-3 policy query icon 13-3 syslog messages accuracy of matches hashcodes 13-17 for IPS events absence of sensor ID 13-5 for Packet Data events 13-5 system administrators associating with user account for policy lookup from MARS 13-9 system log messages connection teardown policy lookup, error 13-3 deployed rules synchronization with device 13-7 generated by access rules unavailable on device 13-4 invalid format policy lookup 13-4 T technical support (TAC) obtaining 1-x URL for service requests 1-x testing connectivity between MARS and Security Manager 13-7, 13-10 time consumption for policy table lookup number of rules 13-10 with Security Manager client open 13-10 timezone settings certificate errors 5-6 training, obtaining 1-x transparent rules name changes during discovery 6-10 troubleshooting information generating 1-1 trusted hosts provisioning 8-3 U Unknown Device Event Type custom signatures and 13-10 Unknown Reporting Devices querying for in MARS 13-12 URL list applied to wrong SSL VPN context 9-8 user account creating a separate one for policy lookup 13-7 with admin privileges for adding Security Manager to MARS 13-9 User Configuration page in MARS editing Security Manager credentials 13-7 Security Manager credentials disabled 13-7 user credentials of Security Manager added to MARS in Reporting Applications tab 13-12 in the User Configuration page 13-12 Reporting Applications tab of MARS different from those in User Configuration page 13-12 User Configuration page of MARS authenticating Security Manager 13-12 populated from policy query login dialog box 13-12 user roles in MARS editing Security Manager credentials 13-7 modifying Security Manager credentials 13-9 V version mismatch, resolving 2-2 views committed 13-7 deployed policy lookup from MARS 13-7 virtual sensors signature policy lookup from MARS events 13-5 VLAN ACLs (VACLs) supported types 11-2 VLANs referencing undefined 11-2 VPN defining multiple CA servers 9-2 defining multiple spoke definitions 9-6 discovering after configuring 9-4 enabling/disabling VRF on Catalyst 6500/7600 9-4 loss of communication with spoke 9-2 negated SSL VPN policies 6-5 PKI with AAA 9-2 SSL VPN limitations 9-7 SSL VPN limitations due to OS defects 9-8 traffic sent unencrypted 10-3 unconfigurable commands when Easy VPN enabled 9-5 undiscovered features 6-6 unneeded Easy VPN policies 9-4 updating routing processes 9-1 vpn sessiondb cannot be imported 9-7 VTY name changes during discovery 6-14 W WINS modifying master server 9-8 Workflow mode policy table lookup editable activities 13-8 from MARS events 13-8 with Security Manager client active 13-8
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks