-
Using Management Center for Firewalls 1.3
-
Preface
-
Getting Started with Firewall MC
-
Task Flow Checklists
-
Preparing the Firewall MC Environment
-
Managing Activities
-
Preparing Your Firewall Devices
-
Creating an Inheritance and Grouping Strategy
-
Representing Network Assets in Firewall MC
-
Configuring Device-Level Settings
-
Configuring Routing Rules
-
Defining Your Policy Building Blocks
-
Configuring Access Rules
-
Configuring Translation Rules
-
Defining Rules Manually Using CLI Syntax
-
Generating and Verifying Configuration Files
-
Deploying Configuration Files
-
Monitoring and Reporting
-
Configuring VPN Settings
-
Configuring Failover
-
Maintaining Your Firewall MC Server
-
Troubleshooting
-
Understanding User Roles and Permissions
-
Index
-
Table Of Contents
A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - R - S - T - U - V - W -
Index
A
AAA (authentication, authorization, or accounting)
access rules 11-2
server groups
configuring 10-31
creating 10-32
deleting 10-34
editing 10-32
LOCAL, special note 10-31
servers in, defining 10-34
AAA Admin Authentication, configuring 8-54, 8-59
elements and descriptions (table) 8-56, 8-60
AAA authentication
changing A-12
AAA services
troubleshooting
blank screen A-10
access rules 11-1
AAA rules 11-2
AAA Admin Authentication feature, and 11-27
ACL mode, and 11-5
applet
does not load A-28
ASA (Adaptive Security Algorithm), and 11-5
configuring 11-1
copying 11-38
cutting 11-38
filter rules (see web filter rules) 11-2
firewall rules 11-2
AAA authentication, and 11-20
inserting 11-17
FWSM, and 11-15
hierarchy of 6-8
Mandatory and Default Settings (figure) 6-9
important information about 11-15
pasting 11-38
PIX Firewall, and 11-15
web filter rules 11-2
ACEs (Access Control Entries), definition 11-5
ACLs (Access Control Lists)
definition 11-5
active state, failover 18-37
activities 15-16
activities, approving 3-9
activities, managing 4-1
action buttons 4-12
activity bar, using 4-6
activity states 4-13
Approved 4-14
Discarded 4-14
Edit 4-13
Edit_Open 4-13
General_Open 4-14
Rejected 4-14
ReverseGenerate_Open 4-14
Submitted 4-13
Submitted_Open 4-14
approving or rejecting activities 4-22
closing an activity 4-24
creating activities 4-15
error and warning messages 4-25
activity transition warning messages 4-30
locking 4-2
opening an existing activity 4-23
rejecting or approving activities 4-22
submitting activities for review 4-19
tasks in 4-9
activity actions, understanding 4-10
Activity Management Table (figure) 4-11
activity states, understanding 4-13
important notes about 4-10
undoing an activity 4-25
workflow
when disabled (default) 4-6
when enabled 4-7
activities, understanding 3-7
activity bar, using 4-6
activity bar icons (table) 1-12
activity states 4-13
Approved 4-14
Discarded 4-14
Edit 4-13
General_Open 4-14
Rejected 4-14
ReversGenerate_Open 4-14
Submitted 4-13
Submitted_Open 4-14
adding
device groups 6-12
jobs 15-20
names and descriptions to service groups 10-31
network interface 8-6
network objects 10-21
RIPs 9-10
service definitions 10-25
service groups 10-28
SNMP rule 8-46
SSH 8-39
static routes 9-5
Telnet rule 8-36
translation rules
dynamic 12-19
static 12-31
adding a fragment to the Fragments feature 8-76
additions for this release of Firewall MC, configuring 13-1
address translation pools
configuring 10-35
creating 10-35
deleting 10-38
editing 10-35
elements of, deleting 10-38
verifying summary information for 10-38
administrative activity reports, viewing 16-31
activity page columns and descriptions (table) 16-32
XML files, saving as 16-32
administrative events, retaining audit records of 16-29
administrative model, selecting 3-1
Cisco Secure ACS roles and privileges 3-3
CiscoWorks Server roles, and Firewall MC privileges 3-2
Admin tab
Support option
description A-2
using A-3
advanced device-level settings, configuring 8-67
AH protocol 17-2
Anti-Spoofing feature, configuring 8-73
approval for firewall policies, requiring 3-9
Approve button, when approval is disabled 3-2
Approved activity state 4-14
approving activities 3-9
approving or rejecting activities 4-22
ARP (Address Resolution Protocol)
(see proxy ARPs) 9-14
audience for this document xxiii
audit records of administrative events, retaining 16-29
AUS
authenticating
PIX Firewall A-13
AUS (Auto Update Server)
applying 7-48
configuring 7-45
configuring PIX Firewall to use 5-10
contact information 7-45
Authentication Header
authentication mode, selecting 3-1
Cisco Secure ACS roles and privileges 3-3
CiscoWorks Server roles, and Firewall MC privileges 3-2
authentication prompts, configuring 8-64
elements and descriptions (table) 8-66
authenticator 17-2
B
backing up the database 19-6
basic device-level settings, configuring 8-1
Beginning Commands feature, configuring 13-3
bootstrapping
configurations, checking
FWSM, existing 5-14
PIX Firewall, existing 5-2
configurations, verifying
FWSM 5-23
PIX Firewall, existing 5-12
FWSM
existing 5-16
new 5-19
FWSM (firewall services module), LAN-based failover pair 18-21
overview 5-1
of FWSM 5-13
of PIX Firewalls 5-2
PIX Firewall, LAN-based failover pair 18-13
PIX Firewall for LAN-based failover 18-10
PIX Firewalls, existing 5-4
PIX Firewall to use AUS 5-10
required information
FWSM 5-15
PIX Firewall 5-3
when to bootstrap
FWSM 5-14
PIX Firewalls 5-2
building blocks
AAA server groups
configuring 10-31
creating 10-32
defining a server for 10-34
deleting 10-34
editing 10-32
address translation pools
configuring 10-35
creating or editing 10-35
deleting 10-38
verifying summary information for 10-38
important information about 10-4
network objects 10-9
adding or editing 10-21
deleting 10-24
service definitions
adding or editing 10-25
configuring 10-24
deleting 10-27
service groups
adding or editing 10-28
configuring 10-28
deleting 10-31
description for, providing 10-31
naming 10-31
C
cautions
regarding
configuration files, unauthorized access 3-23
configuration files, unauthorized access to 3-23
deployment directories 3-25
import directories 3-26
significance of xxiv
changing
AAA authentication A-12
authentication, AAA A-12
checklist
creating site-to-site tunnels 17-10
checklists
deployment phase 2-20
implementation phase 2-12
operations phase 2-22
planning phase 2-2
verification phase 2-18
checkpoints
about 19-13
Cisco.com, accessing xxvi
Cisco Secure Access Control Server
permissions to use
ACS Permission Types (table) B-8
roles and descriptions using ACS (table) B-9
roles and privileges, and Firewall MC 3-3
shared profile components 3-3, B-5
share profile components B-5
CiscoWorks Server
logging in to 1-4
login window (figure) 1-5
CiscoWorks Server roles, and FirewallMC privileges 3-2, B-2
closing an activity 4-24
compacting
about 19-2
scheduling 19-3
concepts in Firewall MC
configuration hierarchy 6-10
Sample Group Hierarchy (figure) 6-11
conduits and outbound list conversion tool
conduits, conversion notes 7-6
outbound lists, conversion notes 7-7
process 7-8
configuration files
additions 13-1
earlier version, returning to (rollback) 15-28
generating 14-2
importing
for devices 7-9
for multiple devices 7-9
from devices 7-22
previous, returning to (rollback) 15-28
configuration hierarchy (scope)
concept 6-10
Configuration Hierarchy and Settings Attributes (figure) 6-3
configurations, viewing 14-1
Configuration tab
Device Settings option
Routing suboption (see routing) 9-1
Settings option
Config Additions suboption (see configuration files, additions) 13-1
Failover page (see failover) 18-31
View Config option 14-1
configuring
AAA server groups 10-31
access rules 11-1
additions for this release of Firewall MC 13-1
address translation pools 10-35
AUS 7-45
Beginning Commands feature 13-3
DHCP Servers 7-36
Ending Commands feature 13-5
failover 18-31
FWSM (Firewall Services Module) failover pairs 18-18
N2H2 7-29
PIX Firewall to use AUS 5-10
proxy ARPs 9-14
RIPs 9-9
routing 9-1
service definitions 10-24
service groups 10-28
settings 6-1
static routes 9-4
TFTP servers 7-43
translation rules 12-1
unique identity 7-50
URL filtering servers 7-29
Websense 7-29
console, configuring timeout 8-63
console timeout, configuring
elements and descriptions (table) 8-64
controls, global 3-13
creating
AAA server groups 10-32
address translation pools 10-35
devices for import 7-15
jobs 15-20
server groups 10-32
creating activities 4-15
CSV file, setting up A-15
D
databases
about 19-2
backing up 19-6
compacting 19-2
restoring 19-11
scheduling checkpoints for 19-13
default
rules 6-8
settings 6-4
default settings
inherited
by children, changing A-25
defining rules
viewing
global default A-25
deleting
device groups 6-15
devices 7-28
fragment from the Fragments feature 8-77
HTTPS (SSL) rules 8-35
ICMP rules 8-54
interface 8-18
network objects 10-24
rules
RIP 9-13
service definitions 10-27
service groups 10-31
SNMP client information 8-50
SSH 8-41
static routes 9-9
Telnet rule 8-38
URL filter server 7-35
deploying
individual devices A-27
troubleshooting
to device A-27
workflow
individual devices A-27
deployment
configurations
deploying 15-3
Deployment tab, deploying from 15-12
Generate and Deploy icon, deploying from 15-4
generating 15-3
viewing 15-9
deployment, important notes on 15-2
deployment error messages, understanding 15-16
deployment methods 15-1
deployment states, understanding 15-8
Deployment Summary page, viewing 15-14
Deployment table
accessing 15-9
managing 15-1
summary icons, understanding 15-8
deployment controls 3-22
deploying to AUS, usage notes on 3-22
deployment type, setting 3-23
elements and descriptions (table) 3-24
device administration, configuring
console timeout 8-63
elements and descriptions (table) 8-64
passwords 8-25
elements and descriptions (table) 8-28
notes, restrictions 8-26
device groups 6-11
adding or editing 6-12
defining group information 6-13
deleting 6-15
device groups, moving 6-13
device-level settings, configuring 8-1
AAA admin authentication 8-54, 8-59
advanced settings 8-67
Anti-Spoofing feature 8-73
Basic Fixups feature 8-84
Flood Guard feature 8-94
Fragments 8-75
IDS Policy 8-68
IDS signatures 8-71
Multimedia Fixups feature 8-89
TCP options 8-78
Timeouts 8-81
authentication prompts, configuring 8-64
elements and descriptions (table) 8-66
basic settings 8-1
device administration 8-25
console timeout, configuring 8-63
passwords, configuring 8-25
firewall device contact info 8-29
applying info 8-30
elements and descriptions (table) 8-31
Firewall OS version 8-2
elements and descriptions (table) 8-3
HTTPS (SSL) 8-32
deleting a rule 8-35
elements and descriptions (table) 8-34
rules, adding or editing 8-33
ICMP interface rules 8-50
deleting an ICMP rule 8-54
elements and descriptions (table) 8-52
inserting or editing 8-51
interfaces 8-5
adding or editing an interface 8-6
deleting 8-18
elements and descriptions (table) 8-11
polling a FWSM for VLAN information 8-18
Management Access 8-41
elements and descriptions (table) 8-43
enabling or disabling 8-42
Secure Shell 8-38
adding or editing SSH 8-39
applying SSH 8-38
deleting SSH 8-41
elements and descriptions (table) 8-40
SNMP 8-43
adding or editing an SNMP rule 8-46
configuring MIBs 8-44
configuring OIDs 8-44
configuring traps 8-45
elements and descriptions (table) 8-47
SNMP client information, deleting 8-50
SNMP management Station, applying settings to 8-45
Telnet, configuring 8-35
adding or editing a rule 8-36
applying a rule 8-35
deleting a rule 8-38
elements and descriptions (table) 8-37
devices
configuration files, importing for devices 7-1
creating 7-15
groups (see device groups) 6-11
importing 7-1
important information about 7-3
managing 7-26
deleting 7-28
editing 7-27
moving 7-28
renaming 7-27
moving 7-28
renaming 7-27
devices, setting up
configuration files, importing for multiple devices
import status information, viewing 7-25
devices and groups, setting up
configuration files, importing for multiple devices 7-9
multiple firewall configurations, importing from a CSV file 7-12
Sample CSV Format Table 7-14
device settings
overview 17-3
DHCP Servers
configuring 7-36
Diffie-Hellman
use in IKE tunnels 17-5
disabling
Management Access 8-42
Discarded activity state 4-14
discarding an activity 4-25
documentation xxiv
audience for this xxiii
feedback, submitting electronically xxvii
obtaining xxvi
Cisco.com xxvi
ordering xxvii
other Cisco publications and information xxix
related to this product xxv
typographical conventions in xxiii
dynamic translation rules, configuring
adding or editing 12-19
E
Easy VPN Management 17-72
Easy VPN Remote 17-67
Edit_Open activity state 4-13
Edit activity state 4-13
editing
fragment in the Fragments feature 8-76
ICMP interface rule 8-51
network interface 8-6
SNMP rule 8-46
SSH 8-39
Telnet rule 8-36
enabling
Management Access 8-42
Encapsulating Security Payload
Ending Commands feature, configuring 13-5
environment, preparing 3-1
administrative model, selecting 3-1
Cisco Secure ACS roles and privileges 3-3
authentication mode, selecting 3-1
Cisco Secure ACS roles and privileges 3-3
CiscoWorks Server roles, and Firewall MC privileges 3-2
global FirewallMC controls, configuring 3-13
deployment controls 3-22
feature tracking controls 3-28
import controls 3-26
management controls 3-13
object grouping controls 3-30
workflow mode, selecting 3-5
workflow elements and descriptions (table) 3-13
workflow process, understanding 3-5
error messages
activity 4-25
deployment, understanding 15-16
device or device group is locked by activity 4-28
error 404 Page not found A-24
failed to contact host A-21
invalid activity action 4-29
no changes can be made within the open activity... 4-28
operation failed... 4-29
you must approve or discard all existing activities... 4-29
ESP protocol 17-2
F
failover
about PIX Firewall failover 18-4
active state 18-37
configuring settings 18-31
dual-chassis configuration (figure) 18-20
failover interface, inserting or editing 18-31
IP addresses 18-37
LAN-based 18-32
link communications 18-4
overview 18-31
PIX Firewall
migrating from serial to LAN-based 18-11
PIX Firewalls, configuring 18-6
single chassis configuration (figure) 18-19
standby state 18-37
stateful
configuring PIX Firewall failover pairs 18-4
definition 18-32
Stateful Failover 18-3
overview 18-3
state information 18-3
state link requirements 18-3
stateless, configuring PIX Firewall failover pairs 18-4
feature tracking 3-28
feature tracking controls, configuring 3-28
elements and descriptions (table) 3-28, 3-34
firewall
devices
administration 8-25
firewall device administration
unique identity
configuring 7-50
enabling 7-50
firewall device contact info, configuring 8-29
applying info 8-30
elements and descriptions (table) 8-31
Firewall MC
authentication with AUS A-10
changing, enable password A-12
communicating
AUS A-20
Control feature
AUS Contact feature 7-45
starting (see getting started with Firewall MC) 1-1
wizards
Firewall MC Wizard Elements (figure) 1-17
using 1-16
Firewall MC software requirements A-6
Fixups feature, configuring
basic Fixups 8-84
applying fixups 8-85
elements and descriptions (table) 8-86
multimedia Fixups 8-89
applying fixups 8-90
elements and descriptions (table) 8-91
Flood Guard feature, configuring 8-94
elements and descriptions (table) 8-95
enabling Flood Guard 8-94
Fragments, configuring 8-75
adding or editing a fragment 8-76
deleting a fragment from the Fragments feature 8-77
elements and descriptions (table) 8-77
FSWM (Firewall Services Module)
polling for VLAN information 8-18
FWSM (Firewall Services Module)
configuring failover pairs 18-13
failover pairs, configuring 18-18
FWSM (Firewall Services Modules)
bootstrapping 5-13
existing 5-16
new 5-19
overview of 5-13
when to 5-14
existing configurations
checking 5-14
verifying 5-23
G
General_Open activity state 4-14
generating a configuration file 14-2
getting started with Firewall MC 1-1
CiscoWorks Server desktop, logging in to 1-4
CiscoWorks Server Login Window (figure) 1-5
concepts
configuration hierarchy 6-10
Sample Group Hierarchy (figure) 6-11
Desktop with Firewall MC Drawer Displayed (figure) 1-6
home page (figure) 1-7
user interface, understanding 1-8
Firewall MC Basic GUI Elements (figure) 1-9
Firewall MC Object Selector Elements (figure) 1-14
Firewall MC Table Elements (figure) 1-15
Firewall MC wizards 1-16
GUI 1-9
object selector 1-14
global FirewallMC controls, configuring 3-13
deployment controls 3-22, 3-23
feature tracking 3-28
import 3-26
management controls 3-13
object grouping 3-30
groups (see device groups) 6-11
GUI (graphic user interface)
Firewall MC 1-8
H
help xxviii
(see also troubleshooting) A-1
supported operating systems A-5
Support feature, using A-3
TAC xxviii
website xxviii
Windows 2000 and Windows 2000 Advanced Server support A-5
HTTPS (SSL), configuring 8-32
deleting a rule 8-35
elements and descriptions (table) 8-34
rules, adding or editing 8-33
I
ICMP interface rules, configuring 8-50
deleting an ICMP rule 8-54
elements and descriptions (table) 8-52
inserting or editing 8-51
icons
generate summary (table) 15-8
in activity bar (table) 1-12
padlocks, understanding 4-4
IDS policy, configuring 8-68
elements and descriptions (table) 8-69
IDS signatures
applying signatures 8-72
elements and descriptions (table) 8-73
IDS signatures, configuring 8-71
notes about 8-71
IKE tunnels
proposals 17-6
import controls, configuring 3-26
elements and descriptions (table) 3-27
import directory, setting up 3-26
importing configuration files
for devices 7-9
for multiple devices 7-9
from devices 7-22
importing devices 7-1
devices, creating 7-15
import type, selecting 7-2
Import Types (table) 7-2
important information about 7-3
importing multiple firewall configurations from a CSV file 7-12
inheritance 6-1
inherited settings (default settings) 6-4
installing
application server, terminal services A-6
remote administrator, terminal services A-6
interface, user
Firewall MC 1-8
interfaces
adding 8-6
configuring 8-5
deleting 8-18
editing 8-6
VLAN information, polling a FWSM for 8-18
IPSec
overview 17-2
role of policy in 17-8
site-to-site tunnels 17-9
IPSec tunnels
checklist
Peer to Peer 17-10
J
jobs 15-16
adding 15-20
approving or rejecting 15-26
creating 15-20
deploying 15-27
opening an existing 15-28
rollback, configuring 15-28
submitting for review 15-25
summary information, verifying 15-22
jobs, approving 3-10
jobs, understanding 3-8
L
LOCAL AAA group, note on 10-31
locking, understanding 4-2
logging level for device-level monitoring, configuring 16-27
log settings for firewall devices, specifying 16-6
elements and descriptions (table) 16-8
Syslog Facility settings 16-9
syslog traffic 16-6
directing to a Syslog Server 16-15
disabling 16-16
enabling 16-7
M
Management Access, configuring 8-41
elements and descriptions (table) 8-43
enabling or disabling 8-42
management controls, configuring 3-13
elements and descriptions (table) 3-17
setting 3-14
mandatory
rules 6-8
settings 6-5
mapping
generated command sets
rules A-26
MDCSupport command A-4
monitoring and reporting 16-1, 16-5
administrative activity reports, viewing 16-31
activity page columns and descriptions (table) 16-32
saving as XML files 16-32
audit records of administrative events, retaining 16-29
device monitoring checklist 16-2
logging level for device-level monitoring, configuring 16-27
log settings for firewall devices, specifying 16-6
elements and descriptions (table) 16-8
Syslog Facility settings 16-9
syslog traffic, enabling 16-7
syslog message list, refining 16-16
ACL syslog setting elements and descriptions (table) 16-21
enabling or disabling a message by ID 16-18
enhanced audit data for firewall rules, generating 16-19
level, reassigning 16-17
rate limit elements and descriptions (table) 16-26
rate limit for a message, deleting 16-27
rate limit level elements and descriptions (table) 16-24
rate limit level for a FSWM, configuring 16-22
rate limit of individual messages, configuring 16-24
multiple firewall configurations, importing from a CSV file
Sample CSV Format (table) 7-14
N
N2H2
configuring 7-29
N2H2, important information on 7-30
network objects 10-9
adding or editing 10-21
deleting 10-24
service definitions
adding or editing 10-25
configuring 10-24
deleting 10-27
O
object grouping controls, configuring 3-30
elements and descriptions (table) 3-31
object grouping information, setting 3-30
Object Selector 1-14
opening
an existing job 15-28
opening an existing activity 4-23
outbound list, converting (see conduits and outbound list conversion tool) 7-7
overview of Firewall MC
key concepts
configuration hierarchy 6-10
Sample Group Hierarchy (figure) 6-11
P
padlock icons, understanding 4-4
password
enable, changing A-12
passwords, configuring 8-25
elements and descriptions (table) 8-28
notes, restrictions 8-26
permissions for users (see user roles and permissions) B-1
PIX Firewall
authenticating
AUS A-13
PIX Firewalls
bootstrapping 5-2
failover, configuring 18-6
multiple, bootstrapping (scenario)
configuration, verifying 5-12
procedure 5-2
when to bootstrap 5-2
policy rules
role in IPSec tunnels 17-3
preshared secrets
automatic generation of 17-4
benefits of 17-4
drawbacks of 17-4
protocols
AH
ESP
proxy ARPs (Address Resolution Protocols)
configuring 9-14
disabling 9-15
R
Rejected activity state 4-14
rejecting or approving activities 4-22
reporting (see monitoring and reporting) 16-1
restoring
caution 19-11
databases 19-11
ReverseGenerate_Open activity state 4-14
review, submitting activities for 4-19
RIPs (Routing Information Protocols)
configuring 9-9
field-level elements 9-12
rules
adding or editing 9-10
deleting 9-13
Version 2 notes 9-10
rollback 15-28
routing
configuring 9-1
proxy ARPs
configuring 9-14
disabling 9-15
RIPs
adding or editing a rule 9-10
configuring 9-9
deleting a RIP rule 9-13
Version 2 notes 9-10
static routes
adding 9-5
configuring 9-4
deleting 9-9
editing 9-5
summary information for, verifying 9-9
routing rules
types
dynamic 9-1
implicit 9-1
proxy ARP 9-2
static 9-1
types of 9-1
rules
concepts of
translation rules 12-1
default 6-8
mandatory 6-8
order, how A-26
RIP 9-10
routing 9-1
translation, configuring 12-1
troubleshooting
moving A-26
S
scope (see configuration hierarchy) 6-10
Secure Shell, configuring 8-38
adding or editing SSH 8-39
applying SSH 8-38
deleting SSH 8-41
elements and descriptions (table) 8-40
SecurityMonitor
device monitoring checklist 16-2
log traffic, directing to 16-9
security policies
objectives of 2-1
servers and services
AUS
applying 7-48
configuring 7-45
DCHP servers
applying 7-36
configuring 7-36
TFTP servers
configuring 7-43
URL filtering servers
configuring 7-29
N2H2, important information on 7-30
Websense, important information on 7-30
VPN client
settings, applying 17-67, 17-72
service definitions
adding or deleting 10-25
configuring 10-24
deleting 10-27
service groups, configuring 10-28
adding or editing 10-28
deleting 10-31
name and description, adding 10-31
services
failed to start A-23
settings, configuring
additions for this release, configuring 13-1
Beginning Commands feature 13-3
Ending Commands feature 13-5
Configuration Hierarchy and Settings Attributes (figure) 6-3
default 6-4
Default Settings Diagram (figure) 6-5
device-level
advanced 8-67
basic 8-1
failover (see failover) 18-31
mandatory settings 6-5
Mandatory Settings Diagram (figure) 6-6
routing (see routing) 9-1
show failover command 18-26, 18-44
SNMP, configuring 8-43
adding or editing an SNMP rule 8-46
configuring MIBs 8-44
configuring OIDs 8-44
configuring traps 8-45
elements and descriptions (table) 8-47
SNMP client information, deleting 8-50
SNMP Management Station, applying settings to 8-45
SSH (see Secure Shell) 8-38
SSL certificate
changing A-29
standby state, failover 18-37
Stateful Failover
stateful failover 18-4
state information 18-3
stateless failover 18-4
state link 18-3
states of activity 4-13
static routes
configuring 9-4
defined 9-1
deleting 9-9
editing 9-5
field-level elements 9-7
static route summary information, verifying 9-9
static translation rules, configuring
adding or editing 12-31
Submitted_Open activity state 4-14
Submitted activity state 4-13
supported operating systems A-5
Support tool
overview A-2
using A-3
SyslogFacility settings, specifying 16-9
elements and descriptions (table) 16-11
syslog traffic 16-6
directing to a Syslog Server 16-15
disabling 16-16
enabling 16-7
syslog message list, refining 16-16
ACL syslog setting elements and descriptions (table) 16-21
enabling or disabling a message by ID 16-18
enhanced audit data for firewall rules, generating 16-19
level, reassigning 16-17
rate limit
elements and descriptions (table) 16-26
for a message, deleting 16-27
level, elements and descriptions (table) 16-24
level, for a FWSM, configuring 16-22
of individual messages, configuring 16-24
system requirement
valid DNS entry A-6
T
table elements
Firewall MC 1-15
TAC (Technical Assistance Center) xxviii
website xxviii
TCP Options feature, configuring 8-78
applying TCP options 8-78
elements and descriptions (table) 8-79
technical support xxviii
TAC xxviii
website xxviii
technical support, obtaining
(see also troubleshooting) A-1
Support feature, using A-3
Telnet, configuring 8-35
adding or editing a rule 8-36
deleting a rule 8-38
elements and descriptions (table) 8-37
rule, applying 8-35
terminal services
installing in application server mode A-6
installing in remote administrator mode A-6
TFTP servers
configuring 7-43
Timeout feature, configuring 8-81
applying a timeout 8-81
elements and descriptions (table) 8-82
translation rules
configuring
general guidelines 12-1
important information about 12-17
dynamic, configuring
adding or editing 12-19
static, configuring
rules, adding or editing 12-31
troubleshooting
AAA services
blank screen A-10
access rules
does not load A-28
activity transition warning messages 4-30
anti-spoofing and stopping traffic 8-74
authenticating
Firewall MC/AUS with a PIX A-11
Firewall MC and AUS A-10
commands sets
mapping A-26
conduits and outbound list conversion tool use 7-7
error messages 4-26
device or device group is locked by activity 4-28
error 404 Page not found A-24
failed to contact host A-21
invalid activity action 4-29
logout error message number 500 A-24
No activity is open 4-26
no changes can be made within the open activity... 4-28
Operation failed... 4-29
You must approve or discard all existing activities... 4-29
Firewall MC A-1
activities, unlocking A-16
activity bar and Activity Management table showing different status A-17
communicating with AUS A-20
configuration files, and rules for PIX Firewalls A-19
configuration files, importing A-15
configuration files that use conduits, deploying A-19
control when a checkpoint occurs A-23
credential errors A-19
CSV file, setting up A-15
deployment, stopping a job A-17
deployment failure A-19
determine deployment status to AUS A-21
device not updated in deployment to AUS A-20
failed to contact host A-21
Firewall MC server not responding A-22
Firewall MC unavailable during a checkpoint A-23
jobs, stopping deployment of A-17
PDM and encryption support messages A-29
removing activities A-17
scope locked but activity is in Edit_Open state A-16
trouble switching between CiscoWorks and TACACS+ A-14
verifying login role privileges A-13
Firewall MC/AUS with a PIX
authenticating A-11
Firewall MC 1.2, AAA rules, upgrading to A-8
Firewall MC software requirements A-6
installing with Microsoft IIS, issues A-7
locks, unlocking A-16
password information, user A-9
privileges
username and password A-10
rules
deploying to device A-27
services
failed to start A-23
SSL certificate
changing A-29
supported operating systems A-5
switching between CiscoWorks and TACACS+ A-14
to firewall MC 1.2, upgrading A-8
upgrade to Firewall MC 1.2, AAA rules A-8
username and password
privileges A-10
user password information A-9
valid DNS entry A-6
Windows 2000 and Windows 2000 Advanced Server support A-5
tunnel groups
configuration
combination 17-8
hub-and-spoke 17-7
mesh 17-8
definition of 17-3
overview 17-7
tunnel policy
use with IPSec 17-8
tunnel rules
copying 17-53
cutting 17-53
pasting 17-53
tunnels
creating between sites 17-10
site-to-site
about 17-9
categories of 17-10
to business partner network 17-10
to remote office 17-10
types of 17-3
tunnel templates
default
about 17-7
definition of 17-3
Tunnel Templates dialog box 17-7
typographical conventions in this document xxiii
U
undoing an activity 4-25
unique identity
configuring 7-50
enabling 7-50
upgrade
to Firewall MC 1.2 A-8
URL filtering servers
configuring 7-29
deleting 7-35
important information on N2H2 7-30
important information on Websense 7-30
user environments (see environment, preparing) 3-1
user roles and permissions B-1
ACS Permission Types (table) B-8
Cisco Secure Access Control Server, and B-5
CiscoWorks Server roles, and FirewallMC privileges B-2
Example of Firewall MC Roles and Descriptions Using ACS (table) B-9
V
valid DNS entry
system requirement A-6
versioning (see feature tracking) 3-28
viewing
configurations 15-9
Deployment Summary 15-14
VLAN information, polling a FWSM for 8-18
VPN client
settings, applying 17-67, 17-72
W
web filter rules 11-2
Websense
configuring 7-29
Websense, important information on 7-30
Windows 2000 and Windows 2000 Advanced Server support A-5
wizards (see Firewall MC wizards) 1-16
workflow
deploying
individual devices A-27
disabled (default), important note about 4-6
enabled, managing activities with 4-7
workflow mode
approval phase 3-9
selecting 3-5
workflow elements and descriptions (table) 3-13
understanding 3-5
workflow disabled 3-6
workflow enabled 3-7
workflow options, setting 3-11
worksheets
FWSM bootstrapping information 5-15
PIX Firewall bootstrapping information 5-3