Cisco Security Manager Gets a Major Update

Stop Managing Cisco Devices one device at a time.

Recently, Cisco introduced its 4.0 version of Cisco Security Manager (CSM). CSM is an enterprise class device management solution for managing Cisco security devices like ASA, IPS, IOS devices and VPN gateways. CSM is full of features designed to make life easier for administrators that work with lots of Cisco security devices and want a central management and troubleshooting solution. CSM offers policy-based management so you can create configuration policies once and then share them between multiple devices. For example you can setup a global AAA policy or access policy and then add in all your routers and ASA's so they inherit from that policy. Now when you need to make a change you just change the global policy and all the attached devices get updated. CSM also has configuration archiving and rollback, workflow, RBAC, and ACL optimization features. All of this is wrapped up in a slick GUI interface that can make previously tedious tasks go away.

But what's new in 4.0? Well, Cisco added in quite a few new features. Here are the highlights:

• Event Monitoring - Troubleshooting tools like a full event logging engine and packet tracer. The new Event Viewer enables you to selectively monitor, search, view, and examine events from ASA and IPS devices. You can save your event queries for viewing later. You can also select a log message and have CSM take you to the rule that it hit. Or go the other way and select a ACL and have it show you all the logs (real-time or historical) that match that ACL hit. The addition of the Event logger increases the troubleshooting capabilities of CSM drastically. Here are a couple screenshots of the new event viewer in CSM 4.0
  
  
  Here is a look at the options available for each ASA FW event. Notice the "Go to policy" option. This brings you to the rule that matches the message hit. Makes troubleshooting much easier.
  
  
  At the bottom of the event viewer you have a Event Per Second (EPS) graph. This shows you at a glance your logging load and can be a good tool to alert you of drastic changes in your logging activity. The highlighted section indicates the timeframe that is currently loaded into your event viewer. You can move the timeframe slider to decrease or increase what shows in your viewer. Handy if you want to pinpoint events that happened during a spike in logging activity.
  
  




• New NAT Table – The NAT GUI has been updated to accommodate the ASA 8.3 NAT simplification features. You can now create the NAT statements during your host or network object creation. This provides a global, non-interface specific, NAT function for the ASA which is very helpful. In the screenshot below you will notice the NAT table is broken up into three parts now (only 2 are visible in the image). The 3 parts are "NAT Rules Before", "Network Object NAT Rules" and "NAT Rules After". The NAT rules are processed top down.
  
  




• Global FW Rules – CSM has been updated to accommodate the global (non-interface specific) firewall rules feature. You can now create an access control entry that is globally applied to all traffic regardless of its interface. Very cool. Here is a screenshot of the new rule dialog box:
  
  
• Out of Band change detection enhancements – While not a panacea, their has been some work on OOB change detection in CSM 4.0. You can now run an on demand OOB change detection job. It will go out to one or multiple devices and report any OOB changes. This is better than the previous OOB detection that only happened during the deployment process. This new feature will show you the differences between what CSM knows and what is running on the actual device. It doesn't take the next step and automatically import it yet though, you'll have to do that manually for now. Here are some screenshots.
  
  
  
  




• Misc: Device support for ASR1002, code support for ASA 8.3, all FWSM codes and ASR 2.4. For IOS devices, CSM now support objects if you use 12.4(20)T+ code on your routers. Additionally, Activity lock messages now include the username and activity name that has obtained a lock that prevents you from performing an action. You can now rediscovery policies on more than one device at a time and you can delete more than one device at a time.

As you can see, CSM 4.0 is a pretty hefty upgrade features wise with event monitoring taking the top spot. The addition of these features does require a for-fee upgrade license if you are an existing CSM 3.x customer. You can upgrade your software from version 3.2.2 to 4.x. Also, you need to make sure your CSM server can meet the new specifications. The server specs have increased substantially so be sure to review them. You can find the complete server specs here.

So what new features would you like to see next in Cisco Security Manager?

CSM 4.0 Release Notes
http://www.cisco.com/en/US/partner/docs/security/security_management/cis...

CSM 4.0 Deployment Planning Guide
http://www.cisco.com/en/US/docs/security/security_management/cisco_secur...

The opinions and information presented here are my PERSONAL views and not those of my employer. I am in no way an official spokesperson for my employer.

More from Jamey Heary:
* Credit Card Skimming: How thieves can steal your card info without you knowing it
* Google Nexus One vs. Top 10 Phone Security Requirements
* Why you should always shred your boarding pass
* Video rental records are afforded more privacy protections than your online data
* The truth about new SSL attacks
* 2009 Top Urban Legends in IT Security/a>

Go to Jamey’s Blog for more articles on security.

• Cisco
• Security
• asa management
• cisco csm
• cisco management
• Cisco Security
• cisco security manager
• cisco security manager 4.0
• csm 4.0
• Heary
• Jamey Heary
• managing cisco firewalls
• security