ملخص المحتوى في الصفحة رقم 1
User Guide for Cisco Security Manager 4.4
February 2013
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-28826-01
ملخص المحتوى في الصفحة رقم 2
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE
ملخص المحتوى في الصفحة رقم 3
CONTENTS Preface lvii Conventions lvii Obtaining Documentation, Obtaining Support, and Security Guidelines lviii CHAPTER 1 Getting Started with Security Manager 1-1 Product Overview 1-1 Primary Benefits of Cisco Security Manager 1-2 Security Manager Policy Feature Sets 1-4 Security Manager Applications Overview 1-6 Device Monitoring Overview 1-6 IPv6 Support in Security Manager 1-7 Policy Object Changes in Security Manager 4.4 1-9 Logging In to and Exiting Security Manager 1-9 Understanding Us
ملخص المحتوى في الصفحة رقم 4
Contents Edit Menu (Configuration Manager) 1-29 View Menu (Configuration Manager) 1-30 Policy Menu (Configuration Manager) 1-30 Map Menu (Configuration Manager) 1-31 Manage Menu (Configuration Manager) 1-32 Tools Menu (Configuration Manager) 1-33 Activities Menu (Configuration Manager) 1-34 Tickets Menu (Configuration Manager) 1-34 Launch Menu (Configuration Manager) 1-35 Help Menu (Configuration Manager) 1-36 Toolbar Reference (Configuration Manager) 1-36 Using Global Search 1-39 Using Select
ملخص المحتوى في الصفحة رقم 5
Contents Setting Up CNS on Cisco IOS Routers in Event-Bus Mode 2-9 Setting Up CNS on Cisco IOS Routers in Call-Home Mode 2-10 Configuring Licenses on Cisco ASA Devices 2-11 Configuring Licenses on Cisco IOS Devices 2-12 Initializing IPS Devices 2-12 CHAPTER 3 Managing the Device Inventory 3-1 Understanding the Device Inventory 3-1 Understanding the Device View 3-1 Understanding Device Names and What Is Considered a Device 3-3 Understanding Device Credentials 3-4 Understanding Device Properties
ملخص المحتوى في الصفحة رقم 6
Contents Showing Device Containment 3-53 Cloning a Device 3-54 Deleting Devices from the Security Manager Inventory 3-55 Device Delete Validation Dialog Box 3-56 Working with Device Groups 3-57 Understanding Device Grouping 3-57 Edit Device Groups Dialog Box 3-58 Creating Device Group Types 3-59 Creating Device Groups 3-60 Deleting Device Groups or Group Types 3-60 Adding Devices to or Removing Them From Device Groups 3-60 Working with Device Status View 3-61 CHAPTER 4 Managing Activities 4-1
ملخص المحتوى في الصفحة رقم 7
Contents Service Policies vs. Platform-Specific Policies 5-2 Local Policies vs. Shared Policies 5-3 Understanding Rule Inheritance 5-4 Inheritance vs. Assignment 5-6 Policy Management and Objects 5-7 Understanding Policy Locking 5-7 Understanding Locking and Policies 5-9 Understanding Locking and VPN Topologies 5-9 Understanding Locking and Objects 5-10 Customizing Policy Management for Routers and Firewall Devices 5-10 Discovering Policies 5-12 Discovering Policies on Devices Already in Secur
ملخص المحتوى في الصفحة رقم 8
Contents Creating a New Shared Policy 5-51 Modifying Policy Assignments in Policy View 5-51 Deleting a Shared Policy 5-53 Managing Policy Bundles 5-53 Creating a New Policy Bundle 5-54 Cloning a Policy Bundle 5-55 Renaming a Policy Bundle 5-55 Assigning Policy Bundles to Devices 5-56 CHAPTER 6 Managing Policy Objects 6-1 Selecting Objects for Policies 6-2 Policy Object Manager 6-4 Policy Object Manager: Undocking and Docking 6-8 Policy Object Manager Shortcut Menu 6-8 Working with Policy Objec
ملخص المحتوى في الصفحة رقم 9
Contents AAA Server Dialog Box—LDAP Settings 6-37 AAA Server Dialog Box—NT Settings 6-40 AAA Server Dialog Box—SDI Settings 6-40 AAA Server Dialog Box—HTTP-FORM Settings 6-41 Add and Edit LDAP Attribute Map Dialog Boxes 6-43 Add and Edit LDAP Attribute Map Value Dialog Boxes 6-44 Add and Edit Map Value Dialog Boxes 6-44 Creating AAA Server Group Objects 6-45 AAA Server Group Dialog Box 6-46 Creating Access Control List Objects 6-49 Creating Extended Access Control List Objects 6-50 Creating St
ملخص المحتوى في الصفحة رقم 10
Contents Configuring Port List Objects 6-87 Configuring Service Objects 6-89 How Policy Objects are Provisioned as Object Groups 6-91 How Network/Host, Port List, and Service Objects are Named When Provisioned As Object Groups 6-92 How Service Objects are Provisioned as Object Groups 6-92 CHAPTER 7 Managing FlexConfigs 7-1 Understanding FlexConfig Policies and Policy Objects 7-2 Using CLI Commands in FlexConfig Policy Objects 7-2 Using Scripting Language Instructions 7-3 Scripting Language Ex
ملخص المحتوى في الصفحة رقم 11
Contents Deployment Task Flow in Workflow Mode 8-5 Job States in Workflow Mode 8-6 Deployment Job Approval 8-7 Deployment Jobs and Multiple Users 8-8 Including Devices in Deployment Jobs or Schedules 8-8 Understanding Deployment Methods 8-8 Deploying Directly to a Device 8-9 Deploying to a Device through an Intermediate Server 8-10 Deploying to a File 8-11 Understanding How Out-of-Band Changes are Handled 8-12 Handling Device OS Version Mismatches 8-13 Overview of the Deployment Manager and Co
ملخص المحتوى في الصفحة رقم 12
Contents Suspending or Resuming Deployment Schedules 8-55 Adding Configuration Versions from a Device to the Configuration Archive 8-55 Viewing and Comparing Archived Configuration Versions 8-56 Configuration Version Viewer 8-56 Viewing Deployment Transcripts 8-58 Rolling Back Configurations 8-59 Understanding Configuration Rollback 8-59 Understanding Rollback for Devices in Multiple Context Mode 8-61 Understanding Rollback for Failover Devices 8-61 Understanding Rollback for Catalyst 6500/760
ملخص المحتوى في الصفحة رقم 13
Contents CHAPTER 10 Managing the Security Manager Server 10-1 Overview of Security Manager Server Management and Administration 10-1 Managing a Cluster of Security Manager Servers 10-2 Overview of Security Manager Server Cluster Management 10-2 Splitting a Security Manager Server 10-3 Synchronizing Shared Policies Among Security Manager Servers 10-4 Exporting the Device Inventory 10-5 Exporting the Device Inventory from the Security Manager Client 10-6 Supported CSV Formats for Inventory Impor
ملخص المحتوى في الصفحة رقم 14
Contents Deployment Page 11-9 Device Communication Page 11-16 Add Certificate Dialog Box 11-19 Device Groups Page 11-20 Discovery Page 11-21 Event Management Page 11-22 Health and Performance Monitoring Page 11-25 Identity Settings Page 11-26 Image Manager Page 11-28 IPS Updates Page 11-30 Edit Update Server Settings Dialog Box 11-34 Edit Auto Update Settings Dialog Box 11-37 Edit Signature Download Filter Settings Dialog Box 11-38 ISE Settings Page 11-39 Licensing Page 11-40 CSM Tab, Licensin
ملخص المحتوى في الصفحة رقم 15
Contents ACL Naming Conventions 12-5 Resolving ACL Name Conflicts Between Policies 12-6 Managing Your Rules Tables 12-7 Using Rules Tables 12-7 Adding and Removing Rules 12-9 Editing Rules 12-9 Adding or Editing Address Cells in Rules Tables 12-11 Adding or Editing User Cells in Rules Tables 12-12 Adding or Editing Services Cells in Rules Tables 12-12 Adding or Editing Interfaces or Zones Cells in Rules Tables 12-13 Editing Category Cells in Rules Tables 12-14 Editing Description Cells in Rule
ملخص المحتوى في الصفحة رقم 16
Contents Configuring Identity Options 13-15 Creating Identity User Group Objects 13-19 Selecting Identity Users in Policies 13-21 Configuring Identity-Based Firewall Rules 13-21 Configuring Cut-Through Proxy 13-23 Collecting User Statistics 13-25 Filtering VPN Traffic with Identity-Based Rules 13-26 Monitoring Identity Firewall Policies 13-27 CHAPTER 14 Managing TrustSec Firewall Policies 14-1 Overview of TrustSec Firewall Policies 14-1 Understanding SGT and SXP Support in Cisco TrustSec 14-2
ملخص المحتوى في الصفحة رقم 17
Contents Clear Connection Configuration Dialog Box 15-22 AAA Firewall Page, MAC-Exempt List Tab 15-23 Firewall AAA MAC Exempt Setting Dialog Box 15-24 AAA Page 15-25 Firewall AAA IOS Timeout Value Setting 15-27 CHAPTER 16 Managing Firewall Access Rules 16-1 Understanding Access Rules 16-1 Understanding Global Access Rules 16-3 Understanding Device Specific Access Rule Behavior 16-4 Understanding Access Rule Address Requirements and How Rules Are Deployed 16-5 Configuring Access Rules 16-7 Acce
ملخص المحتوى في الصفحة رقم 18
Contents Using Inspection To Prevent Denial of Service (DoS) Attacks on IOS Devices 17-4 Configuring Inspection Rules 17-5 Inspection Rules Page 17-7 Add or Edit Inspect/Application FW Rule Wizard 17-10 Add or Edit Inspect/Application FW Rule Wizard, Step 2 17-12 Add or Edit Inspect/Application FW Rule Wizard, Inspected Protocol Page 17-16 Configure DNS Dialog Box 17-18 Configure SMTP Dialog Box 17-18 Configure ESMTP Dialog Box 17-18 Configure Fragments Dialog Box 17-19 Configure IMAP or POP3
ملخص المحتوى في الصفحة رقم 19
Contents HTTP Map Port Misuse Tab 17-56 HTTP Map Transfer Encoding Tab 17-57 Configuring HTTP Maps for ASA 7.2+ and PIX 7.2+ Devices 17-58 HTTP Class and Policy Map (ASA 7.2+/PIX 7.2+) Add or Edit Match Condition (and Action) Dialog Boxes 17-59 Configuring IM Maps for ASA 7.2+, PIX 7.2+ Devices 17-64 IM Class and Policy Map (ASA 7.2+/PIX 7.2+) Add or Edit Match Condition (and Action) Dialog Boxes 17-65 Configuring IM Maps for IOS Devices 17-67 Configuring IP Options Maps 17-68 Configuring IP
ملخص المحتوى في الصفحة رقم 20
Contents CHAPTER 19 Managing Firewall Botnet Traffic Filter Rules 19-1 Understanding Botnet Traffic Filtering 19-1 Task Flow for Configuring the Botnet Traffic Filter 19-2 Configuring the Dynamic Database 19-4 Adding Entries to the Static Database 19-5 Enabling DNS Snooping 19-6 Enabling Traffic Classification and Actions for the Botnet Traffic Filter 19-6 Botnet Traffic Filter Rules Page 19-9 Dynamic Blacklist Configuration Tab 19-10 Traffic Classification Tab 19-11 BTF Enable Rules Editor 19