https://community.cisco.com/t5/network-security/fwsm-config-in-cs-mars/m-p/715103#M1009413 <HTML><HEAD></HEAD><BODY><P>where I'm getting confused is at the onset of the fwsm config. sorry if I'm being a bit vague - the fw admins sent me the basic config info to plug into MARS so I can't speak to the entire fwsm or any particular context config. The MARS box can currently grab syslogs from anywhere and everywhere.</P><P></P><P>example -</P><P>system context hostname "fwsm1"</P><P>admin context "fwsmadmin", hostname adminhost"</P><P>security context "fwsmsec1" hostname "sechost"</P><P>Note that each context has a hostname associated with it which does not match the respective context name - not sure what the original logic was there - or if I even need to be concerned about the hostname parameter.</P><P></P><P>anyway, I want the admin context and the security context to report (syslog) to MARS.</P><P></P><P>I understand I need to add the cat-os switch as a device in MARS, then add the fwsm as a module under the cat-os switch device config - so do I then have to:</P><P></P><P>1) use the fwsm system context info (i.e. "fwsm1", etc.) to define the module, and then add both the admin context and the security context under the fwsm module definition, or </P><P></P><P>2) use the fwsm admin context info (i.e. "fwsmadmin") to define the fwsm module in MARS, and then add just define the security context as "context" under that fwsm module definition?</P><P></P><P>you may have gathered that I'm not a firewall guru by any stretch - just want the fwsm and all related contexts to be set up in logical meaningful (sane) way on the MARS config.</P><P></P><P>thanks</P><P>-randy</P></BODY></HTML> Fri, 23 Mar 2007 20:44:34 GMT randytoni 2007-03-23T20:44:34Z https://community.cisco.com/t5/network-security/fwsm-config-in-cs-mars/m-p/715101#M1009408 <P>I'm configuring a couple of FWSM's (2.2 and 2.3) as devices in MARS. When I add the FWSM as a device, what do I enter as the device name and reporting / access IPs? Should the device name and / or IP info be the same as the FWSM's admin context? or should I be worried about using the name of the system context, etc.? </P><P></P><P>I gather once this is done (FWSM is defined as a device), the only "contexts" I need to define are the security contexts (i.e. I don't need to explicilty define an admin context within the list of defined contexts for the FWSM...?)</P><P></P><P>am I making sense? the docs are just too ambiguous</P><P></P><P>thanks</P><P>-randy</P> Mon, 11 Mar 2019 09:51:06 GMT https://community.cisco.com/t5/network-security/fwsm-config-in-cs-mars/m-p/715101#M1009408 randytoni 2019-03-11T09:51:06Z https://community.cisco.com/t5/network-security/fwsm-config-in-cs-mars/m-p/715102#M1009410 <HTML><HEAD></HEAD><BODY><P>It would depend on what you want to see in MARS, and want you want MARS to do.</P><P></P><P>Sending syslog messages from the contexts is easy enough...set logging parameters in each context, and 1-2-3 go. </P><P></P><P>Regarding your questions...how are the contexts configured, regarding IP addresses? Are there transit VLAN's? Where does MARS reside?</P><P></P><P></P></BODY></HTML> Fri, 23 Mar 2007 19:38:05 GMT https://community.cisco.com/t5/network-security/fwsm-config-in-cs-mars/m-p/715102#M1009410 astroman 2007-03-23T19:38:05Z https://community.cisco.com/t5/network-security/fwsm-config-in-cs-mars/m-p/715103#M1009413 <HTML><HEAD></HEAD><BODY><P>where I'm getting confused is at the onset of the fwsm config. sorry if I'm being a bit vague - the fw admins sent me the basic config info to plug into MARS so I can't speak to the entire fwsm or any particular context config. The MARS box can currently grab syslogs from anywhere and everywhere.</P><P></P><P>example -</P><P>system context hostname "fwsm1"</P><P>admin context "fwsmadmin", hostname adminhost"</P><P>security context "fwsmsec1" hostname "sechost"</P><P>Note that each context has a hostname associated with it which does not match the respective context name - not sure what the original logic was there - or if I even need to be concerned about the hostname parameter.</P><P></P><P>anyway, I want the admin context and the security context to report (syslog) to MARS.</P><P></P><P>I understand I need to add the cat-os switch as a device in MARS, then add the fwsm as a module under the cat-os switch device config - so do I then have to:</P><P></P><P>1) use the fwsm system context info (i.e. "fwsm1", etc.) to define the module, and then add both the admin context and the security context under the fwsm module definition, or </P><P></P><P>2) use the fwsm admin context info (i.e. "fwsmadmin") to define the fwsm module in MARS, and then add just define the security context as "context" under that fwsm module definition?</P><P></P><P>you may have gathered that I'm not a firewall guru by any stretch - just want the fwsm and all related contexts to be set up in logical meaningful (sane) way on the MARS config.</P><P></P><P>thanks</P><P>-randy</P></BODY></HTML> Fri, 23 Mar 2007 20:44:34 GMT https://community.cisco.com/t5/network-security/fwsm-config-in-cs-mars/m-p/715103#M1009413 randytoni 2007-03-23T20:44:34Z