https://community.cisco.com/t5/network-security/replacement-for-cisco-security-manager/m-p/3950311#M23952 Hi,<BR />The obvious (to me) replacement for CSM is CDO (Cisco Defense Orchestrator), this is a cloud managed platform to manage cisco platforms such as ASA, Firepower, Umbrella and to a lesser extent IOS devices. I don't think you can really manage IOS device ACLs to the same extent as you can manage ASA or FTD firewall rules. Other cisco solutions such as ISE/SDA deploy and manage Trustsec SGACLs on IOS devices, which could be considered as replacements/alternative for ACLs.<BR /><BR />HTH Wed, 30 Oct 2019 09:35:01 GMT Rob Ingram 2019-10-30T09:35:01Z https://community.cisco.com/t5/network-security/replacement-for-cisco-security-manager/m-p/3950241#M23942 <P>Hi all</P><P>I've been using CSM for years managing several ASAs and access lists on our internal core routers. All ASAs are soon replaced by Firepower Threat Defences and in this age of cloud/web based management CSM feels really old. I've had help from our partner checking for options in the Cisco product suite but none has yet felt like a clear replacement for ACL management on a router platform.</P><P>So I'm searching far and wide, this being a Cisco forum but does anyone have any suggestions on how to manage router ACLs these days? I mean router ACLs is still a relevant feature these days, right?</P><P>&nbsp;</P><P>Regards</P><P>Fredrik</P> Wed, 30 Oct 2019 06:42:13 GMT https://community.cisco.com/t5/network-security/replacement-for-cisco-security-manager/m-p/3950241#M23942 hoffa2000 2019-10-30T06:42:13Z https://community.cisco.com/t5/network-security/replacement-for-cisco-security-manager/m-p/3950311#M23952 Hi,<BR />The obvious (to me) replacement for CSM is CDO (Cisco Defense Orchestrator), this is a cloud managed platform to manage cisco platforms such as ASA, Firepower, Umbrella and to a lesser extent IOS devices. I don't think you can really manage IOS device ACLs to the same extent as you can manage ASA or FTD firewall rules. Other cisco solutions such as ISE/SDA deploy and manage Trustsec SGACLs on IOS devices, which could be considered as replacements/alternative for ACLs.<BR /><BR />HTH Wed, 30 Oct 2019 09:35:01 GMT https://community.cisco.com/t5/network-security/replacement-for-cisco-security-manager/m-p/3950311#M23952 Rob Ingram 2019-10-30T09:35:01Z https://community.cisco.com/t5/network-security/replacement-for-cisco-security-manager/m-p/3950350#M23953 <P>Hi</P><P>Our Cisco partner did some research into CDO and advised us it wasn't intended for IOS management. For example was there no license aimed at the IOS devices, only firewalls and we will not manage those through CDO.</P><P>&nbsp;</P><P>/Fredrik</P> Wed, 30 Oct 2019 10:40:53 GMT https://community.cisco.com/t5/network-security/replacement-for-cisco-security-manager/m-p/3950350#M23953 hoffa2000 2019-10-30T10:40:53Z https://community.cisco.com/t5/network-security/replacement-for-cisco-security-manager/m-p/3950358#M23954 Yes, management of IOS devices is certainly limited compared to other solutions on CDO. CSM is still being updated however, there was an update released only recently. Perhaps Cisco Prime Infrastructure meets your requirements, it can be configured to deploy templates for ACLs etc...although I personally have never used it. Wed, 30 Oct 2019 10:53:02 GMT https://community.cisco.com/t5/network-security/replacement-for-cisco-security-manager/m-p/3950358#M23954 Rob Ingram 2019-10-30T10:53:02Z https://community.cisco.com/t5/network-security/replacement-for-cisco-security-manager/m-p/3950414#M23955 <P>CDO does not currently support IOS device management.</P> <P>There are non-Cisco products such as Tufin Orchestration Suite (TOS) SecureTrack that support ASA, FTD, IOS etc.:<BR /><A href="https://forum.tufin.com/support/kc/latest/index.htm#Suite/11198.htm" target="_blank">https://forum.tufin.com/support/kc/latest/index.htm#Suite/11198.htm</A></P> <P>It will be "reassuringly expensive" though.&nbsp;</P> Wed, 30 Oct 2019 12:12:06 GMT https://community.cisco.com/t5/network-security/replacement-for-cisco-security-manager/m-p/3950414#M23955 Marvin Rhoads 2019-10-30T12:12:06Z