I am just curious, how many people are using Cisco Security Manger? We are going through a test deployment and so far this has a lot of Checkpoint look and feel.
I just wanted to get some feedback from people who have used it and who are still using it. Does it make changes tha much easier? Do you find it limiting compared to the CLI, or better?
Use cases that I have seen for CSM is:
1) when customer needs a central deployment manager where they can deploy multiple devices at the same time. As you mentioned, yes, very similar to Check Point Management portal.
2) when devices are at disperse locations.
3) when there are multiple admins and it can track who make what changes when.
4) if you are already used to CLI, then yes, CLI is a lot easier compared to CSM, but CSM has other benefit as listed above.
You must be working as Cisco SE .
I've used CSM in the past and I just use version 4.4 a few weeks ago and I was disappointed with this product. Apparently after 5 five years, there are some improvements over previous versions but the product is horriblely "bad".
I run CSM on a standalone Windows 2008R2 SP1 with 65GB RAM and quad-processors/quad cores (16 cores total) and the CSM runs really slow. When you compare that with a checkpoint SmartDomain/Provider-1 management portal, I guess there is no comparison.
I guess that one of the reasons why so many people stay with Checkpoint because of its management platform even though Checkpoint support really sucks. I wish Cisco has produced something better than CSM. For one, running it on Windows platform is a non-starter. ACS/ISE are already running linux platform (in the form of appliance), why not CSM?
Customers I have seen deploy CSM typically have more than a dozen or so devices (or device pairs) they need to manage in a coherent manner.
Most don't avail themselves of the workflow and ticket system integration features although those are quite powerful.
The centralized logging features are often quite welcome and used to good effect.
CLI vs. GUI (CSM or ASDM) is more a "religious" war than a functional one (in my opinion) so I'll not comment on that.
From what I understand there is going to be something new with regards to the firewall management software in the future. Or I have gotten the picture that CSM functionality would be merged to some other software (I have never used it). Perhaps the software used with ASA CX (which I have not had the chance to use yet, Prime Security Manager?)
I am one of those people preaching for CLI use when configuring. Personally I only use the GUI for VPN configurations and watching logs on the ASA (older logs naturally from a syslog server)
What I especially hate when the ASAs I manage are configured with ASDM is the fact that I find these insane "object" / "object-group" trees with the default naming policy of ASDM which make the configuration very cluttered and hard to read.
I also feel that when configuring the device from CLI you will get a lot clearer picture what you are actually doing than jumping accross multiple windows/tabs/dropdown menus etc.
Though what I personally would be really interested in us having a software which does give me the ability to monitor all the devices at once, provide reporting, handle configuration backups automatically, etc. But I guess I will wait if there really is something new in the works.