Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2711
Views
0
Helpful
4
Replies

Replacement for Cisco security Manager

hoffa2000
Level 3
Level 3

‎10-29-2019 11:42 PM

Hi all

I've been using CSM for years managing several ASAs and access lists on our internal core routers. All ASAs are soon replaced by Firepower Threat Defences and in this age of cloud/web based management CSM feels really old. I've had help from our partner checking for options in the Cisco product suite but none has yet felt like a clear replacement for ACL management on a router platform.

So I'm searching far and wide, this being a Cisco forum but does anyone have any suggestions on how to manage router ACLs these days? I mean router ACLs is still a relevant feature these days, right?

 

Regards

Fredrik

Labels:
0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎10-30-2019 02:35 AM

Hi,
The obvious (to me) replacement for CSM is CDO (Cisco Defense Orchestrator), this is a cloud managed platform to manage cisco platforms such as ASA, Firepower, Umbrella and to a lesser extent IOS devices. I don't think you can really manage IOS device ACLs to the same extent as you can manage ASA or FTD firewall rules. Other cisco solutions such as ISE/SDA deploy and manage Trustsec SGACLs on IOS devices, which could be considered as replacements/alternative for ACLs.

HTH
0 Helpful

hoffa2000
Level 3
Level 3
In response to Rob Ingram

‎10-30-2019 03:40 AM

Hi

Our Cisco partner did some research into CDO and advised us it wasn't intended for IOS management. For example was there no license aimed at the IOS devices, only firewalls and we will not manage those through CDO.

 

/Fredrik

0 Helpful

Rob Ingram
VIP
VIP
In response to hoffa2000

‎10-30-2019 03:53 AM

Yes, management of IOS devices is certainly limited compared to other solutions on CDO. CSM is still being updated however, there was an update released only recently. Perhaps Cisco Prime Infrastructure meets your requirements, it can be configured to deploy templates for ACLs etc...although I personally have never used it.
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to hoffa2000

‎10-30-2019 05:12 AM

CDO does not currently support IOS device management.

There are non-Cisco products such as Tufin Orchestration Suite (TOS) SecureTrack that support ASA, FTD, IOS etc.:
https://forum.tufin.com/support/kc/latest/index.htm#Suite/11198.htm

It will be "reassuringly expensive" though. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card