Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3518
Views
10
Helpful
8
Replies

IPS Manager Express or Cisco Security Manager?

Go to solution
James.Longman
Level 1
Level 1

‎10-14-2012 09:27 AM - edited ‎03-10-2019 05:48 AM

Hello All,

We're thinking of buying the IPS licence for the 5512 - which of the above (IPS Manager Express or Cisco Security Manager) is the right tool to read up on for management use? Or can I chose either? If I can chose either, which would you guys recommend?

Cheers!

M

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎10-14-2012 10:25 AM

How many systems do you have? If the number is high, the CSM is the way to go. Managing many systems (and keeping them in sync with the same policy) with IDM and IME is a nightmare. But if it's a single system, then the IME is the right tool for you. It works great for monitoring (up to 10 devices) and can also manage them (individually, thats not so easy for more then one system). And it come free of charge.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to James.Longman

‎10-14-2012 11:52 PM 

Or is it supposed to be a server type app too?

it has to run server-like. The App has to collect the events also when you are asleep, on vacation or just not in the mood of looking at events ... ;-) I usually install the IME as a vm-instance where it is never turned off.

Last question, I promise!

no problem, asking questions is the main purpose of this forum!

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Karsten Iwen
VIP
VIP

‎10-14-2012 10:25 AM

How many systems do you have? If the number is high, the CSM is the way to go. Managing many systems (and keeping them in sync with the same policy) with IDM and IME is a nightmare. But if it's a single system, then the IME is the right tool for you. It works great for monitoring (up to 10 devices) and can also manage them (individually, thats not so easy for more then one system). And it come free of charge.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
James.Longman
Level 1
Level 1
In response to Karsten Iwen

‎10-14-2012 11:23 AM

Cheers! We'll have just two, so IME it is.

What's the benefit over just using the familiar ASDM though?

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to James.Longman

‎10-14-2012 12:10 PM 

What's the benefit over just using the familiar ASDM though?

ASDM is fine for the ASA-part of your IPS-config. There you canfigure the MPF to send the traffic to the IPS.

The IME is the tool where you monitor your events what you really can't do with ASDM/IDM. Also the tuning of your policy is much more comfortable in IME.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Go to solution
James.Longman
Level 1
Level 1
In response to Karsten Iwen

‎10-14-2012 01:22 PM

Cheers!

So, am I right in thinking the CSM is an app I would install on a server so it could run 24/7 collecting logs and pushing updates whereas the IME is more like the ASDM and installs on my desktop to be run when I want to push signatures or make config changes? Or is it supposed to be a server type app too?

Last question, I promise! ;)

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to James.Longman

‎10-14-2012 11:52 PM 

Or is it supposed to be a server type app too?

it has to run server-like. The App has to collect the events also when you are asleep, on vacation or just not in the mood of looking at events ... ;-) I usually install the IME as a vm-instance where it is never turned off.

Last question, I promise!

no problem, asking questions is the main purpose of this forum!

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
James.Longman
Level 1
Level 1
In response to Karsten Iwen

‎10-16-2012 08:50 AM

Thanks dude, that's given me a great understanding! Much appreicated!

0 Helpful

Go to solution
turnera
Level 1
Level 1

‎10-15-2012 08:12 AM

James,

IMHO, IME would be the way to go. As has been already mentionend in replies here. Smaller networks, then IME is best suited for your needs.

Go to solution
James.Longman
Level 1
Level 1
In response to turnera

‎10-16-2012 08:51 AM

Thanks for the extra feedback!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card