03-02-2005 08:17 AM - edited 03-10-2019 01:18 AM
We currently have a CSA MC on site, We have another site in the US that will be running another CSA MC, Is it possible to replicate or save the running policies on our current MC and to install then onto the CSA MC in the US ? Or is the only way to create a policy from scratch.
Also is it possible to cluster these servers so replication occurs ?
03-02-2005 12:19 PM
#1 Yes. Export the rules, policies and groups and import them to the new MC. Go to Maintenance>Export and create an export set.
#2 Not that I'm aware of.
Question: Why two servers instead of one (unless the reasons are political)?
Our hosts can talk to the MC from anywhere as long as they are connected to the Internet and in my opinion it's far easier to manage.
03-03-2005 12:38 AM
Well the exsisting server is in the UK and we have another site in the US, If the our connection goes does between us and the US what will happen to the US users running the client.
Also applying a second server in the US We feel will cut down replication between users in the US and out UK server thus freeing up the bandwidth between the connection of UK and US
03-03-2005 03:01 PM
The US clients will continue with the same rule set they had when the connection went down. The hosts will store any messages until they contact the MC again and then send them. The MC is mainly for reporting and rule changes.
We have the MC in our DMZ so internal and external hosts can talk to it no matter where they are.
From what I've seen, the bandwidth usage is minimal. We have about 1700 hosts now and one MC and hosts talked to it just fine with dial up connections (when we used to have those).
Hope this helps...
02-07-2007 07:45 AM
Tom,
Do external hosts who VPN to your network talk straight to the MC in DMZ or they tunnel through the firewall to the intranet then access the MC?
Another question, can we have multiple polling MCs? One internal and in the DMZ?
Thanks
02-07-2007 08:33 AM
Internal and external hosts talk straight to the MC in the DMZ. We have our VPN configured for only internal servers.
You can have only one MC for polling as the agent can only have one MC to report to.
Tom
02-07-2007 08:35 AM
you can export all your policies and groups to any CSA MC
Greg Owens
02-07-2007 08:41 AM
Step 1 From the menu bar Maintenance drop-down list, move the mouse over Export/Import. A cascading menu with further selections appears. Select Export from the drop-down list that appears. Any previously exported files are shown.
Step 2 Click the New button to create a new exported file. This takes you to a checkbox list of all configuration items.
Step 3 Check the box beside the configurations you want to export.
Step 4 At the top of the page, enter a File Name for the exported file you are creating. CSA MC will append an ".export" extension to the file name you enter.
Step 5 Click the Export button. The files are exported under the file name you create. Now you must save the file to the system.
Step 6 Once the export has completed, a link is displayed that allows you to save the exported file. The link reads "Click here to download this file." Click on the "here" link to save the file to a directory you specify
Once you save the file, you can import it to any server
Greg Owens
02-07-2007 01:16 PM
Hi James,
I have already asked this question to cisco architects.
You can't have two MC's making policy changes.
You export polices and import them into the other system.
If you made this part of the process, the files are fairly small XML 1.0 files. starting at around 189kb. Depending on how many policies you have.
03-08-2007 12:58 PM
Hi James,
The best thing to do it export all of your polices and import them on the other DMZ.
It's a pain, but the only way I have found. It is still much easier than re-creating all the rules and groups.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide