Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
627
Views
0
Helpful
2
Replies

ASA5520 support in MARS and Security Manager

Go to solution
richard.turian
Level 1
Level 1

‎05-22-2008 12:53 PM

Hi,

i propose a solution for customer with ASA5520 and Cat450x-E. Do MARS & CSM fully support those devices? When we want to use NetFlow info from Cat4500 to MARS, do we need a NetFlow card or is the service implemented by default in Cat4500. Is MARS & CSM suitable solution for main configuring, incident monitoring and evaluation of ASA5520 & Cat4500?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
htarra
Level 4
Level 4

‎05-28-2008 08:11 AM

CSM doesn't act as a Security Monitoring device!!! The CSM doesn't have this functionality, instead of it CS-MARS has.

Netflow events get mapped to the "Built/teardown/permitted IP connection" event type, which in turn is part of the "Info/AllSession" event type group. Look for the event type and the event type group in inspection rules to find out where they apply.

http://www.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_2/uglc/cfgcsm.htm#wp1253618

View solution in original post

0 Helpful

Go to solution
mohsin.khan
Level 3
Level 3
In response to htarra

‎08-04-2008 11:07 PM

do we need a NetFlow card or is the service implemented by default in Cat4500. Is MARS & CSM suitable solution for main configuring, incident monitoring and evaluation of ASA5520 & Cat4500?

----------------------------

Yes, you need WS-F4531= card (Netflow is not available in Cat IOS as a service/command), which works with Cat 4500 Sup IV/V.

MARS is a monitoring device, and CSM is a management device. You can get critical NBA (Network Behaviour Analysis) alerts from MARS, and from CSM you can get configuration backups/audit/bulk administration (of security devices only).

Hope that helps.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
htarra
Level 4
Level 4

‎05-28-2008 08:11 AM

CSM doesn't act as a Security Monitoring device!!! The CSM doesn't have this functionality, instead of it CS-MARS has.

Netflow events get mapped to the "Built/teardown/permitted IP connection" event type, which in turn is part of the "Info/AllSession" event type group. Look for the event type and the event type group in inspection rules to find out where they apply.

http://www.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_2/uglc/cfgcsm.htm#wp1253618

0 Helpful

Go to solution
mohsin.khan
Level 3
Level 3
In response to htarra

‎08-04-2008 11:07 PM

do we need a NetFlow card or is the service implemented by default in Cat4500. Is MARS & CSM suitable solution for main configuring, incident monitoring and evaluation of ASA5520 & Cat4500?

----------------------------

Yes, you need WS-F4531= card (Netflow is not available in Cat IOS as a service/command), which works with Cat 4500 Sup IV/V.

MARS is a monitoring device, and CSM is a management device. You can get critical NBA (Network Behaviour Analysis) alerts from MARS, and from CSM you can get configuration backups/audit/bulk administration (of security devices only).

Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents