Cisco Security Manager (CSM) is a Security Management platform that runs on a server and is used to manage security devices. Its earliest version was CSM 3.0 that came out in 2007, with its successors being 3.1, 3.2 and 3.3. Recently CSM 4.0 was released and the product is still being developed and improved with extra functions and futures. The platform was initially envisioned to work as a general security management tool that would enable an administrator to manage his firewalls through a graphical interface that resides on a central server. The CSM database would "know" about all the security devices and their configurations. It was designed to be able to deploy to multiple firewalls at the same time based on the configuration changes on each one. It also introduced a number of useful features that had to do with saving configuration time by sharing policies and configurations amongst multiple devices. The ability to manage multiple security "boxes" is what made CSM popular amongst security administrators.
Previous CSM versions supported a number of product features, devices and versions and security functions that were less than those CSM 4.0 can support. They sometimes suffered from bugs that were fixed with service packs introduced in each version. As time went by there were also some functions that administrators were looking for from the product. These could include newly developed security features on IOS routers, new firewall features on ASA/FWSM firewalls or new software versions. CSM 4.0 tried to integrate all the above. There were also more drastic design changes that had to do with CSM being able to collect and report on syslog messages, being able to not only deploy to multiple devices, but also import them in CSM database and more. These features were not supported in 3.x CSM versions. CSM 4.0 is the version that passed the CSM product to a new era, that goes beyond just management. It introduces error message monitoring and reporting and we can say that it is on its way of becoming the ultimate security management and monitoring platform for Cisco security features and devices. More functionality is in the pipeline...
CSM 4.0 / 4.0.1
The Release Notes that include the requirements and the new functionality introduced in CSM 4.0 are:
CSM 4.0 and 4.0.1 introduce a number of new features that did not exist in previous versions that are presented here:
Event Viewer / Syslogs
Probably the most drastic and useful change is that CSM can now collect syslogs and the GUI gives the user the ability to query and filter on these logs. That functionality requires the security device to send logs to the CSM server. That feature is equivalent to logging and syslog filtering in ASDM for ASAs/FWSMs with more enhanced features. The tool that is used in CSM to view and filter on events is called Event Viewer.
Launching the Event Viewer
The Event Viewer
Event to Policy correlations
CSM can now dig down in an alert (firewall or IPS) and identify the policy that it came from.
Identifying what policy an alert was triggered from
Out of Band Change check
CSM can now detect Out Of Band (OOB) changes. Out of Band changes refer to the CLI changes made on a managed device outside of CSM i.e. after the last discovery/deployment/rollback. Hence Out of Band Difference is always calculated between the last live discovered or deployed/rolled back configuration stored in CSM (from Configuration Archive) and the current configuration on the device. Prior to CSM 4.0Out of Band changes detection always happened during deployment, prior to pushing the changes to the device. In case Out of Band changes were detected, the deployment used to proceed/fail based on administration settings which allowed the options Warn, Cancel, Skip. In 4.0 the user can use the OOB tool to check for OOB changes on any device.
OOB detection screen
Delete/Discover multiple devices
You can now chose and delete multiple devices from CSM's Device View, whereas in previous CSM versions you would need to do it one at a time which could end up being a cumbersome task if you needed to remove a lot of devices at once. Accordingly your can discover multiple devices at once from Device View or the menu bar Policy > Discover Policies on Device.
Users will need a new licenses for CSM 4.0 irrespective of whether they have a valid license for any of the older CSM 3.x releases. Existing CSM 3.x licenses will no longer be valid in CSM 4.0.
The enhancements and improvements introduced are:
Some key processes of CSM can now run as 64 bit processes on Windows 2008, that increases the memory space available and improves performance.
Selective Policy Management
In previous releases, you could select which types of policy to manage on Cisco IOS routers. You can now also select which policies to manage on ASA, PIX, and FWSM firewall devices.
Selective Policy Management for each device under Tools > Security Manager Administration > Policy Management
Packet Tracer support (ASA)
Packet Tracer is a feature of the ASA that shows how a packet would be processed when hitting the firewall. That feature can now be used in CSM.
Packet Tracer tool
IPS signature tuning
If you modify a signature policy with more than one tuning contexts, Security Manager can now copy the policy to other contexts when appropriate and with your permission.
More supported devices
CSM 4.0 and 4.0.1 support a number of new devices and versions
FWSM 4.1(1), 4.0(7-11), 3.1(16, 17), 3.2(14-17)
1002 Fixed Router model of the Cisco ASR 1000 Series Aggregation Services Routers.
ASR Version 2.4 software
Support for shared port adapters (SPAs) in Cisco ASR 1000 Series Aggregation Services Routers
Cisco Secure Access Control Server (ACS) 4.2
The changes between 4.0 ad 4.0.1 are minor and mainly refer to newly supported versions and devices:
8.2(3) on the ASA 5585-X platform
Cisco 3800 Series Integrated Services Routers: 3825 NOVPN, 3845 NOVPN
Hello all!I have a couple of ISA3k devices, which have lost FMC connection after losing power.More than that, they show no FMC configured at all:> show managersNo managers configured. But if I try to add one it reports DB loss:> configure manag...
Hello everybody, newly our customer get the error message in teh FMC Health Monitor: High unmanaged disk usage on /ngfw /ngfw using 85%: 106G (20G Avail) of 126Gon both Firepower 4110 of a HA pair (see attached screen dump). My qu...
Hello,Our customer wants to block connecting USB devices to their laptops using ISE. I know that there is a usb condition that we can use in posture policy. If I use that option, suppose a laptop connects to network without a USB mass storage device then ...
Hi,I was working on an issue a customer of mine had with NAT. The customer decided to tunnel all remote VPN and have the traffic u-turn on the outside interface. I created a nat (outside,outside) rule for this like I've done many times before for customer...
I've scheduled a weekly backup on my FMC to run every Sunday at 8 PM and for some reason, it always fails with the message, "Failure: Remote storage is enabled but not mounted." If I run the backup manually, it will backup the appliance fine so I kn...