Cisco Security Manager (CSM) is a Security Management platform that runs on a server and is used to manage security devices. Its earliest version was CSM 3.0 that came out in 2007, with its successors being 3.1, 3.2 and 3.3. Recently CSM 4.0 was released and the product is still being developed and improved with extra functions and futures. The platform was initially envisioned to work as a general security management tool that would enable an administrator to manage his firewalls through a graphical interface that resides on a central server. The CSM database would "know" about all the security devices and their configurations. It was designed to be able to deploy to multiple firewalls at the same time based on the configuration changes on each one. It also introduced a number of useful features that had to do with saving configuration time by sharing policies and configurations amongst multiple devices. The ability to manage multiple security "boxes" is what made CSM popular amongst security administrators.
Previous CSM versions supported a number of product features, devices and versions and security functions that were less than those CSM 4.0 can support. They sometimes suffered from bugs that were fixed with service packs introduced in each version. As time went by there were also some functions that administrators were looking for from the product. These could include newly developed security features on IOS routers, new firewall features on ASA/FWSM firewalls or new software versions. CSM 4.0 tried to integrate all the above. There were also more drastic design changes that had to do with CSM being able to collect and report on syslog messages, being able to not only deploy to multiple devices, but also import them in CSM database and more. These features were not supported in 3.x CSM versions. CSM 4.0 is the version that passed the CSM product to a new era, that goes beyond just management. It introduces error message monitoring and reporting and we can say that it is on its way of becoming the ultimate security management and monitoring platform for Cisco security features and devices. More functionality is in the pipeline...
CSM 4.0 / 4.0.1
The Release Notes that include the requirements and the new functionality introduced in CSM 4.0 are:
CSM 4.0 and 4.0.1 introduce a number of new features that did not exist in previous versions that are presented here:
Event Viewer / Syslogs
Probably the most drastic and useful change is that CSM can now collect syslogs and the GUI gives the user the ability to query and filter on these logs. That functionality requires the security device to send logs to the CSM server. That feature is equivalent to logging and syslog filtering in ASDM for ASAs/FWSMs with more enhanced features. The tool that is used in CSM to view and filter on events is called Event Viewer.
Launching the Event Viewer
The Event Viewer
Event to Policy correlations
CSM can now dig down in an alert (firewall or IPS) and identify the policy that it came from.
Identifying what policy an alert was triggered from
Out of Band Change check
CSM can now detect Out Of Band (OOB) changes. Out of Band changes refer to the CLI changes made on a managed device outside of CSM i.e. after the last discovery/deployment/rollback. Hence Out of Band Difference is always calculated between the last live discovered or deployed/rolled back configuration stored in CSM (from Configuration Archive) and the current configuration on the device. Prior to CSM 4.0Out of Band changes detection always happened during deployment, prior to pushing the changes to the device. In case Out of Band changes were detected, the deployment used to proceed/fail based on administration settings which allowed the options Warn, Cancel, Skip. In 4.0 the user can use the OOB tool to check for OOB changes on any device.
OOB detection screen
Delete/Discover multiple devices
You can now chose and delete multiple devices from CSM's Device View, whereas in previous CSM versions you would need to do it one at a time which could end up being a cumbersome task if you needed to remove a lot of devices at once. Accordingly your can discover multiple devices at once from Device View or the menu bar Policy > Discover Policies on Device.
Users will need a new licenses for CSM 4.0 irrespective of whether they have a valid license for any of the older CSM 3.x releases. Existing CSM 3.x licenses will no longer be valid in CSM 4.0.
The enhancements and improvements introduced are:
Some key processes of CSM can now run as 64 bit processes on Windows 2008, that increases the memory space available and improves performance.
Selective Policy Management
In previous releases, you could select which types of policy to manage on Cisco IOS routers. You can now also select which policies to manage on ASA, PIX, and FWSM firewall devices.
Selective Policy Management for each device under Tools > Security Manager Administration > Policy Management
Packet Tracer support (ASA)
Packet Tracer is a feature of the ASA that shows how a packet would be processed when hitting the firewall. That feature can now be used in CSM.
Packet Tracer tool
IPS signature tuning
If you modify a signature policy with more than one tuning contexts, Security Manager can now copy the policy to other contexts when appropriate and with your permission.
More supported devices
CSM 4.0 and 4.0.1 support a number of new devices and versions
FWSM 4.1(1), 4.0(7-11), 3.1(16, 17), 3.2(14-17)
1002 Fixed Router model of the Cisco ASR 1000 Series Aggregation Services Routers.
ASR Version 2.4 software
Support for shared port adapters (SPAs) in Cisco ASR 1000 Series Aggregation Services Routers
Cisco Secure Access Control Server (ACS) 4.2
The changes between 4.0 ad 4.0.1 are minor and mainly refer to newly supported versions and devices:
8.2(3) on the ASA 5585-X platform
Cisco 3800 Series Integrated Services Routers: 3825 NOVPN, 3845 NOVPN
I am using Nexus 7710 switches on multiple networks and have updated the firmware on a some of the hardware already. The system file is n7700-s2-dk18.104.22.168.D1.1.bin & n7700-s2-kickstart.7.3.4.D1.1.bin is the kickstart file. I was recently informed the ...
Hi ,I am trying to do a wireless posture system scan via Anyconnect everything is configured as per the document, I got the redirect page and it downloads and installs the Anyconnect software but after installation, it doesn't start the system scan.In the...
I've found a couple articles online talking about removing a Cisco folder from c:\temp\and from %localappdata%\temp\The folder does not exist in either location.Creating a folder there doesn't help either. The error suggests contacting the system adm...
Our company will be installing two new Firepower 2120's to replace our 5512-x's. We have AnyConnect 4.x and will be converting to the new Smart Licensing. During this process, we would like to test the AnyConnect on the new Firewalls before ta...
From packet capture on ISE, I can see meraki switch sends in the radius packet access-request the machine name host/<machine-name>as User-Name attribute and calling-station-id matches the endpoint mac address but in ISE I see 2 logs:1st log says:Eve...