Managing ASA55xx with additional software

Discussion in 'Cisco' started by Joerg Schuetter, Aug 8, 2006.

  1. Hi

    I'm looking for software to help me with managing my ASA firewalls. The
    gui which comes with the firewall doesn't help me at all.
    Solsoft has a program named "Firewall manager" which I started to
    evaluate. Does anyone know further software which could be used to manage
    my firewalls?
    - number of firewalls: 3
    - all admins can manage all firewalls
    - access lists with logging
    - vpn
    and so on

    Joerg
     
    Joerg Schuetter, Aug 8, 2006
    #1
    1. Advertisements

  2. Hi Joerg,
    Email mkjones *at* cisco.com

    Cisco and our AVVID partners offer a variety of applications to manage
    and monitor the Cisco ASA 5500 Series.

    One can look at this as four different categories of solutions:

    1. Single device management

    2. Multi-device management

    3. Centralized monitoring

    4. Auditing

    --------------------------------------------------

    1. Single device management standpoint:

    Cisco provides an integrated web user interface called Cisco Adaptive
    Security Device Manager ( ASDM for short ).

    Introduction:

    http://www.cisco.com/en/US/products/ps6121/index.html

    Documentation:

    http://www.cisco.com/en/US/products/ps6121/tsd_products_support_series_home.html

    It provides comprehensive management and monitoring of a single Cisco
    ASA 5500 Series appliance ( including services such as IPS that are
    delivered via an AIP SSM module - all from a single GUI ).

    Of course you can also manage the system via CLI ( which is nearly
    identical to the Cisco PIX CLI, just extended to support all of the
    additional services ASA offers ).

    The AIP-SSM module has its own CLI, but that is completely abstracted
    when you are using the web-based device manager.

    Other remote management features include SSH, telnet, and console/AUX
    access to the system.

    Cisco also supports the concept of an out-of-band management port,
    where all management traffic is required to go through.

    And we support many methods for transferring files, like SCP, HTTP,
    HTTPS, FTP, and TFTP.

    Of course, Cisco also supports SNMP, syslog, and SDEE for monitoring
    purposes.

    --------------------------------------------------

    2. Multi-device management standpoint:

    There are at least two different solutions that I am aware of.

    We are in the process of updating CiscoWorks VMS to have full support
    for all the different services offered by the Cisco ASA 5500 Series.

    Introduction:

    http://www.cisco.com/en/US/products/sw/cscowork/ps2330/

    Documentation:

    http://www.cisco.com/en/US/products/sw/cscowork/ps2330/tsd_products_support_series_home.html

    We will be entering beta soon with this solution - if you are
    interested in beta testing, please contact your Cisco account team and
    let them know.

    Contact Cisco:

    http://www.bradreese.com/contact-us.htm#CISCO

    As you are aware Solsoft, one of our AVVID program partners, has
    updated their Policy Server product to manage the firewall, IPSec VPN,
    and IPS services of the Cisco ASA 5500 Series.

    http://www.solsoft.com/pages/partners/tech_fiche.php?id=19

    and

    http://www.solsoft.com/pages/products/products.php

    --------------------------------------------------

    3. Centralized monitoring standpoint:
    Cisco offers at least two solutions, the primary being our Cisco MARS
    solution.

    Introduction:

    http://www.cisco.com/en/US/products/ps6241/index.html

    Documentation:

    http://www.cisco.com/en/US/products/ps6241/tsd_products_support_series_home.html

    This is a great monitoring solution that takes events in from all of
    our different security and networking products, as well as events from
    third-party firewall, IPS, etc products.

    There are also over 10 different monitoring solutions from our
    different AVVID partner program members as well.

    http://www.cisco.com/pcgi-bin/cpn/c..._id=811366&tab_name=findsp&SearchType=Advance

    So plenty of options here, and I'm sure at least one of these will fit
    your needs.

    --------------------------------------------------

    4. Auditing standpoint:

    The new Cisco Security Auditor product also fully supports the Cisco
    ASA 5500 Series.

    Introduction:

    http://www.cisco.com/en/US/products/ps6263/index.html

    Documentation:

    http://www.cisco.com/en/US/products/ps6263/tsd_products_support_series_home.html


    This product can help customers deal with regulatory compliance and
    ensure that devices throughout their network are following corporate
    security policies and industry best-practices.

    It can perform audits either online or offline, and will basically look
    at device configurations and compare them to policies that you have set
    or compare them to industry best practices.

    It has a variety of reporting capabilities as well to roll-up the audit
    results.

    --------------------------------------------------

    Hopefully, this sums up management of the Cisco ASA 5500 Series.

    Sincerely,

    Brad Reese
    BradReese.Com - Cisco Power Supply Headquarters
    http://www.bradreese.com/cisco-power-supply-inventory.htm
    1293 Hendersonville Road, Suite 17
    Asheville, North Carolina USA 28803
    USA & Canada: 877-549-2680
    International: 828-277-7272
    Fax: 775-254-3558
    AIM: R2MGrant
    BradReese.Com - Cisco Jobs
    http://www.bradreese.com/hot-jobs.htm
     
    www.BradReese.Com, Aug 8, 2006
    #2
    1. Advertisements

  3. Joerg Schuetter

    john smith Guest

    define manage.
    configuration management?
    vpn management?
    syslog/snmp management?
    remote access?
    etc etc...
     
    john smith, Aug 10, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.