Managing ASA55xx with additional software

Hi

I'm looking for software to help me with managing my ASA firewalls. The gui which comes with the firewall doesn't help me at all. Solsoft has a program named "Firewall manager" which I started to evaluate. Does anyone know further software which could be used to manage my firewalls?

- number of firewalls: 3

- all admins can manage all firewalls

- access lists with logging

- vpn and so on

Joerg

Reply to
Joerg Schuetter
Loading thread data ...

Hi Joerg,

Email mkjones *at* cisco.com

Cisco and our AVVID partners offer a variety of applications to manage and monitor the Cisco ASA 5500 Series.

One can look at this as four different categories of solutions:

  1. Single device management
  2. Multi-device management
  3. Centralized monitoring
  4. Auditing

--------------------------------------------------

  1. Single device management standpoint:

Cisco provides an integrated web user interface called Cisco Adaptive Security Device Manager ( ASDM for short ).

Introduction:

formatting link
Documentation:

formatting link
It provides comprehensive management and monitoring of a single Cisco ASA 5500 Series appliance ( including services such as IPS that are delivered via an AIP SSM module - all from a single GUI ).

Of course you can also manage the system via CLI ( which is nearly identical to the Cisco PIX CLI, just extended to support all of the additional services ASA offers ).

The AIP-SSM module has its own CLI, but that is completely abstracted when you are using the web-based device manager.

Other remote management features include SSH, telnet, and console/AUX access to the system.

Cisco also supports the concept of an out-of-band management port, where all management traffic is required to go through.

And we support many methods for transferring files, like SCP, HTTP, HTTPS, FTP, and TFTP.

Of course, Cisco also supports SNMP, syslog, and SDEE for monitoring purposes.

--------------------------------------------------

  1. Multi-device management standpoint:

There are at least two different solutions that I am aware of.

We are in the process of updating CiscoWorks VMS to have full support for all the different services offered by the Cisco ASA 5500 Series.

Introduction:

formatting link
Documentation:

formatting link
We will be entering beta soon with this solution - if you are interested in beta testing, please contact your Cisco account team and let them know.

Contact Cisco:

formatting link
As you are aware Solsoft, one of our AVVID program partners, has updated their Policy Server product to manage the firewall, IPSec VPN, and IPS services of the Cisco ASA 5500 Series.

formatting link
and

formatting link

--------------------------------------------------

  1. Centralized monitoring standpoint:

Cisco offers at least two solutions, the primary being our Cisco MARS solution.

Introduction:

formatting link
Documentation:

formatting link
This is a great monitoring solution that takes events in from all of our different security and networking products, as well as events from third-party firewall, IPS, etc products.

There are also over 10 different monitoring solutions from our different AVVID partner program members as well.

formatting link
So plenty of options here, and I'm sure at least one of these will fit your needs.

--------------------------------------------------

  1. Auditing standpoint:

The new Cisco Security Auditor product also fully supports the Cisco ASA 5500 Series.

Introduction:

formatting link
Documentation:

formatting link

This product can help customers deal with regulatory compliance and ensure that devices throughout their network are following corporate security policies and industry best-practices.

It can perform audits either online or offline, and will basically look at device configurations and compare them to policies that you have set or compare them to industry best practices.

It has a variety of reporting capabilities as well to roll-up the audit results.

--------------------------------------------------

Hopefully, this sums up management of the Cisco ASA 5500 Series.

Sincerely,

Brad Reese BradReese.Com - Cisco Power Supply Headquarters

formatting link
Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 USA & Canada: 877-549-2680 International: 828-277-7272 Fax: 775-254-3558 AIM: R2MGrant BradReese.Com - Cisco Jobs
formatting link

Reply to
www.BradReese.Com

define manage. configuration management? vpn management? syslog/snmp management? remote access? etc etc...

Reply to
john smith

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.