Cisco Systems CL-28826-01 Manual

A SERVICE OF

next previous

1-4

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 1 Getting Started with Security Manager

Product Overview

Security Manager Policy Feature Sets

Security Manager provides the following primary feature sets for configuration policies:

• Firewall Services

Configuration and management of firewall policies across multiple platforms, including IOS

routers, ASA/PIX devices, and Catalyst Firewall Service Modules (FWSMs). Features include:

–

Access control rules—Permit or deny traffic on interfaces through the use of access control lists

for both IPv4 and IPv6 traffic.

–

Botnet Traffic Filter rules—(ASA only.) Filter traffic based on known malware sites and

optionally drop traffic based on threat level.

–

Inspection rules—Filter TCP and UDP packets based on application-layer protocol session

information.

–

AAA/Authentication Proxy rules—Filter traffic based on authentication and authorization for

users who log into the network or access the Internet through HTTP, HTTPS, FTP, or Telnet

sessions.

–

Web filtering rules—Use URL filtering software, such as Websense, to deny access to specific

web sites.

–

ScanSafe Web Security—(Routers only.) Redirect HTTP/HTTPS traffic to the ScanSafe web

security center for content scanning and malware protection services.

–

Transparent firewall rules—Filter layer-2 traffic on transparent or bridged interfaces.

–

Zone-based firewall rules—Configure access, inspection, and web filtering rules based on zones

rather than on individual interfaces.

For more information, see Chapter 12, “Introduction to Firewall Services”.

• Site-to-Site VPN

Setup and configuration of IPsec site-to-site VPNs. Multiple device types can participate in a single

VPN, including IOS routers, PIX/ASA devices, and Catalyst VPN Service Modules. Supported VPN

topologies are:

–

Point to point

–

Hub and spoke

–

Full mesh

–

Extranet (a point-to-point connection to an unmanaged device)

Supported IPsec technologies are:

–

Regular IPsec

–

GRE

–

GRE Dynamic IP

–

DMVPN

–

Easy VPN

–

GET VPN

For more information, see Chapter 24, “Managing Site-to-Site VPNs: The Basics”.

• Remote Access VPN