Cisco CS-MARS-20-K9 - Security MARS 20 User Manual page 138

Cisco Firewall Devices (PIX, ASA, and FWSM)
Enter the IP address of the interface that publishes syslog messages or SNMP notifications, or both in
Step 5
the Reporting IP field.
If the device is running Cisco ASA, PIX 7.0, or FWSM, this address corresponds to the address from
Note
which the admin context syslog messages are published.
To learn more about the reporting IP address, its role, and dependencies, see
Reporting IP, and Interface Settings, page
If you entered an address in the Access IP field, select TELNET, SSH, or FTP from the Access Type
Step 6
list, and continue with the procedure that matches your selection:
Configure Telnet Access for Devices in MARS, page 2-11
•
Configure SSH Access for Devices in MARS, page 2-12
•
Configure FTP Access for Devices in MARS, page 2-12
•
If you select the FTP access type and you are defining a Cisco ASA, PIX 7.0, or FWSM, you cannot
Note
discover the non-admin context settings. Therefore, this access type is not recommended.
For more information on determining the access type, see
(Optional) To enable MARS to retrieve MIB objects for this reporting device, enter the device's
Step 7
read-only community string in the SNMP RO Community field.
Before you can specify the SNMP RO string, you must define an access IP address. MARS uses the
SNMP RO string to read MIBs related to a reporting device's CPU usage, network usage, and device
anomaly data and to discover device and network settings .
(Optional) To enable MARS to monitor this device for anomalous resource usage, select Yes from the
Step 8
Monitor Resource Usage list.
Result: MARS monitors the device for anomalous consumption of resources, such as memory and CPU.
If anomalies are detected, MARS generates an incident. Resource utilization statistics are also used to
generate reports. For more information, see
(Cisco ASA, FWSM, and PIX 7.0 Only) do one of the following:
Step 9
Click Discover to let MARS contact the device and conduct a topology and context configuration
•
discovery. Information about the security contexts is presented in the Context section of the main
page. To edit discovered contexts, continue with
Click Next to commit your changes and allow for manual definition of security contexts or modules.
•
Continue with
or
For PIX and FWSM, you can add one or more security contexts. For Cisco ASA, you can add one
or more security contexts or Advanced Inspection and Prevention (AIP) modules, running the Cisco
IPS 5.x software.
User Guide for Cisco Security MARS Local Controller
4-10
Add Security Contexts Manually, page
Add an IPS Module to a Cisco Switch or Cisco ASA, page
2-8.
Selecting the Access Type, page
Configuring Resource Usage Data, page
Edit Discovered Security Contexts, page
4-11, Add Discovered Contexts, page
6-11.
Chapter 4 Configuring Firewall Devices
Understanding Access IP,
2-10.
2-41.
78-17020-01
4-13.
4-12,