Table of Contents
Advertisement
Chapter 4
Configuring Firewall Devices
(Optional) If you defined an access IP and selected and configured an access type, click Discover to
Step 10
determine the device settings, including any security contexts and their settings.
Result: If the username and password are correct and the MARS Appliance is configured as an
administrative host for the device, the "Discovery is done." dialog box appears when the discovery
operation completes. Otherwise, an error message appears. After the initial pull, the MARS Appliance
pulls based on the schedule that you define. For more information, see
page
Step 11
To add this device to the MARS database, click Submit.
Result: The submit operation records the changes in the database tables. However, it does not load the
changes into working memory of the MARS Appliance. The activate operation loads submitted changes
into working memory.
Step 12
Click Activate.
Result: MARS begins to sessionize events generated by this device and evaluate those events using the
defined inspection and drop rules. Any events published by the device to MARS before activation can
be queried using the reporting IP address of the device as a match criterion. For more information on the
activate action, see
Add Security Contexts Manually
You can manually define security contexts in PIX 7.0, Cisco ASA, or FWSM.
Do one of the following:
Step 1
•
•
78-17020-01
2-39.
Activate the Reporting and Mitigation Devices, page
(PIX 7.0 and FWSM) Click Add Context.
(Cisco ASA) Click Add Module.
Cisco Firewall Devices (PIX, ASA, and FWSM)
Scheduling Topology Updates,
2-27.
User Guide for Cisco Security MARS Local Controller
4-11
Advertisement
Table of Contents
Troubleshooting
