Table of Contents
Advertisement
Chapter 16
Policy Table Lookup on Cisco Security Manager
Add a Cisco Security Manager Server to MARS
The Security Manager server is represented in MARS by defining a host with a software application
residing on that host. Once you have identified the reporting devices to a Local Controller, you can add
the Security Manager server that manages the policies for those reporting devices.
Each Local Controller can query one Security Manager server only; you cannot define more than one
Security Manager server per Local Controller. You can define the same Security Manager server on
multiple Local Controllers. When planning the zones for Global Controller/multi-Local Controller
deployments, ensure that each Local Controller maps to the Security Manager server that manages the
reporting devices monitored by that Local Controller.
To identify a Security Manager server to use for policy lookups from within the web interface of MARS,
follow these steps;
Select Admin > System Setup > Security and Monitor Devices > Add.
Step 1
Do one of the following:
Step 2
•
•
Specify values for the following fields:
Step 3
•
•
•
•
Under Enter interface information, enter the interface name, IP address, and netmask value of each
Step 4
interface in the Security Manager server from which configuration information will be queried.
This address represents the physical IP address of the Security Manager server. This information is used
to ensure that the topology generated by MARS represents all network connections for the
Security Manager server. It is also used to calculate possible attack paths that might include the
Security Manager server.
Click Apply to save these settings.
Step 5
78-17020-01
http://www.cisco.com/en/US/products/sw/cscowork/ps3996/products_user_guide_chapter09186a0
08022f958.html#wp339451
Select Add SW Security apps on a new host from the Device Type list, and continue with
Select Add SW security apps on existing host from the Device Type list. Select the device to which
you want to add the software application and click Add. Continue with
Device Name — Enter the name of the device. This name must exactly match the hostname shown
in the Cisco Security Manager user interface. MARS maps this name to the reporting IP address.
This name is used in topology maps, queries, and as the primary management station in the Security
and Monitoring Device list.
Access IP — This s address is used to pull query data from a Security Manager server using HTTPS,
enabling MARS to discover settings and perform policy queries from this device. This address
represents the physical IP address of the Security Manager server. To learn more about the access
IP address, its role, and dependencies, see
Settings, page
2-8.
Reporting IP — (Optional) If the Security Manager server is host to a reporting device other than
Cisco Security Manager, enter the IP address of the interface in the Security Manager server from
which MARS. This address represents the physical IP address of the Security Manager server. To
learn more about the reporting IP address, its role, and dependencies, see
Reporting IP, and Interface Settings, page
Operating System — (Optional) If the Security Manager server is host to a reporting device other
than Cisco Security Manager, you may need to specify the operating system type.
Add a Cisco Security Manager Server to MARS
Understanding Access IP, Reporting IP, and Interface
2-8.
User Guide for Cisco Security MARS Local Controller
Step 3
Step
6.
Understanding Access IP,
16-13
Advertisement
Table of Contents
Troubleshooting
