How do I configure Security Manager to backup and audit the configuration on multiple Cisco Secure P (NETIQKB33624)

goal
How do I configure Security Manager to backup and audit the configuration on multiple Cisco Secure PIX firewalls?

goal
How do I configure Security Manager to collect performance data for multiple Cisco PIX firewalls?

fact
Security Manager 5.X

fact
Security Manager 4.20

fact
Security Manager 4.50

fix

In order to backup and audit the configuration or collect performance data on more than one Cisco Secure PIX firewall, you need to create new Processing Rule Groups and Computer Groups for each firewall to be monitored.  (The steps for creating these groups are listed below.)  After creating the group, you will then need to copy and modify the backup and configuration, collect firewall performance data and check firewall configuration update event processing rules.  If you want to monitor only one Cisco Secure PIX Firewall, follow the instructions in the Getting Started Wizard in the Development Console. The configuration steps available in the Getting Started Wizard are sufficient to monitor one Cisco Secure PIX firewall.

Although the Getting Started Wizard (GSW) sections in Security Manager 4.20 and 4.50 are different, the sentence above still covers both versions. In Security Manager 4.20, GSW has a help page that lists all the steps necessary to configure one PIX firewall. In  Security Manager 4.50, GSW has the configuration steps necessary to configure the customized rules directly.

Ensure you have performed the steps noted in the Security Manager Installation Guide to configure Cisco Secure PIX Firewall Module before proceeding. For example, for each additional firewall to be monitored, ensure you have installed a Security Manager agent with support for Cisco Secure PIX Firewall to act as a syslog logging host, setup an SSH connection, etc.

The tasks listed below are part of the process for configuring Security Manager support for multiple Cisco Secure PIX Firewalls.

I ? Creating new Computer Group and Processing Rule Groups:

1.  Start the ?Development Console? located in the NetIQ Security Manager program folder.
   
2. Create a computer group to include a computer acting as a syslog logging host by completing the following steps:
   
• e="FONT: 7pt 'Times New Roman'"> Select Computer Groups in the left pane.
• On the Action menu, click New | Computer Group.
• Follow the instructions until you have finished creating a computer group.
• When Security Manager asks if you would like to deploy a group of processing rules to computers matching this newly created computer group, click No.
  
3.  Create a processing rule group and associate it with the new Computer Group by completing the following steps:
   
• Expand Processing Rule Groups in the left pane.
• Select Cisco Secure PIX Firewall Processing Rule Group.
• On the Action menu, click New | Create Processing Rule Group.
• Follow the instructions until you have finished creating a processing rule group.
• When Security Manager asks if you would like to deploy the processing rules in the newly created processing rule group to a group of computers, click Yes.
• Click Add.
• Select the computer group you created in Step I-2, and then click OK.
• Click OK.

II ? Adding computer to Computer Groups:

&n.
bsp;

Add the syslog logging host computer in Cisco Secure PIX Firewall Computer Group and also, in the new Computer Group you created in step I-2.

1. Click the Computer Groups in the left pane in the Development Console.
2. Double click Cisco Secure PIX Firewall.
3. Click Add on the 'Included Computers' tab.
4. Select Equals from the Domain list and type the name of the domain in the Domain field.
5. Select Equals from the Computer list, type the name of the computer (syslog logging host) in the Computer field and click OK.
6. Repeat steps 2 to 5 to add the same computer in the Computer Group you created.

III ? Copy processing rules to new Processing Rule Groups:

 

Copy Backup and Audit Firewall Configuration (Customize), Collect Firewall Performance Data (Customize) and Check firewall configuration update (Customize) event processing rules from the Cisco Secure PIX Firewall (Shared) Processing Rule Group to the new Processing Rule Group you created in Step I-3.

1. Expand Processing Rule Groups in the left pane.
2. Expand Cisco Secure PIX Firewall processing rule group in the left pane.
3. Expand PIX Firewall Shared Rules and select Event Processing Rules.
4. In the right pane, right click the Backup and Audit Firewall Configuration (Customize) rule and click Copy.
5. Normal style="MARGIN: 0in 0in 0pt">Expand the new Processing Rule Group you created in step I-3.
6. Right click the Event Processing Rules and click Paste.
7. Repeat steps 3 to 6 to copy and paste Collect Firewall Performance Data (Customize) and Check firewall configuration update (Customize) rules.
8. Right click Security Manager Development Console (Default) and click Force Configuration Changes Now.

NOTE: Make sure Backup and Audit Firewall Configuration (Customize), Collect Firewall Performance Data (Customize) and Check firewall configuration update (Customize) event processing rules from the Cisco Secure PIX Firewall (Shared) Processing Rule Group stay disabled in Cisco Secure PIX Firewall (Shared) Processing Rule Group.

 

IV ? Enable and modify copied rules for Cisco Secure PIX Firewall:

 

Enable and modify following three event processing rules you copied by using steps available in Security Manager Installation Guide . The Installation Guide is also located under <Install Dir>\Program Files\MCS one point\Onepoint\Doc folder on the Central Computer.

• Backup and Audit Firewall Configuration (Customize)
• Collect Firewall Performance Data (Customize)
• Check firewall configuration update (Customize)

.

Formerly known as NETIQKB33624