3-4
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 3 Managing the Device Inventory
Understanding the Device Inventory
All physical devices appear in the device selectors. In addition, these are the types of virtual devices that
appear in the device selectors:
Security Contexts—You can define security contexts on PIX Firewall, FWSM, and ASA devices.
Security contexts act as virtual firewalls. By default, security contexts appear in the device selectors
using this naming convention: host-display-name_context-name, where host-display-name is the
display name of the device on which the context is defined, and context-name is the name of the
security context. For example, the admin security context on the device named firewall12 would be
called firewall12_admin.
Tip You can control whether the display name is added to the context name using the Prepend Device Name
when Generating Security Context Names property on the Discovery settings page (see Discovery
Page, page 11-21). However, if you do not add the display name, it is very difficult to determine the
hosting device for a context, and the context names are not sorted with the host device (they do not
appear in a folder attached to the host device). If you do not add the display name, Security Manager
adds a numeric suffix to the context name if more than one context of the same name is added to the
inventory (for example, admin_01, admin_02), and these numbers are not related to the host device.
Virtual Sensors—You can define virtual sensors on IPS devices. Virtual sensors appear in device
selectors using the host-display-name_virtual-sensor-name naming convention, and there is not a
discovery setting to control this convention.
Tip You can always change the display name for a virtual sensor, security context, or other type of device in
the device’s properties.
Besides the naming conventions for virtual devices, you also need to understand the relationship between
various types of device names:
Display name—The display name is simply the name that appears within Security Manager in
device selectors. This name does not have to be related to any name actually defined on the device.
When you add devices to the inventory, a display name is suggested based on the DNS name or IP
address you enter, but you can use whatever naming convention you want to use.
DNS name—The DNS name you define for a device must be resolvable by the DNS server
configured for the Security Manager server.
IP address—The IP address you define for a device should be the management IP address for the
device.
Hostname—When you discover a device, the hostname property that is shown in the device
properties is taken from the device’s configuration. If you add devices using configuration files, and
a file does not contain a hostname command, the initial hostname is the name of the configuration
file.
However, the hostname device property is not updated if you change the hostname on the device.
There is a Hostname policy in the device platform policy area, and it is this Hostname policy that
determines the hostname that is defined on the device.
Understanding Device Credentials
Security Manager requires credentials for logging in to devices. You can provide device credentials in
two ways: