45-2
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 45 Managing Firewall Devices
Default Firewall Configurations
The Adaptive Security Appliance service module (ASA-SM) provides high-speed security services
across Layers 2 through 7, and you can install up to four ASA-SM blades in a single switch, providing
scalability to 64 Gbps. See Cisco Catalyst 6500 Series ASA Services Module for more information.
Note While the ASA-SM is a blade installed in a Catalyst 6500 switch—much like the FWSM physically—it
is an ASA device, and it is documented as such. That is, refer to ASA-related topics for information
about the ASA-SM. Where necessary, caveats and differences between the Service Module and the ASA
appliance are noted.
Default Firewall Configurations
Firewall devices are shipped with certain settings already configured. When you manually add a newly
installed firewall device to Cisco Security Manager, you should discover (import) the pre-set or default
policies for that device. Importing these policies into Security Manager prevents them being
unintentionally removed the first time you deploy a configuration to that device. For more information
about importing policies, see Discovering Policies, page 5-12.
Cisco Security Manager provides a set of configuration files that contain default policies for a number
of device types and versions. These configuration files are located in the directory:
<install_dir>\CSCOpx\MDC\fwtools\pixplatform\ (for example, C:\Program
Files\CSCOpx\MDC\fwtools\pixplatform\).
The file name indicates device type, operating system version, context support, and operation type. For
example, “FactoryDefault_FWSM2_2_MR.cfg” is the configuration file for an FWSM, version 2.2, with
support for Multiple contexts, operating in Routed mode. Similarly,
“FactoryDefault_ASA7_0_1_ST.cfg” is the configuration file for an ASA, version 7.0.1, in
Single-context, Transparent mode.
Refer to Interfaces in Single and Multiple Contexts, page 45-5 for more about security contexts, and
Interfaces in Routed and Transparent Modes, page 45-4 for more about routed and transparent operation.
See Adding Devices from Configuration Files, page3-20 for information about adding new devices from
the supplied configuration files.
Configuring Firewall Device Interfaces
The Interfaces page displays configured physical interfaces, logical interfaces, and redundant interfaces,
as well as hardware ports and bridge groups, for the selected device. From this page, you can add, edit
and delete interfaces; enable communication between interfaces on the same security level; and manage
VPDN groups and PPPoE users.
Note The Interfaces page displayed for ASA 5505 devices presents two tabbed panels: Hardware Ports and
Interfaces. Similarly, the Interfaces page displayed for the Catalyst 6500 services modules (ASA-SMs
and FWSMs) operating in transparent mode also presents two tabbed panels: Interfaces and Bridge
Groups.
Navigation Path
To access the Interfaces page, select a security device in Device View and then select Interfaces from
the Device Policy selector.