Cisco Systems CL-28826-01 Showing Device Containment

3-53

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 3 Managing the Device Inventory

Working with the Device Inventory

Step 2 Share the local policies defined on the device:

a. Right-click the device in the Device selector, then select Share Device Policies. By default, all

policies configured on the device (local and shared) are selected for sharing in the Share Policies

wizard.

b. Deselect the check box next to each existing shared policy, as indicated by the hand in the policy

icon. You should do this because there is no need to create a copy of the shared policies that already

exist; you will reassign the existing shared policies after the image version upgrade.

c. Enter a name for the shared policies. We recommend using the device name as a convenient means

of identification. For example, if the device name is MyRouter, each shared policy is given the name

MyRouter. Make a note of all the policies you are creating for this purpose.

d. Click Finish. The selected local policies become shared policies.

Step 3 Delete the device from Security Manager.

Step 4 Make the desired change to the device, for example, upgrade the image version, change the operational

mode, or replace the device.

Step 5 Add the device back to Security Manager and perform policy discovery.

Step 6 Reassign the policies to the device:

a. Right-click the first policy type displayed in the Device Policies selector, then select Assign Shared

Policy.

b. In the Assign Shared Policy dialog box, do one of the following:

•If a local policy was previously defined on the device, select the shared policy you created for

this procedure and click OK.

•If a shared policy of this type was previously assigned to the device, select it and click OK.

c. (Local policies only) Right-click the policy type again in the Device Policies selector, then select

Unshare Policy.

d. Repeat the process for each policy type that is relevant to the device’s configuration. If a shared

policy is not available, this indicates that this is a policy type that was not available for the previous

image version.

Step 7 (Optional) Delete the shared policies created for this procedure from Policy view:

a. Select View > Policy View or click the Policy View icon on the toolbar.

b. Select one of the policies you want to delete and click the Assignments tab in the work area to verify

that the policy is not assigned to any devices.

c. Click the Delete Policy button beneath the Shared Policy selector to delete the policy.

d. Repeat the process for each policy type that you want to delete.

Showing Device Containment

You can display the service modules, security contexts, and virtual sensors that are contained in devices

that include them. Based on the type of device, you can view these contained elements:

•Catalyst 6500 devices—The IDSM and FWSM service modules, security contexts, and virtual

sensors.