57-2
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 57 Configuring Security Contexts on Firewall Devices
Checklist for Configuring Multiple Security Contexts
Similarly, Cisco Security Manager does not support restoring an existing device to single-context mode.
To perform this task, you must delete the device and any of its child contexts from Security Manager,
restore single-context operation using a device manager or CLI input, and then add the device again to
Security Manager.
Note When manually defining a single-context device, choose Single from the Contexts list in the Operating
System section of the New Device - Device Information dialog box.
Related Topics
Checklist for Configuring Multiple Security Contexts, page57-2
Managing Security Contexts, page 57-4
Add/Edit Security Context Dialog Box (PIX/ASA), page 57-7
Add/Edit Security Context Dialog Box (FWSM), page 57-5
Checklist for Configuring Multiple Security Contexts
Security contexts allow a single physical device to act as multiple independent firewalls. Each security
context defines a single virtual firewall, complete with its own configuration—and just as with physical
devices, each security context must be correctly configured, or overall security can be compromised.
Thus, defining and configuring multiple firewalls on the same physical appliance requires special care.
The following checklist outlines the basic steps necessary to configure a firewall device with multiple
security contexts. Each of these steps may involve multiple substeps; all steps should be performed in
the order presented. For example, you must define interfaces before configuring the various contexts.
Step Task
Step 1 Define interfaces and subinterfaces, or VLANs, on the physical appliance.
In this task, you define the interfaces and subinterfaces, or VLANs on FWSMs, that
will be allocated to the various security contexts when you create them later. Provide
physical interface parameters, such as connection type (Ethernet, GigabitEthernet,
etc.), hardware Port ID, speed, and duplex mode, as well as VLAN ID if defining a
subinterface.
Result: All interfaces and subinterfaces are defined.
For more information, see Configuring Firewall Device Interfaces, page45-2.