57-4
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 57 Configuring Security Contexts on Firewall Devices
Managing Security Contexts
Managing Security Contexts
The Security Contexts page lists security contexts configured for the selected device. You can add, edit
and delete security contexts for an ASA, PIX 7.0+, or FWSM device running in multiple-context mode
from this page.
Tip Deleting a security context from an FWSM device removes the security context from the running
configuration of the device, but it does not delete the associated configuration file. This can cause
problems if you later add another security context with the same name as the one previously deleted.
This is a known issue for FWSM and is not connected to the behavior of Security Manager. A
work-around is to use the CLI to delete the configuration file from the device.
Remember, the security appliance must be in multiple-context mode in order for you to configure
contexts using Security Manager. See Enabling and Disabling Multiple-Context Mode, page57-1 for
more information.
Follow these steps to manage security contexts:
Step 4 Submit/deploy to generate the virtual firewalls as children of the base appliance.
You must create the desired contexts on the security appliance before you can begin
defining the individual settings of each context. To create contexts on the appliance,
you must define them, and then either submit changes in Workflow mode, or deploy
the changes to the security appliance in non-Workflow mode.
When you create a security context, a “virtual firewall device” appears beneath the
original security appliance in the Device View. Each virtual device is indicated by a
related device icon with a dotted outline, and its name is the base security appliance
name, underscore (_), context name. For example, the virtual device
asaMultiRouted_admin would represent the Admin context (named “admin”) on the
security appliance named “asaMultiRouted.” Similarly, asaMultiRouted_security1
would represent the security context “security1” on the same base appliance.
Result: Your changes are submitted or deployed (depending on the Workflow mode),
which in turn creates the Admin and security contexts as children of the base security
appliance.
For more information, see:
Workflow and Activities Overview, page 1-18
Submitting an Activity for Approval (Workflow Mode with Activity Approver),
page 4-20
Working with Deployment and the Configuration Archive, page 8-26
Step 5 Define additional settings for each security context.
You can now complete the definition of each security context by selecting a virtual
firewall device in the Device Selector and editing available policies, such as access
rules, translation options and so on.
Result: Each security context is fully defined, ready to operate as a virtual firewall.
Step Task