58-3
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter58 Managing Routers
Discovering Router Policies
FlexConfigs. See Chapter 7, “Managing FlexConfigs”.
All other policies require Cisco IOS Software Release 12.3 or higher. For more information about
supported devices, see Supported Devices and Software Versions for Cisco Security Manager.
Discovering Router Policies
You can discover the configurations of your Cisco IOS routers and import these configurations as
policies into Security Manager. This makes it possible to add existing devices and manage them with
Security Manager without having to manually configure each device policy by policy. For more
information, see Adding Devices to the Device Inventory, page 3-6.
You can discover all Cisco IOS commands that can be configured with Security Manager. Discovery
ignores unsupported commands, which means that they are left intact on the device even after subsequent
deployments. Additionally, in cases where Security Manager can discover the command, but not all the
subcommands and keywords related to that command, the unsupported elements are ignored and left
intact on the device.
You can also rediscover the configurations of devices that you are already managing with Security
Manager at any time. Be aware, however, that performing rediscovery overwrites the policies that you
have defined in Security Manager, and is therefore not generally recommended. For more information,
see Discovering Policies on Devices Already in Security Manager, page5-15.
Note We recommend that you perform deployment immediately after you discover the policies on a Cisco IOS
router, before you make any changes to policies or unassign policies from the device. Otherwise, the
changes that you configure in Security Manager might not be deployed to the device.
Note If a policy that is not configured in Security Manager was configured on the device using an out-of-band
method (such as the CLI) between the time of the first discovery and rediscovery, we recommend that
you perform deployment immediately after rediscovery.
Related Topics
Understanding Policies, page 5-1
Discovering Policies, page 5-12
Working with Deployment and the Configuration Archive, page 8-26