9-17
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter9 Troubleshooting Device Communication and Deployment
Troubleshooting Deployment
5. Deploy the configuration to the device again.
After you set the value to true, discovery and deployment checks the CPU utilization and generates
error messages if the CPU utilization is not within the configured value set in the
DCS.FWSM.minThresholdLimit property. The default value is 85.
Related Topics
Chapter 65, “Managing Cisco Catalyst Switches and Cisco 7600 Series Routers”
Changing How Security Manager Deploys Configurations to Multiple-Context FWSM
If you configure a Firewall Services Module (FWSM) to run in multiple context mode, so that you host
more than one security context on the FWSM, you need to configure Security Manager to deploy
configurations serially to the FWSM. The FWSM has some limitations that can prevent successful
deployments if more than one context is updated at the same time, so you might run into deployment
failures if you do not use serial deployment. There can also be an impact on FWSM performance during
deployment if you do not use serial deployment.
To change how Security Manager deploys configurations to multiple-context FWSM, you need to update
the DCS.properties file. You also need to add the FWSM contexts to the inventory using the FWSM
admin context, rather than adding the individual security contexts.
The following procedure explains the end-to-end process for ensuring that FWSM deployments are done
serially.
Step 1 Make it a standard practice to add FWSM security contexts using the admin context management IP
address. Manage the contexts through the admin context.
Although it is possible to add security contexts for an FWSM individually, using each context’s
management IP address, Security Manager cannot recognize these individually-added contexts as being
hosted on the same physical device. This prevents Security Manager from doing serial deployments to
the contexts.
If you have any FWSM security contexts that you added using the security context management IP,
delete the contexts and FWSM from the inventory, then add them using the admin context (discover all
policies). See Adding Devices to the Device Inventory, page 3-6.
Tip If you have any undeployed changes to these contexts that you want to keep, first deploy the
changes to ensure that the configurations on the device are complete. Do the deployments one
context at a time.
Step 2 Log into Windows on the Security Manager server and edit the DCS.properties file in the
\CSCOpx\MDC\athena\config folder in the installation directory (usually c:\Program Files). Use a text
editor such as NotePad to update the file.
Step 3 Locate the DCS.doSerialAccessForFWSMVCs property in the DCS.properties file and set it to true:
DCS.doSerialAccessForFWSMVCs=true
Step 4 Restart the CiscoWorks Daemon Manager.