1-4
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 1 Getting Started with Security Manager
Product Overview
Security Manager Policy Feature Sets
Security Manager provides the following primary feature sets for configuration policies:
Firewall Services
Configuration and management of firewall policies across multiple platforms, including IOS
routers, ASA/PIX devices, and Catalyst Firewall Service Modules (FWSMs). Features include:
Access control rules—Permit or deny traffic on interfaces through the use of access control lists
for both IPv4 and IPv6 traffic.
Botnet Traffic Filter rules—(ASA only.) Filter traffic based on known malware sites and
optionally drop traffic based on threat level.
Inspection rules—Filter TCP and UDP packets based on application-layer protocol session
information.
AAA/Authentication Proxy rules—Filter traffic based on authentication and authorization for
users who log into the network or access the Internet through HTTP, HTTPS, FTP, or Telnet
sessions.
Web filtering rules—Use URL filtering software, such as Websense, to deny access to specific
web sites.
ScanSafe Web Security—(Routers only.) Redirect HTTP/HTTPS traffic to the ScanSafe web
security center for content scanning and malware protection services.
Transparent firewall rules—Filter layer-2 traffic on transparent or bridged interfaces.
Zone-based firewall rules—Configure access, inspection, and web filtering rules based on zones
rather than on individual interfaces.
For more information, see Chapter 12, “Introduction to Firewall Services”.
Site-to-Site VPN
Setup and configuration of IPsec site-to-site VPNs. Multiple device types can participate in a single
VPN, including IOS routers, PIX/ASA devices, and Catalyst VPN Service Modules. Supported VPN
topologies are:
Point to point
Hub and spoke
Full mesh
Extranet (a point-to-point connection to an unmanaged device)
Supported IPsec technologies are:
Regular IPsec
GRE
GRE Dynamic IP
DMVPN
Easy VPN
GET VPN
For more information, see Chapter 24, “Managing Site-to-Site VPNs: The Basics”.
Remote Access VPN