1-17
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter1 Getting Started with Security Manager
Using Configuration Manager - Overview
Task Flow for Configuring Security Policies
The basic user task flow for configuring security policies on devices involves adding devices to the
Security Manager inventory, defining the policies, and then deploying them to the devices. You perform
these tasks in Configuration Manager. The following briefly describes the steps in a typical user task
flow:
Step 1 Prepare devices for management.
Before you can add a device to the Security Manager device inventory and manage it, you must configure
some minimal settings on the device to enable Security Manager to contact it. For more information, see
Chapter 2, “Preparing Devices for Management”.
Step 2 Add devices to the Security Manager device inventory.
To manage a device with Security Manager, you must first add it to the Security Manager inventory.
Security Manager provides multiple methods to add devices: from the network (live devices), from an
inventory file exported from another Security Manager server or CiscoWorks Common Services Device
Credential Repository (DCR), or in Cisco Security Monitoring, Analysis and Response System
(CS-MARS) format, or from a device configuration file. You can also add a device that does not yet exist
in the network but which will be deployed in the future, by creating it in Security Manager.
When you add a device, you can also discover its interfaces and certain policies that were already
configured on the device. Discovery brings the information into the Security Manager database for
continued management with Security Manager in the future.
For more information, see Chapter 3, “Managing the Device Inventory”.
Step 3 Define security policies.
After you have added your devices, you can define the security policies you require. You can use Device
view to define policies on specific devices. You can use Policy view to create and manage reusable
policies that can be shared by any number of devices. When you make a change to a shared policy, the
change is applied to all devices to which that policy is assigned.
To simplify and speed up policy definition, you can use policy objects, which are named, reusable
representations of specific values. You can define an object once and then reference it in multiple
policies instead of having to define the values individually in each policy.
Note If you are using Workflow mode, you must create an activity before you start defining policies.
For more information, see Workflow and Activities Overview, page1-18.
For more information, see these topics:
Chapter 5, “Managing Policies”
Chapter 6, “Managing Policy Objects”
Step 4 Submit and deploy your policy definitions.
Policy definition is done within your private view. Your definitions are not committed to the database
and cannot be seen by other Security Manager users until you submit them. When you submit your policy
definitions, the system validates their integrity. Errors or warnings are displayed to inform you of any
problems that need to be addressed before the policies can be deployed to the devices.
Security Manager generates CLI commands according to your policy definitions and enables you to
quickly and easily deploy them to your devices. You can deploy directly to live devices in the network
(including dynamically addressed devices) through a secure connection, or to files that can be transferred
to your devices at any time.