© 2003, Cisco Systems, Inc. All rights reserved. CSPFA 3.118-1 Chapter 18 Enterprise PIX Firewall Maintenance.

Презентация:



Advertisements
Похожие презентации
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA Installing and Configuring CSA MC.
Advertisements

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 7 Configure the Cisco VPN Firewall Feature for IPSec Software Client.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 19 Introduction to Enterprise PIX Firewall Management.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 13 Configure the Cisco Virtual Private Network 3002 Hardware Client for Software.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 17 Configure the Cisco Virtual Private Network 3000 Series Concentrator for LAN-to-LAN.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 15 Configure the Cisco Virtual Private Network 3000 Series Concentrator for LAN-to-LAN.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 10 Configure the Cisco VPN 3002 Hardware Client for Remote Access Using Pre-Shared.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 11 Configure the Cisco Virtual Private Network 3002 Hardware Client for Unit and.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 17 Enterprise PIX Management.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 3 Cisco PIX Firewall Technology and Features.
© 2001, Cisco Systems, Inc. CSIDS Chapter 4 Cisco Secure Policy Manager Installation.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 8 Object Grouping.
© 2005 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA Installing CSA.
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lesson 6 Sensor Management and Monitoring.
Chapter 3: Installing CRM and CWSI on Windows NT 3-1 Copyright © 1998, Cisco Systems, Inc.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Managing Events.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Cisco Secure PIX Firewall Advanced 3.1.
Option_W_3
© 2002, Cisco Systems, Inc. All rights reserved. AWLF 3.0Module 7-1 © 2002, Cisco Systems, Inc. All rights reserved.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 8 Object Grouping.
Транксрипт:

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 18 Enterprise PIX Firewall Maintenance

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Objectives

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Objectives Upon completion of this chapter, you will be to complete the following tasks: Define key features and concepts of the AUS. Install the AUS. Configure the AUS to perform the following: –Update PIX Firewall configuration files and upgrade images. –Remotely manage dynamically addressed PIX Firewalls.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Introduction to the Auto Update Server

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA What Is the AUS? The AUS is a web-based application that facilitates the maintenance of PIX Firewalls. AUS

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Supported Devices The AUS supports PIX Firewalls with operating systems running version 6.0 and higher. In addition to software requirements, the AUS supports the following hardware: –PIX Firewall 501 –PIX Firewall 506E –PIX Firewall 515E –PIX Firewall 525 –PIX Firewall 535

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Installation Overview CiscoWorks Common Services is required for the AUS. Common Services provides the CiscoWorks with server based components, software libraries, and software packages developed for the AUS.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Installation Requirements Hardware –IBM PC-compatible computer with 1-GHz or faster CPU –Color monitor capable of viewing 256-colors –CD-ROM drive –10-BaseT or faster network connection Memory1 GB of RAM minimum Disk drive space –9 GB minimum –Fat32 or NTFS file system (NTFS recommended for security reasons) –2 GB of virtual memory Software –Windows 2000 Server or Professional, with Service Pack 2 –Open Database Connectivity (ODBC) Driver Manager or later

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Client Access Requirements Hardware –IBM PC-compatible computer with 300 MHZ or faster CPU – 10-BaseT or faster network connection Software –Windows 98, or –Windows NT 4.0, or –Windows 2000 Professional with Service Pack 2, or –Windows 2000 Server/Advanced Server with Service Pack 2, or –Windows XP Professional Memory256 MB of RAM minimum Disk drive space400 MB virtual memory BrowserInternet Explorer 5.5 or later

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Installation Process

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Installation Process (cont.)

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall Preparation and AUS Communication Settings

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA PIX MC and AUS Communication PIX MC AUS Config file

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA AUS Activation To activate AUS, you need to configure the following settings for the PIX Firewall on the PIX MC: Bootstrap the PIX Firewall. Import the PIX Firewall into the PIX MC. Configure the settings that the PIX Firewall will use to contact the AUS. Configure the method of identification to be used between the PIX Firewall and the AUS. Configure the information that PIX MC will use to contact the AUS for the selected group or device. Configure deployment of configuration files to the AUS for the selected group or device.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA AUS and PIX Firewall Communications Choose Configure>Settings>Servers and Services>Auto Update Server.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall Unique Identity Choose Configure>Settings>PIX Firewall Administration>Unique Identity.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA AUS Contact Information Choose Configure>Settings>PIX MC Controls>Auto Update Server Contact.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall Configuration Deployment Choose Configure>Settings>PIX MC Controls>Deployment.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Getting Started

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA CiscoWorks Login

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA AUS Interface Object Bar Page Instructions Path BarOptions BarTabsTools

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Devices, Images, and Assignments

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA AUSDevices

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA AUSImages

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA AUSAssignments

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA AssignmentsImages to a Device Choose Assignments>Images to a Device.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA AssignmentsImages to a Device (cont.)

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA AssignmentsAn Image to Devices Choose Assignments>Assign an Image to Devices.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Reports and Administration

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA ReportsSystem Information Choose Reports>System Info Report.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA ReportsEvent Report Choose Reports>Event Report.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA AdminNAT Settings Choose Admin>NAT Settings.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA AdminAUS Database Password Change Choose Admin>AUS Database Password Change.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Summary

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Summary The AUS provides a web-based interface for: Upgrading PIX Firewall software images. Upgrading PIX Device Manager images. Managing and deploying PIX Firewall configuration files.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Lab Exercise

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Q P.0 Lab Visual Objective.2.1 Student PC Syslog server PIX Firewall Web/FTP PIX Firewall.1 Remote : 10.1.P.11 Local: 10.0.P.11 Remote: 10.1.Q.11 Local: 10.0.Q P Q.0 RTS.100 RTS.100 Pods 1–5 Pods 6– Web/FTP RBB.2 bastion host: Web FTP P Q.0 bastionhost: Web FTP.1 Student PC Syslog server