Re: [fw-wiz] Cisco Security Manager clone?

Check out Kiwi Cat Tools. I've used it for a while now and found it to be
quite helpful in a situation like yours. I manage a network with 67 ASA 5505
firewalls in remote offices connected back to a central ASA 5520 via IPSec
VPN. Kiwi works very well to push mass changes to these devices in minutes,
and has a nice handy feature in that you can schedule it to automatically
back up your configs to your management server for safe keeping. Kiwi is by
no means a replacement for CSM but it does a pretty good job.

It will interface to the devices via Telnet, SSH, etc. I personally
interface to my devices via SSH but your mileage and requirements may vary.
It also supports a wide variety of other Cisco devices - switches, routers,
etc. Licensing is by device count.

If I recall correctly you can download an eval copy of it and it will manage
a small set of devices fully functional so you can try it out and see if it
works for what you need.

Hope this helps. Good luck!

On Wed, Apr 30, 2008 at 11:01 AM, Mike Davis <mdavis@xxxxxxx> wrote:

This is my first posting so be gentle ;-)

I have an environment that is all Cisco based firewalls for my edge
protection and site to site vpns. I have a little over 100 remote sites
running on ASA 5505's with an AES Tunnel to both the primary (HQ) and
secondary (DR ) sites. It is working quite nicely and has been for years
now but the problem I have is this… all my remote site firewalls are not
centrally managed in the sense that I can make one change in a console and
push it globally to all my remote firewalls so that when a change is
required, I have to log into each and every one (I use SSH) and make the

I know that Cisco Security Manager will allow me to do that but at the
100K pricetag I was quoted from Cisco with the blink of an eye… I just
cannot put that into my budget.

Does anyone know of or can recommend any freeware or low-cost-ware
application that will allow me to monitor and make global config changes
without having to SSH to each one? The ability to segregate into groups and
manage based upon groups would certainly be a plus as well but not a

Thanks in advance!

*Mike Davis*

firewall-wizards mailing list

firewall-wizards mailing list