Re: [fw-wiz] Cisco Security Manager clone?



Check out Kiwi Cat Tools. I've used it for a while now and found it to be
quite helpful in a situation like yours. I manage a network with 67 ASA 5505
firewalls in remote offices connected back to a central ASA 5520 via IPSec
VPN. Kiwi works very well to push mass changes to these devices in minutes,
and has a nice handy feature in that you can schedule it to automatically
back up your configs to your management server for safe keeping. Kiwi is by
no means a replacement for CSM but it does a pretty good job.

It will interface to the devices via Telnet, SSH, etc. I personally
interface to my devices via SSH but your mileage and requirements may vary.
It also supports a wide variety of other Cisco devices - switches, routers,
etc. Licensing is by device count.

If I recall correctly you can download an eval copy of it and it will manage
a small set of devices fully functional so you can try it out and see if it
works for what you need.

Hope this helps. Good luck!

On Wed, Apr 30, 2008 at 11:01 AM, Mike Davis <mdavis@xxxxxxx> wrote:

This is my first posting so be gentle ;-)



I have an environment that is all Cisco based firewalls for my edge
protection and site to site vpns. I have a little over 100 remote sites
running on ASA 5505's with an AES Tunnel to both the primary (HQ) and
secondary (DR ) sites. It is working quite nicely and has been for years
now but the problem I have is this… all my remote site firewalls are not
centrally managed in the sense that I can make one change in a console and
push it globally to all my remote firewalls so that when a change is
required, I have to log into each and every one (I use SSH) and make the
changes.

I know that Cisco Security Manager will allow me to do that but at the
100K pricetag I was quoted from Cisco with the blink of an eye… I just
cannot put that into my budget.



Does anyone know of or can recommend any freeware or low-cost-ware
application that will allow me to monitor and make global config changes
without having to SSH to each one? The ability to segregate into groups and
manage based upon groups would certainly be a plus as well but not a
requirement.



Thanks in advance!



*Mike Davis*



_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • Re: [fw-wiz] Cisco Security Manager clone?
    ... I have an environment that is all Cisco based firewalls for my edge ... I have a little over 100 remote sites ... I have to log into each and every one (I use SSH) ... I know that Cisco Security Manager will allow me to do that but at the ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Cisco Security Manager clone?
    ... I have an environment that is all Cisco based firewalls for my edge ... I have a little over 100 remote ... I know that Cisco Security Manager will allow me to do that but at the ... changes without having to SSH to each one? ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Cisco Security Manager clone?
    ... if you want to analyze these firewalls for risk or cleanup, ... I have a little over 100 remote sites ... I know that Cisco Security Manager will allow me to do that but at the 100K ... without having to SSH to each one? ...
    (Firewall-Wizards)
  • Re: OT: Cisco Equipment
    ... I need to learn how to use some firewalls and stuff. ... Suppose you have a front door to your ... loads of networks, different infrastructures, and different systems. ... cisco box and it is definatly different!) ...
    (uk.comp.homebuilt)
  • Re: Hardware Firewall
    ... if you're going to put together a course about Hardware ... you need to include other vendors and not just Cisco. ... of course your course is about Cisco firewalls. ... A good source for which firewall vendor you should cover might be ...
    (Security-Basics)