Cisco Asdm 7 User Guide
Have a look at the manual Cisco Asdm 7 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
32-21 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Using the CSC SSM GUI Step 6Click Configure Web Reputation to open a screen for configuring the Web Reputation service on the CSC SSM. What to Do Next See the “Mail” section on page 32-21. Mail The Mail pane lets you see whether or not e-mail-related features are enabled and lets you access the CSC SSM GUI to configure these features. To configure e-mail related features, choose Configuration > Trend Micro Content Security > Mail. This section includes the following topics: SMTP Tab, page 32-21 POP3 Tab, page 32-22 SMTP Tab NoteTo access the CSC SSM, you must reenter the CSC SSM password. Sessions in the CSC SSM browser time out after ten minutes of inactivity. If you close the CSC SSM browser and click another link in ASDM, you are not prompted for the CSC SSM password again, because one session is already open. To configure SMTP scanning, perform the following steps: Step 1Click the SMTP Ta b. Step 2The Incoming Scan area is display-only and shows whether or not the incoming SMTP scanning feature is enabled on the CSC SSM. Click Configure Incoming Scan to open a screen for configuring incoming SMTP scan settings on the CSC SSM. Step 3The Outgoing Scan area is display-only and shows whether or not the outgoing SMTP scanning feature is enabled on the CSC SSM. Click Configure Outgoing Scan to open a screen for configuring outgoing SMTP scan settings on the CSC SSM. Step 4The Incoming Filtering area is display-only and shows whether or not content filtering for incoming SMTP e-mail is enabled on the CSC SSM. Click Configure Incoming Filtering to open a screen for configuring incoming SMTP e-mail content filtering settings on the CSC SSM. Step 5The Outgoing Filtering area is display-only and shows whether or not content filtering for outgoing SMTP e-mail is enabled on the CSC SSM. Click Configure Outgoing Filtering to open a screen for configuring outgoing SMTP e-mail content filtering settings on the CSC SSM. Step 6The Anti-spam area is display-only and shows whether or not the SMTP anti-spam feature is enabled on the CSC SSM. Click Configure Anti-spam to open a screen for configuring SMTP anti-spam settings, including E-mail Reputation, on the CSC SSM.
32-22 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Using the CSC SSM GUI Step 7The Global Approved List area is display-only and shows whether or not the SMTP global approved list feature is enabled on the CSC SSM. Click Configure Global Approved List to open a screen for configuring SMTP global approved list settings on the CSC SSM. POP3 Tab NoteTo access the CSC SSM, you must reenter the CSC SSM password. Sessions in the CSC SSM browser time out after ten minutes of inactivity. If you close the CSC SSM browser and click another link in ASDM, you are not prompted for the CSC SSM password again, because one session is already open. To configure POP3 scanning, perform the following steps: Step 1Click the POP3 Ta b. Step 2The Scanning area is display-only and shows whether or not POP3 e-mail scanning is enabled on the CSC SSM. Click Configure Scanning to open a window for configuring POP3 e-mail scanning on the CSC SSM. Step 3The Anti-spam area is display-only and shows whether or not the POP3 anti-spam feature is enabled on the CSC SSM. Click Configure Anti-spam to open a window for configuring the POP3 anti-spam feature on the CSC SSM. Step 4The Content Filtering area is display-only and shows whether or not POP3 e-mail content filtering is enabled on the CSC SSM. Click Configure Content Filtering to open a window for configuring POP3 e-mail content filtering on the CSC SSM. Step 5The Global Approved List area is display-only and shows whether or not the POP3 global approved list feature is enabled on the CSC SSM. Click Configure Global Approved List to open a screen for configuring POP3 global approved list settings on the CSC SSM. What to Do Next See the “File Transfer” section on page 32-22. File Transfer The File Transfer pane lets you view whether or not FTP-related features are enabled and lets you access the CSC SSM for configuring FTP-related features. NoteTo access the CSC SSM, you must reenter the CSC SSM password. Sessions in the CSC SSM browser time out after ten minutes of inactivity. If you close the CSC SSM browser and click another link in ASDM, you are not prompted for the CSC SSM password again, because one session is already open. To view the status or configure FTP-related features, perform the following steps: Step 1Click the File Transfer tab.
32-23 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Using the CSC SSM GUI The File Scanning area is display-only and shows whether or not FTP file scanning is enabled on the CSC SSM. Step 2Click Configure File Scanning to open a window for configuring FTP file scanning settings on the CSC SSM. The File Blocking area is display-only and shows whether or not FTP blocking is enabled on the CSC SSM. Step 3Click Configure File Blocking to open a window for configuring FTP file blocking settings on the CSC SSM. What to Do Next See the “Updates” section on page 32-23. Updates The Updates pane lets you view whether or not scheduled updates are enabled and lets you access the CSC SSM for configuring scheduled updates. NoteTo access the CSC SSM, you must reenter the CSC SSM password. Sessions in the CSC SSM browser time out after ten minutes of inactivity. If you close the CSC SSM browser and click another link in ASDM, you are not prompted for the CSC SSM password again, because one session is already open. To view the status or configure scheduled update settings, perform the following steps: Step 1Click the Updates tab. The Scheduled Updates area is display-only and shows whether or not scheduled updates are enabled on the CSC SSM. The Scheduled Update Frequency area displays information about when updates are scheduled to occur, such as “Hourly at 10 minutes past the hour.” The Component area displays names of parts of the CSC SSM software that can be updated. In the Components area, the Scheduled Updates area is display-only and shows whether or not scheduled updates are enabled for the corresponding components. Step 2Click Configure Updates to open a window for configuring scheduled update settings on the CSC SSM. NoteIf you restart the ASA, the SSM is not automatically restarted. For more information, see the “Managing SSMs and SSCs” section in the CLI configuration guide.
32-24 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Monitoring the CSC SSM What to Do Next See the “Monitoring the CSC SSM” section on page 32-24. Monitoring the CSC SSM ASDM lets you monitor the CSC SSM statistics as well as CSC SSM-related features. NoteIf you have not completed the CSC Setup Wizard in Configuration > Trend Micro Content Security > CSC Setup, you cannot access the panes under Monitoring > Trend Micro Content Security. Instead, a dialog box appears and lets you access the CSC Setup Wizard directly from Monitoring > Trend Micro Content Security. This section includes the following topics: Threats, page 32-24 Live Security Events, page 32-25 Live Security Events Log, page 32-25 Software Updates, page 32-26 Resource Graphs, page 32-27 Threats To view information about various types of threats detected by the CSC SSM in a graph, perform the following steps: Step 1Choose Monitoring > Trend Micro Content Security > Threats. The Available Graphs area lists the components whose statistics you can view in a graph. You can include a maximum of four graphs in one frame. The graphs display real-time data in 12-second intervals for the following: Viruses detected URLs filtered, URLs blocked Spam detected Files blocked Spyware blocked Damage Cleanup Services Step 2The Graph Window Title lists the types of statistics available for monitoring. You can choose up to four types of statistics to show in one graph window. You can open multiple graph windows at the same time. The statistics already included in the graph window appear in the Selected Graphs list. Step 3To move the selected statistics type in the Available Graphs For list to the Selected Graphs list, click Add.
32-25 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Monitoring the CSC SSM Step 4To remove the selected statistics type from the Selected Graphs list, click Remove. The button name changes to Delete if the item you are removing was added from another pane, and is not being returned to the Available Graphs pane. Step 5To display a new window that shows a Graph tab and an updated graph with the selected statistics, click Show Graphs. Click the Ta b l e tab to display the same information in tabular form. Step 6From the Graph or Table tab, click Export in the menu bar or choose File > Export to save the graph or tabular information as a file on your local PC. Step 7From the Graph or Table tab, click Print in the menu bar or choose File > Print to print the information displayed in the window. What to Do Next See the “Live Security Events” section on page 32-25. Live Security Events To view live, real-time security events in a separate window, perform the following steps: Step 1Choose Monitoring > Trend Micro Content Security > Live Security Events. The Buffer Limit field shows the maximum number of log messages that you may view. The default is 1000. Step 2Click View to display the Live Security Events Log dialog box. You can pause incoming messages, clear the message window, and save event messages. You can also search messages for specific text. What to Do Next See the “Live Security Events Log” section on page 32-25. Live Security Events Log To view live security events messages that are received from the CSC SSM, perform the following steps: Step 1To filter security event messages from the Filter By drop-down list, choose one of the following: Filter by Text, type the text, then click Filter. Show All, to display all messages or remove the filter. Step 2To use the Latest CSC Security Events pane, in which all columns are display-only, choose one of the following options: The time an event occurred. The IP address or hostname from which the threat came. The type of threat, or the security policy that determines event handling, or in the case of a URL filtering event, the filter that triggered the event.
32-26 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Monitoring the CSC SSM The subject of e-mails that include a threat, or the names of FTP files that include a threat, or blocked or filtered URLs. The recipient of e-mails that include a threat, or the IP address or hostname of a threatened node, or the IP address of a threatened client. The type of event (such as Web, Mail, or FTP), or the name of a user or group for HTTP or FTP events, which include a threat. The action taken upon the content of a message, such as cleaning attachments or deleting attachments. The action taken on a message, such as delivering it unchanged, delivering it after deleting the attachments, or delivering it after cleaning the attachments. Step 3To search security event messages based on the text that you enter, choose one of the following: In the Text field, enter the text to search for in the security event messages log, then click Find Messages. To find the next entry that matches the text you typed in this field, click Find. Step 4To pause scrolling of the Latest CSC Security Events pane, click Pause. To resume scrolling of the Latest CSC Security Events pane, click Resume. Step 5To save the log to a file on your PC, click Save. Step 6To clear the list of messages shown, click Clear Display. Step 7To close the pane and return to the previous one, click Close. What to Do Next See the “Software Updates” section on page 32-26. Software Updates To view information about CSC SSM software updates, choose Monitoring > Trend Micro Content Security > Software Updates. The Software Updates pane displays the following information, which is refreshed automatically about every 12 seconds: The names of parts of the CSC SSM software that can be updated. The current version of the corresponding component. The date and time that the corresponding component was last updated. If the component has not been updated since the CSC SSM software was installed, None appears in this column. The date and time that ASDM last received information about CSC SSM software updates.
32-27 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Troubleshooting the CSC Module What to Do Next See the “CSC CPU” section on page 32-27. Resource Graphs The ASA lets you monitor CSC SSM status, including CPU resources and memory usage. This section includes the following topics: CSC CPU, page 32-27 CSC Memory, page 32-27 CSC CPU To view CPU usage by the CSC SSM in a graph, perform the following steps: Step 1Choose Monitoring > Trend Micro Content Security > Resource Graphs > CSC CPU. The CSC CPU pane displays the components whose statistics you can view in a graph, including statistics for CPU usage on the CSC SSM. Step 2To continue, go to Step 2 of the “Threats” section on page 32-24. What to Do Next See the “CSC Memory” section on page 32-27. CSC Memory To view information about memory usage on the CSC SSM in a graph, perform the following steps: Step 1Choose Monitoring > Trend Micro Content Security > Resource Graphs > CSC Memory. The Available Graphs area lists the components whose statistics you can view in a graph, including the following: The amount of memory not in use. The amount of memory in use. Step 2To continue, go to Step 2 of the “Threats” section on page 32-24. Troubleshooting the CSC Module This section includes procedures that help you recover or troubleshoot the module and includes the following topics: Installing an Image on the Module, page 32-28
32-28 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Troubleshooting the CSC Module Resetting the Password, page 32-29 Reloading or Resetting the Module, page 32-30 Shutting Down the Module, page 32-30 NoteThis section covers all ASA module types; follow the steps appropriate for your module. Installing an Image on the Module If the module suffers a failure, and the module application image cannot run, you can reinstall a new image on the module from a TFTP server. NoteDo not use the upgrade command within the module software to install the image. Prerequisites Be sure the TFTP server that you specify can transfer files up to 60 MB in size. NoteThis process can take approximately 15 minutes to complete, depending on your network and the size of the image. Detailed Steps Command Purpose Step 1hw-module module 1 recover configure Example: ciscoasa# hw-module module 1 recover configure Image URL [tftp://127.0.0.1/myimage]: tftp://10.1.1.1/ids-newimg Port IP Address [127.0.0.2]: 10.1.2.10 Port Mask [255.255.255.254]: 255.255.255.0 Gateway IP Address [1.1.2.10]: 10.1.2.254 VLAN ID [0]: 100 Specifies the location of the new image. This command prompts you for the URL for the TFTP server, the management interface IP address and netmask, gateway address, and VLAN ID (ASA 5505 only). These network parameters are configured in ROMMON; the network parameters you configured in the module application configuration are not available to ROMMON, so you must set them separately here. You can view the recovery configuration using the show module 1 recover command. In multiple context mode, enter this command in the system execution space.
32-29 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Troubleshooting the CSC Module Resetting the Password You can reset the module password to the default. The default password is cisco. After resetting the password, you should change it to a unique value using the module application. Resetting the module password causes the module to reboot. Services are not available while the module is rebooting. If you cannot connect to ASDM with the new password, restart ASDM and try to log in again. If you defined a new password and still have an existing password in ASDM that is different from the new password, clear the password cache by choosing File > Clear ASDM Password Cache, then restart ASDM and try to log in again. To reset the module password to the default of cisco, perform the following steps. Detailed Steps Step 1From the ASDM menu bar, choose Tools > CSC Password Reset. The Password Reset confirmation dialog box appears. Step 2Click OK to reset the password to the default. A dialog box displays the success or failure of the password reset. Step 3Click Close to close the dialog box. Step 2hw-module module 1 recover boot Example: ciscoasa# hw-module module 1 recover boot Transfers the image from the TFTP server to the module and restarts the module. Step 3show module 1 details Example: ciscoasa# show module 1 details Checks the progress of the image transfer and module restart process. The Status field in the output indicates the operational status of the module. A module operating normally shows a status of “Up.” While the ASA transfers an application image to the module, the Status field in the output reads “Recover.” When the ASA completes the image transfer and restarts the module, the newly transferred image is running. Command Purpose
32-30 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Troubleshooting the CSC Module Reloading or Resetting the Module To reload or reset the module, enter one of the following commands at the ASA CLI. Detailed Steps Shutting Down the Module If you restart the ASA, the module is not automatically restarted. To shut down the module, perform the following steps at the ASA CLI. Detailed Steps Command Purpose hw-module module 1 reload Example: ciscoasa# hw-module module 1 reload Reloads the module software. hw-module module 1 reset Example: ciscoasa# hw-module module 1 reset Performs a reset, then reloads the module. Command Purpose hw-module module 1 shutdown Example: ciscoasa# hw-module module 1 shutdown Shuts down the module.