Cisco FWSM in new ESU - 20110623-133824
Did anybody notice that:
RSA enVision Event Source Update
Package ID 20110623-133824
NEW EVENT SOURCES
The following Event Sources have been added for this release:
Cisco Firewall Service Module (FWSM)
Fortinet FortiClient Endpoint Security
But if you download this ESU from SCOL and start to install you will see that the third new event source it - RSA Virtual Log Router!
Is that normal?! Does RSA Envision really support Cisco FWSM?
We do really support Cisco FWSM : ) There is a Cisco Firewall Service Module configuration guide in the enVision Event Source Help. Cisco FWSM leverages the Cisco IOS XML so in the install would look like an update.
RSA Virtual Log Router is a Professional Services installed component for RSA enVison and not called out in the release note but is visible in the install screens.
RSA Virtual Log Router - why it is not called out in release note? Should I install this? What is this? Why Cisco FWSM called out in released note but hiden in installation? What if I don't want to update Cisco IOS XML, how I could uncheck this? )
To the community visitors:
I've writen to NIC support team, and received next answer one of the technical support engineers:
"I think that you’re right about the issue, I will try to check that with engineering."
So waiting the answer...
Correction from my previous post. Cisco FWSM is supported under the Cisco ASA device XML. If you look at the configuration document in SecureCare Online it identifies the specific support details for FWSM. When a new device leverages an existing XML it is an update in the installer but in the release note we call it out as a new device.
There is no bug in the ESU. Cisco FWSM is a modularized version of Cisco PIX/ASA firewall. enVision supports Cisco FWSM events through the Cisco PIX and ASA device types which already exist. Therefore in the ESU selection screen you will see Cisco PIX & Cisco ASA as updates but not Cisco FWSM as a new device. As noted above if you do not wish to update support for Cisco FWSM then you can deselect Cisco PIX & Cisco ASA. Although, taking the update will not affect any existing functionality that you might be using.The documentation and/or notes could have been a bit more clear on this point.