- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Cisco FWSM in new ESU - 20110623-133824
Hi, guess!
Did anybody notice that:
---
RSA enVision Event Source Update
Package ID 20110623-133824
NEW EVENT SOURCES
The following Event Sources have been added for this release:
Cisco Firewall Service Module (FWSM)
Fortinet FortiClient Endpoint Security
F-Secure Anti-Virus
---
But if you download this ESU from SCOL and start to install you will see that the third new event source it - RSA Virtual Log Router!
Is that normal?! Does RSA Envision really support Cisco FWSM?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
We do really support Cisco FWSM : ) There is a Cisco Firewall Service Module configuration guide in the enVision Event Source Help. Cisco FWSM leverages the Cisco IOS XML so in the install would look like an update.
RSA Virtual Log Router is a Professional Services installed component for RSA enVison and not called out in the release note but is visible in the install screens.
Nathan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Nathan,
RSA Virtual Log Router - why it is not called out in release note? Should I install this? What is this? Why Cisco FWSM called out in released note but hiden in installation? What if I don't want to update Cisco IOS XML, how I could uncheck this? )
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
To the community visitors:
I've writen to NIC support team, and received next answer one of the technical support engineers:
"I think that you’re right about the issue, I will try to check that with engineering."
So waiting the answer...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Correction from my previous post. Cisco FWSM is supported under the Cisco ASA device XML. If you look at the configuration document in SecureCare Online it identifies the specific support details for FWSM. When a new device leverages an existing XML it is an update in the installer but in the release note we call it out as a new device.
Nathan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
So, you don't have to update the Cisco ASA device XML if you don't want too, it is just that you then would not be able to parse the FWSM messages.
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
There is an obvious bug in this ESU and RSA don't going to fix it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
There is no bug in the ESU. Cisco FWSM is a modularized version of Cisco PIX/ASA firewall. enVision supports Cisco FWSM events through the Cisco PIX and ASA device types which already exist. Therefore in the ESU selection screen you will see Cisco PIX & Cisco ASA as updates but not Cisco FWSM as a new device. As noted above if you do not wish to update support for Cisco FWSM then you can deselect Cisco PIX & Cisco ASA. Although, taking the update will not affect any existing functionality that you might be using.
The documentation and/or notes could have been a bit more clear on this point.