Manualshelf

Release Notes

ManualsBrandsCisco Manualssecurity management softwareCisco Security Manager 4.0
12345678910
5
Release Notes for Cisco Security Manager 4.0
OL-21744-02
Installation Notes
Packet tracer allows you to troubleshoot active policies running on ASA and PIX firewall devices
running 7.2.1 and higher that are not operating in transparent mode.
ASA 8.3 devices use the original, or real, IP address when evaluating traffic in firewall rules (such
as access rules) rather than NAT-translated addresses. Ensure that you use the original address when
configuring firewall rules for ASA 8.3 devices.
You can now automatically block blacklisted traffic based on the threat level using the Botnet Traffic
Filter on ASA 8.2(2)+ devices. You can also treat greylisted traffic as blacklisted traffic for action
purposes.
You can now inspect IP options in inspection rules on ASA 8.2(2)+ devices. IP options inspection
allows you to pass IP packets that have end of options list, no operation, or router alert options
configured in the IP packet header.
You can now configure or use the following features for Group Encrypted Transport (GET) VPNs:
fail-close mode to protect VPN traffic prior to successful group member registration; passive mode
configured on group members; RSA key generation and synchronization among the key servers.
You can now explicitly configure DMVPN phase 2 connections between spokes, so that spoke to
spoke connections go through regional hubs, and routing protocol updates from hubs to spokes are
not summarized.
Support for Cisco Secure Access Control Server (ACS) 4.2.
The Security Manager online help and user guide have been reorganized into parts with smaller
chapters, and reference information has been moved along side of conceptual and procedural
information. Large sections of the document have been rewritten and simplified, with more
examples added.
Security Manager now discovers and deploys object groups for devices running Cisco IOS Software
release 12.4(20)T and higher. In previous releases, object groups were supported only for ASA, PIX,
and FWSM.
Installation Notes
All customers need to procure a new license (or licenses) for Security Manager 4.0 irrespective of
whether they have a valid license for any of the (older) Security Manager 3.x releases. With the exception
of incremental licenses, existing Security Manager 3.x licenses are not valid for Security Manager 4.0.
Do not modify casuser (the default service account) or directory permissions that are established during
the installation of the product. Doing so can lead to problems with your being able to do the following:
Logging in to the web server
Logging in to the client
Performing successful backups of all databases
Internet Explorer 8 is supported, but only in Compatibility View. To use Compatibility View, open
Internet Explorer 8, go to Tools > Compatibility View Settings, and add the Security Manager server as
a “website to be displayed in Compatibility View.
You can install Security Manager server software directly, or you can upgrade the software on a server
where Security Manager is installed. The Installation Guide for Cisco Security Manager for this release
of the product explains which previous Security Manager releases are supported for upgrade and
provides important information regarding server requirements, server configuration, and
post-installation tasks.