Updating Security Management Appliance

Similar Messages

• Security Management Appliance - Multiple SSL Cert support.

  Does anyone know if the SMA supports multiple SSL certs?  We would like to create a cert for our users that access the Spam Quarantine that uses a different FQDN from what we have now for admin access.
  I noticed in instuctions for importing certs into the SMA, that it does ask if you want to use that cert for everything, but I haven't found anything that elaborates on what options you have if you say NO.  I'm guessing from that question that it allows for a different cert for a different function, but I'd like confirmation and maybe direction on how to implement.
  Thanks in advance.

  You can install a different cert for different process:
  http://www.cisco.com/c/en/us/support/docs/security/content-security-management-appliance/118460-technote-sma-00.html
  Certificates can be used for four different services:
  Inbound TLS
  Outbound TLS
  HTTPS
  LDAPS
  When you say No, you'll just need to be prepared to enter in the separate certs as needed for each process.  And, SMA is still CLI only for cert management.
  -Robert

• IronPort WSA management through Security Management Appliance

  Hi,
  I have two identically configured (policies) IronPort WSA S670 appliances running 7.5.0-833 and both added in SMA M670 management appliance running 7.9.1-102. Appliance A has McAfee license expired. Newly installed appliance B has Mcafee running for 28 more days. "Sophos" is enabled on both and working good. Config Master 7.5 was built based on the config from appliance A.
  Now, when i want to push the Config Master to both the associated WSA, it fails on appliance B as "McAfee" is disabled in Config Master but enabled on it. The setting "Security Services Display" in M670 was changed to enable "McAfee" but now appliance A fails giving a mis-match error on publishing.
  How to workaround this ? Can McAfee license/feature key on appliance B be expired / disabled now without waiting 28 days to let it expire.
  Thanks,
  Rick.

  Hello Rick,
  You can disable Mcafee globally on the SMA by going to :
  GUI -> Web -> Utilities -> Security Services Display -> Edit Display Settings-> Under Configuration Master 7.5 ->
  Do your Web Appliances have McAfee Anti-Malware enabled? -> Uncheck the box and submit.
  Also, Disable Mcafee on the appliance that thas 28 days of the licenses left, This way Mcafee will be disabled on all your boxes.
  I hope this helps.
  Regards,
  -Puja

• Cisco Security Manager Appliance bundle

  I have a customer subscribed to the Security ELA, so all security related licenses and subscriptions are free.  It is possible to order this product as an appliance without the bundled licenses?

  Yes, if we do get a UCS, it will be sized to accommodate more than just CSM due to the other stuff we could load it with, although now that Cisco VMs run under Hyper-V....?  We are also getting FS (their VM is not big enough, shame) in hope that appliance/product will absorb CSM in a future release.
  Thanks,

• IronPort Security Management Appliance - Directory Search Results Size

  I'm creating an access policy for a web security appliance that is applied to an authorized group within an idenity.  My question is in regards to the number of returned results when using the Directory search function to find and add the group.  Only the first 500 matching entries are shown and attempting to search for the group fails if it isn't part of that first 500.  How do I increase the amount of results returned when searching for groups?

  Hello Alex,
  By default, Active Directory does not respond to LDAP based queries which return more than 1000 results. If you have more than 1000 groups configured in Active Directory, it is necessary to increase the maximum page size (MaxPageSize) using the Ntdsutil.exe tool.
  http://support.microsoft.com/default.aspx?scid=kb;en-us;315071&sd=tech
  MaxPageSize - This value controls the maximum number of objects that are returned in a single search result, independent of how large each returned object is. To perform a search where the result might exceed this number of objects, the client must specify the paged search control. This is to group the returned results in groups that are no larger than the MaxPageSize value. To summarize, MaxPageSize controls the number of objects that are returned in a single search result.
  Default value: 1,000
  You can also simply input the group name and then click "Add" to manually add it as a workaround.
  Hope it helps.

• Publish to a WSA from Management appliance Fails

  I am trying to publish a configuration from my new M170 to a S160 and i get this error:  "Failure: The Anti-malware settings must match to successfully publish."  I checked and the settings are good any ideas.

  Bob.
  In the MSA, which security settings are turned on (Is Sophos on? Is McAfee on? etc) has to match what is actually enabled on the WSA you're pushing to.
  Taken from 8-10 of the user guide:
  To verify enabled features for a Web Security appliance:
  Step 1 On the Security Management appliance, choose Web > Utilities > Web Appliance Status.
  Step 2 Click the name of a Web Security appliance to which you will publish a Configuration Master.
  Step 3 Scroll to the Security Services table.
  Step 4 Verify that the Feature Keys for all enabled features are active and not expired.
  Step 5 Compare the settings in the Services columns:
  The Web Appliance Service column and the Is Service Displayed on Management Appliance? column should be consistent.
  Enabled = Yes
  Disabled and Not Configured = No or Disabled.
  N/A means Not Applicable. For example, the option may not be configurable using a Configuration Master, but is listed so that you can see the Feature Key status.
  Configuration mismatches will appear in red text.
  Step 6 If the enabled/disabled settings for a feature do not match, do one of the following:
  •Change the relevant setting for the Configuration Master. See Enabling Features to Publish, page 8-10.
  •Enable or disable the feature on the Web Security Appliance. Some changes may impact multiple features. See the information about the relevant feature in the Cisco IronPort AsyncOS for Web Security User Guide.
  I have put in an enhancement request for this to be manageable by the MSA, because I think its pretty dumb that you can't push this config from the MSA.
  Hope that helps,
  Ken

• Security Manager for decryption is not set

  Hey,
  I am using the Livecycle virtual appliance in a test version to evaluate its features. When I decrypt an encrypted document with the java API I get an error message that says that the security manager is not set.
  Is the security Manager part of the appliance?
  How can I solve that problem?
  My Code:
          //Set connection properties required to invoke LiveCycle ES                               
          Properties connectionProps = new Properties();
          connectionProps.setProperty(ServiceClientFactoryProperties.DSC_DEFAULT_EJB_ENDPOINT, getConfig("lc.ejb-endpoint.url", "jnp://192.168.56.50:1099"));
          connectionProps.setProperty(ServiceClientFactoryProperties.DSC_TRANSPORT_PROTOCOL,Service ClientFactoryProperties.DSC_EJB_PROTOCOL);         
          connectionProps.setProperty(ServiceClientFactoryProperties.DSC_SERVER_TYPE, "JBoss");
          connectionProps.setProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL_USERNAME, getConfig("lc.ejb-endpoint.username", "jjacobs"));
          connectionProps.setProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL_PASSWORD, getConfig("lc.ejb-endpoint.password", "password"));
          //Create a ServiceClientFactory object
          ServiceClientFactory myFactory = ServiceClientFactory.createInstance(connectionProps);
          //Create an EncryptionServiceClient object
          EncryptionServiceClient encryptClient = new EncryptionServiceClient(myFactory);
          //Unlock the password-encrypted PDF document
          Document unlockedDoc = encryptClient.unlockPDFUsingPassword(pdf, pdfPassword);
          return unlockedDoc;
  Exceptions details:
  Caused by: com.adobe.internal.pdftoolkit.core.exceptions.PDFSecurityAuthorizationException: Security Manager for decryption is not set
      at com.adobe.internal.pdftoolkit.core.encryption.EncryptionImpl.getStreamEncryption(Encrypti onImpl.java:196)
      at com.adobe.internal.pdftoolkit.core.encryption.EncryptionImpl.getStreamDecryptionHandler(E ncryptionImpl.java:263)
      at com.adobe.internal.pdftoolkit.core.cos.CosEncryption.getStreamDecryptionStateHandler(CosE ncryption.java:675)
      at com.adobe.internal.pdftoolkit.core.cos.CosStream.getStreamForCopying(CosStream.java:377)
      at com.adobe.internal.pdftoolkit.core.cos.CosStream.copyStream(CosStream.java:310)
      at com.adobe.internal.pdftoolkit.core.cos.CosStream.getStream(CosStream.java:422)
      at com.adobe.internal.pdftoolkit.core.cos.CosObjectStream.getDataStream(CosObjectStream.java :130)
      at com.adobe.internal.pdftoolkit.core.cos.CosObjectStream.<init>(CosObjectStream.java:80)
      at com.adobe.internal.pdftoolkit.core.cos.CosToken.readObject(CosToken.java:576)
      at com.adobe.internal.pdftoolkit.core.cos.CosToken.readIndirectObject(CosToken.java:108)
      at com.adobe.internal.pdftoolkit.core.cos.XRefTable.getIndirectObject(XRefTable.java:607)
      at com.adobe.internal.pdftoolkit.core.cos.CosDocument.getIndirectObject(CosDocument.java:287 5)
      at com.adobe.internal.pdftoolkit.core.cos.XRefTable.getIndirectObject(XRefTable.java:599)
      at com.adobe.internal.pdftoolkit.core.cos.CosDocument.getIndirectObject(CosDocument.java:287 5)
      at com.adobe.internal.pdftoolkit.core.cos.CosDocument.resolveReference(CosDocument.java:1067 )
      at com.adobe.internal.pdftoolkit.core.cos.CosDictionary.get(CosDictionary.java:278)
      at com.adobe.internal.pdftoolkit.pdf.document.PDFCosDictionary.getDictionaryCosObjectValue(P DFCosDictionary.java:423)
      at com.adobe.internal.pdftoolkit.pdf.document.PDFCatalog.getInteractiveForm(PDFCatalog.java: 156)
      at com.adobe.internal.pdftoolkit.pdf.document.PDFDocument.getInteractiveForm(PDFDocument.jav a:521)
      at com.adobe.formServer.utils.CommonGibsonUtils.isForm(CommonGibsonUtils.java:153)
      at com.adobe.livecycle.formdataintegration.server.FormData.exportDataInternal(FormData.java: 338)
      at com.adobe.livecycle.formdataintegration.server.FormData.exportData2(FormData.java:217)
      ... 81 more

  I think you answered your own question - the PDF is password protected therefore LC can't open it to extract the data.
  You'll have to remove the security first.  You can do that in a process by using the Common.EncryptionService.Remove PDF Password Encryption operation.
  Note that you will need the document's password to remove the security.

• No security manager: RMI class loader disabled Error at RMI client programm

  Got following error on invoking remote method from RMI client,
  java.rmi.UnmarshalException: error unmarshalling return; nested exception is:
  java.lang.ClassNotFoundException: com.rmi.RmiImpl_Stub (no security manager: RMI class loader disabled)
  Please let me know solution.

  Hello JAAZ,
  I got the same error yesterday. I was a little frustrated, because the day before everything was fine...
  java.rmi.UnmarshalException: error unmarshalling return; nested exception is:
          java.lang.ClassNotFoundException: uk.co.it.ete.server.ETE_Server (no security manager: RMI class loader disabled)
          at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)The solution was, that I did some refactoring and some of the classes were now in different packages. I updated the system on the client-side and now everything works again.
  I think debugging RMI-applications is not as easy as "normal" applications ..
  maybe this helps..
  Regards
  tk

• Advanced Security manager- Error Initializing the Essbase API.

  Hi,
  I have installed  OLAPUnderground> Advanced Security manager for exporting all the User security.  when i try to click connect it throws a connection error "error Initializing the Essbase API, cannot connect." Has any one seen this error before? please let me know if i am missing anything.
  We are currently using  11.1.2.3.500.
  Thanks,
  Sankeerth

  Sounds like you have not created the windows environment variable:
  ESSBASEPATH
  D:\Oracle\Middleware\EPMSystem11R1\common\EssbaseRTC\11.1.2.0
  That is just an example path update to match your environment
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Cisco security Manager Backup error

  i  am getting  the below  error  after the backup in Cisco Security  Manager 3.2
  [Sun Dec 20 00:00:05 2009]  ERROR(313): D:/backup.LOCK file exists
  Most probably another backup process is running
  [Sun Dec 20 00:00:05 2009]  Backup failed: 2009/12/20 00:00:05
  i have deleted the backup.LOCK file and tried  it is giving the same error.
  any one help me in this.
  thanks in advance.

  Update:
  WHen performing the same action through the client interface, rather than from the server interface the backup has appeared to work.
  Is this a feature?
  Needless to say I was able to run a backup.
  Steve

• Cisco Security Manager (CSM) License Problem

  Hi All,
  We have CSM V3.2 with Professional license edition and support 50 devices. It's installed properly in the Cisco Security Manager client as appeared in the attachement but the problem is in the server administration- license management which doesn't include any records for license (see attachment).
  I tried to upload the .lic file by clicking the Update button in server administration but an error message appeared stated that the license file is corrupted although it's installed properly in CSM client!!!
  Could you please advise what's the problem and what should I do?
  Thanks in Advance!

  Sorry but Cisco seems to have removed that product bulletin from cisco.com.
  Your reseller can use Cisco Commerce Workspace (CCW) to order the correct part number for your CSM installation. There is a unique number for each licensing level and/or upgrade.
  For instance, for a 10-device standard license, the support would be part number CON-SAS-CSMST10K.
  For the 100-device Pro license, the support would be CON-SAS-CSMPR4K9.
  The reseller needs to adjust the support term (12-60 months) to suit when ordering.

• I received the following error when attempting to use HP ProtectTools Security Manager to manage my passwords; Firefox doesn't know how to open this address, b

  I use HP ProtectTools Security Manager to control my passwords. When i updated to Firefox 30. I received the following error message ; Firefox doesn't know how to open this address, because the protocol (dpql) isn't associated with any program. How can I solve this problem ?

  Hi le.hamzou,
  Previous suggestions were to update the Security Manager if there was one. There were also these add ons:
  [https://addons.mozilla.org/en-US/firefox/addon/fingerfox-se/ Fingerfox], but I am not sure if it will work on win8, it does on win7.
  Another work around I saw was [https://addons.mozilla.org/en-US/firefox/search/?q=ietab&appver=29.0&platform=all IE Tab].
  This reference may also help [http://kb.mozillazine.org/Register_protocol]
  Please post back with the results!

• Cisco Security Manager Advice

  Hi,
  I'm looking into Cisco Security Manager. From what I understand you can monitor and manage Cisco security appliances. I'm interested in the monitoring of our Cisco ASAs - specifically, monitoring VPN sessions and their  trending over months at a time and I would like to monitor other Cisco devices on the network for link problems/performance and such - I don't want to use Cisco Security Manager as a management point. Would Cisco Security Manager not be the right tool for this?
  We have SolarWinds and I've heard that you can assign UnDPs(Device Pollers) to devices you want to monitor, including ASAs and these pollers can give you trending for VPN sessions with graphing. I just want to make the most of our budget dollars.
  Any advice?
  Thanks, Pat.

  CSM 4.3 and above can be used to monitor VPN sessions on Cisco ASAs. You can definitely use CSM as a monitoring only solution for ASAs (without using it for management). You can also explicitly disable policy change privileges for all admins so they do not modify stuff by mistake. Note however that CSM is primarily focused on end-to-end management scenarios (including policy change, troubleshooting, reporting, etc). So you may not find all the bells and whistles in CSM for monitoring scenarios that you may find with some of the pure monitoring only solutions.

• Deleting multiple devices in Cisco Security Manager

  I imported 200 devices from configuration files in cisco security manager which I need to remove again due to updates in the predeployed configurations...
  Does anyone know how to remove devices without selecting every single one and clicking "delete" or restoring the database? :)
  Thanks!

  Maybe from the common services webpage you could select multiple devices at a time ?

• HP Client Security Manager Incompatible With Windows 10

  "Get Windows 10" download has informed me that I will need to uninstall HP Client Security Manager in order to get the Windows 10 download.The encryption and other safety features on my laptop are of primary importance to me and my firm.Is HP going to provide a new updated version of the software to be compatible with Windows 10?If so how and when will it be made available?

  Hi: This is a peer to peer forum. No one here can answer questions such as yours (any questions directed to HP). I would see if the latest Client Security Manager software will work with W10. Install this and see if it passes muster with the Windows 10 advisor. This version is still valid for W7, so you can try it now. http://h20566.www2.hp.com/hpsc/swd/public/detail?swItemId=ob_148454_1 This is an even newer version, but it is only good for W8.1. http://h20566.www2.hp.com/hpsc/swd/public/detail?swItemId=ob_149745_1 It is highly doubtful that HP will be releasing any drivers or software for W10 until after it is officially introduced to the public. That has been their usual method of releasing drivers and software when new operating systems come out.