Rockwell Automation Publication 1783-UM010C-EN-P - June 2019 79
Centralized Management Chapter 5
Management
Recommendations
The following aspects of managing the IFW must be considered before
deployment.
• Local management that uses Adaptive Security Device Manager
(ASDM) is recommended for small deployments only (no more than
five IFW devices).
• Centralized management is recommended for most deployments due to
ease of manageability, policy consistency, quick troubleshooting,
scalability, and robust logging.
• Cisco and Rockwell Automation recommend positioning the
centralized management server in Level 3 Site Operations within the
Industrial Zone.
• When the FirePOWER module of the IFW is being managed by the
FireSIGHT Management Center, local (ASDM) configuration of the
FirePOWER module is not supported.
• FireSIGHT Management Center and Cisco Security Manager generally
support communication with the IFW via its dedicated management
interface only.
Integration of New Firewalls
The following tasks are required to migrate a locally managed firewall to a
centralized management system.
• In ASDM, configure the FireSIGHT Management Center as a remote
manager.
• Change the management IP addresses for both the firewall and
FirePOWER module to unique IP addresses within the management
network.
• Connect the dedicated management interface to the management
network.
• Add required licenses within FireSIGHT Management Center.
• Add the IFW in the centralized management application (FirePOWER
and/or Cisco Security Manager).
IMPORTANT Locally configured FirePOWER policies are lost when you migrate from local
management to FireSIGHT Management Center. Confirm that the current
policies are exported and backed up, if needed, before the device
is migrated.
To Next Page
Loading...