Firewall Wizards mailing list archives

Re: Cisco Security Manager clone?

From: Bruce Platt <Bruce () ei3 com>
Date: Fri, 2 May 2008 14:25:19 -0400

-----Original Message-----
From: David Blahut [mailto:dablahut () vassar edu]
Sent: Friday, May 02, 2008 8:55 AM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] Cisco Security Manager clone?

Mike,

Take a look at Expect: http://en.wikipedia.org/wiki/Expect

I know it can be used to access many devices and make the same config 
change over and over. That may help automate your needed 
changes to all 
your sites.


Hmmmh.  The best example of the use of expect in this arena is rancid
 (http://www.shrubbery.net/rancid/)

But, I think rancid is more oriented towards the tracking of changes which
have been made
and the backing up of existing configurations.

Now to include the changing of configs into rancid, that's an idea.  But it
would take
better skills than mine :-(

bruce

Good Luck,
-d

Mike Davis wrote:


This is my first posting so be gentle ;-)

I have an environment that is all Cisco based firewalls for my edge 
protection and site to site vpns. I have a little over 100 remote 
sites running on ASA 5505’s with an AES Tunnel to both the primary 
(HQ) and secondary (DR ) sites. It is working quite nicely and has 
been for years now but the problem I have is this… all my

remote site

firewalls are not centrally managed in the sense that I can

make one

change in a console and push it globally to all my remote

firewalls so

that when a change is required, I have to log into each and

every one

(I use SSH) and make the changes.

I know that Cisco Security Manager will allow me to do that

but at the

100K pricetag I was quoted from Cisco with the blink of an

eye… I just

cannot put that into my budget.

Does anyone know of or can recommend any freeware or low-cost-ware 
application that will allow me to monitor and make global config 
changes without having to SSH to each one? The ability to segregate 
into groups and manage based upon groups would certainly be

a plus as

well but not a requirement.

Thanks in advance!

*Mike Davis*

--------------------------------------------------------------
----------


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Cisco Security Manager clone?, (continued)
- Re: Cisco Security Manager clone? David Blahut (May 02)
- Re: Cisco Security Manager clone? Glenn Crissman (May 02)
- Re: Cisco Security Manager clone? Patrick Giagnocavo (May 02)
- Re: Cisco Security Manager clone? Paul Melson (May 02)
- Re: Cisco Security Manager clone? Sanford Reed (May 02)
- Re: Cisco Security Manager clone? Avishai Wool (May 02)
- Re: Cisco Security Manager clone? Gilles Demarty (May 07)
- Re: Cisco Security Manager clone? John Forrister (May 07)
- Re: Cisco Security Manager clone? Neil Glock (May 07)
- Re: Cisco Security Manager clone? Pietro Bertera (May 07)
- Re: Cisco Security Manager clone? Bruce Platt (May 07)