Driver Support Document
| SYSOID Mapping | ||
| SYSOID | MODEL | OS VERSION |
| 1.3.6.1.4.1.9.1.674 | ciscoWsSvcFwm1sc | 3.1(1), 3.2(6), 4.0(6) |
| 1.3.6.1.4.1.9.1.522 | cat6500FirewallSm | 3.1(1), 3.2(6), 4.0(6) |
It is not recommended to run manual or automated deduplication tasks against the Cisco FWSM contexts because there is no way to prevent all contexts from being deduplicated/deactivated. Independent discovery tasks are recommended.
Device Context support extends to both IP and non-IP Device Contexts. With non-IP Device Contexts, some functionality, such as TFTP transfers, are not supported because the Device Context does not provide it. Using command scripts, you can configure the Device Context to support full IP functionality.
The context management feature adds independent device entries for contexts on the device automatically by using the inventory diagnostic. This feature can be disabled by adding the access variable "disable_context" and setting it to true. Disabling the feature will remove any previously created context devices permanently and will result in the inability to directly manage contexts with NA. Changes will take effect the next time the inventory diagnostic task is run.
By default, the tag "primary" or "secondary" is added to the hostname field to indicate the presence of a failover system, because this coul cause the hostnames to be set to the same value. This would interfere with the management of the device's virtual contexts. To disable this alteration, set the "keep_hostname" access variable to "true", which will cause the hostname to be left unaltered.
To retrieve (or deploy) a PIX device configuration using TFTP, you may need to specify the TFTP interface to use on the device. If the device self-selects the wrong interface for the TFTP settings, you can override the TFTP interface access setting in the device's password rules in the system. Note that you must either set up a device-specific password rule or define a password rule that applies specifically to PIX devices that are exhibiting this problem.
To change a device password rule:
- Edit the device and select "Use device-specific password information" or create or edit a device password rule applying to the appropriate device(s).
- Click "Show Device Access Settings"
- Choose "PIX TFTP interface" from one of the drop-down menus for "Name"
- Enter the desired interface (e.g. "outside") for the "Value" of this setting.
- Ensure all other authentication information is correct, and then save the device or password rule.
The PIX occasionally has difficulty merging new configuration commands with the existing configuration. Because of this, we recommend that you double-check PIX configurations after you deploy them from the system.
First, take a snapshot of the configuration. Then check whether your changes were actually deployed to the running configuration as expected. Sometimes the system reports the deployment as failed, but still applies changes to the running configuration.
The PIX does not support accounting sessions. Therefore, the system cannot provide real-time change detection through AAA.
Cisco Firewalls require the specification of the interface to be used for relaying of syslog messages. The custom access variable "SyslogInterface" should be set to the correct interface to ensure correct operation of Syslog tasks.
The SNMP community string updater can update, modify, or remove SNMP community strings. It cannot add, modify, or remove SNMP host entries that might be needed for desired SNMP functionality.
The Limited Access Password field in the Deploy Passwords task only changes the telnet console access password, using the passwd command on the device.