All Cisco-Network Study Notes: Monitoring and Disconnecting Sessions

Monitoring and Disconnecting Sessions
cp10

Several CLI commands are attainable to adviser and abstract administrative

sessions.To adviser and abstract PDM sessions, use the appearance pdm sessions

command.This command displays all alive PDM sessions, including the session

IDs and the PDM clients’ IP addresses.To abstract a PDM session, use the

pdm abstract command, area the session_id refers to the identification

number listed in the appearance pdm sessions command.

You can additionally use the bright pdm command to abolish all PDM locations, disable

PDM logging, and bright the PDM centralized buffer.Although the bright pdm,

pdm history, pdm location, and pdm logging commands arise in your configuration

and are attainable through the CLI, they are advised as centralized PDM-to-PIX

firewall commands attainable through PDM.

www

Summary

As you accept apparent in this chapter, PDM is a awful able graphical interface for

managing the PIX firewall. In accession to accouterment about all CLI functionality,

PDM includes several appearance to added abridge the advancing aliment and

operations firewall administrators and aegis action makers perform. Because

PDM is Java based and runs as a alive applet over an SSL-encrypted browser

session, administrators can use it deeply from any accustomed client.This remote

management adequacy can be awful admired in large, broadcast environments.

Of the all-inclusive PDM functionality, conceivably best able are the PDM wizards,

which accommodate the Startup Astrologer and the VPN Wizard. Application these tools, administrators

are guided application alternate prompts through the often-complex process

of architecture PIX configurations and VPN adit services.

In accession to the astrologer functionality, PDM facilitates abounding agreement of

PIX firewall access,AAA, filter, NAT rules, logging, user accounts, and IDS configurations.

This functionality includes the adeptness to administer complex, grouped

services and arrangement objects, which is new functionality in the PIX firewall

software.

The PDM GUI is automatic and able-bodied organized and helps anticipate accidental

syntax and agreement errors that could account the firewall to fail. Moreover,

PDM can be acclimated as a CLI acquirements apparatus for administrators who are not completely

proficient with the PIX firewall command band by previewing all

commands beatific to the PIX.

PDM additionally includes able real-time blueprint and advertisement functionality.This

tool helps firewall administrators accept the actual and accepted performance

and functionality of the PIX. Furthermore, the IDS graphical reporting

available through PDM can accommodate important acumen into the abeyant security

risks airish to organizations.

Whether you are managing a distinct PIX firewall, bristles bombastic PIX pairs,

or 50 accumulated firewalls, PDM is a accessible and able apparatus for firewall

administrators.

www.syngress.com

PIX Device Manager • Affiliate 9 549

Solutions Fast Track

Features, Limitations, and Requirements

PDM 2.1 is accurate on all PIX 501, PIX 506/506E, PIX 515/515E,

PIX 520, PIX 525, and PIX 535 platforms alive PIX firewall software

version 6.2 or college as able-bodied as the FWSM 1.1.

Some CLI commands abate PDM functionality to monitor-only mode.

PDM is a alive Java applet downloaded to the applicant apparatus through

a adjustable browser.Therefore, PDM is attainable from any compliant

and accustomed applicant workstation for firewall management.

Installing, Configuring, and Launching PDM

You charge admission and install a Abstracts Encryption Standard (DES) or

3DES activation key on the PIX afore PDM will function.

PDM can be installed on the PIX firewall in a action agnate to that of

a PIX software angel upgrade.

You can accredit specific IP addresses or networks for admission via PDM

using the http command.

Configuring the PIX Firewall Application PDM

Administrators can use the VPN Astrologer to body IPsec, L2TP, and PPTP

tunnels.

Object groups for casework or arrangement entities can be created and

managed application PDM on the PIX firewall.

Use the Reset PIX to the Factory Default Agreement advantage from

the File drop-down card on the PIX 501 and 506 platforms to return

the PIX firewall to its aboriginal configuration.

Rule sets can calmly be rearranged from the Admission Rules tab application the

cut-and-paste functionality of the PDM Rules drop-down menu, the

toolbar buttons, or the right-click abrasion menu.

www.syngress.com

550 Affiliate 9 • PIX Device Manager

To set up a syslog logging host, use the Logging class attainable from

the PDM Arrangement Properties tab.

Monitoring the PIX Firewall Application PDM

Administrators can admittance monitor-only admission to accumulated admiral or

other VIP users so that they may appearance actual and current

performance abstracts on the PIX firewall.

Real-time IDS contest and achievement abstracts can be displayed application the

monitoring functionality of PDM.

Administrators can accomplish avant-garde troubleshooting techniques using

the assorted ecology graphs such as interface and arrangement graphs.

Authoritative admission (Telnet, SSH, and PDM sessions) can be monitored

using PDM.

SSH and PDM sessions can be concluded in absolute time through the

PDM ecology functionality.

VPN connections, including IPsec, L2TP, and PPTP tunnels, are

available for ecology via the VPN Affiliation Graphs class from

the PDM Ecology tab.

To appearance ecology statistics with PDM, you charge aboriginal accredit History

Metrics from the Arrangement Properties tab.

Up to four graphs from assorted categories can be aggregate calm for

a added absolute beheld representation of PIX firewall metrics.

Monitoring and Disconnecting Sessions

Use the appearance pdm sessions and appearance ssh sessions commands to appearance realtime

administrative admission to the firewall.

To appearance alive PDM sessions, use the appearance pdm sessions command.

To abolish alive PDM sessions, use the pdm abstract

command.

www.syngress.com

PIX Device Manager • Affiliate 9 551

Q: Can I adviser and administer alien PIX firewalls application PDM from a central

facility or added offsite locations?

A: Yes. Application the http command via the CLI or PDM, you can accredit an IP

range or a specific IP abode for admission to PDM.The PDM affiliation is

encrypted for security.

Q: Can I set up AAA for authoritative connectivity to the PIX firewall using

PDM?

A: Yes. PDM includes abounding AAA agreement functionality. Additionally, you can

use PDM to configure the PIX for AAA casework for PDM itself.

Q: Can I use PDM to abstract a user affiliated to the PIX firewall via

Telnet?

A: No. Currently, the abstract affection is alone attainable for PDM and SSH

sessions.

Q: Do I charge a appropriate authorization to accredit PDM on my PIX firewall?

A: Yes.You charge a DES or 3DES activation key from Cisco afore PDM will

function properly.A 56-bit DES key is attainable free.The 168-bit 3DES key is

available from Cisco at an added cost.

Q: Does PDM accommodate VPN aliment functionality?

A: Yes.VPN aliment functionality is attainable in PDM. Additionally, PDM

includes VPN functionality not present in the CLI, such as the VPN Wizard.

Q: Can I use PDM to administer assorted PIX firewalls at once?

A: Yes, but a abstracted instance of PDM charge be launched for anniversary firewall.