Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Cisco FWSM

 

You can integrate Cisco Firewall Service Module (FWSM) with JSA.

The Cisco FWSM DSM for JSA accepts FWSM events by using syslog. JSA records all relevant Cisco FWSM events.

Configuring Cisco FWSM to Forward Syslog Events

To integrate Cisco FWSM with JSA, you must configure your Cisco FWSM appliances to forward syslog events to JSA.

To configure Cisco FWSM:

  1. Using a console connection, telnet, or SSH, log in to the Cisco FWSM.
  2. Enable logging:

    logging on

  3. Change the logging level:

    logging trap <level>

    Where <level> is set from levels 1-7. By default, the logging trap level is set to 3 (error).

  4. Designate JSA as a host to receive the messages:

    logging host [interface] ip_address [tcp[/port] | udp[/port]] [format emblem]

    For example:

    logging host dmz1 192.168.1.5

    Where 192.168.1.5 is the IP address of your JSA system.

    You are now ready to configure the log source in JSA.

Configuring a Log Source

JSA automatically discovers and creates a log source for syslog events from Cisco FWSM appliances.

The following configuration steps are optional. To manually configure a syslog log source for Cisco FWSM, take the following steps:

  1. Log in to JSA.
  2. Click the Admin tab.
  3. On the navigation menu, click Data Sources.

    The Data Sources pane is displayed.

  4. Click the Log Sources icon.

    The Log Sources window is displayed.

  5. Click Add.

    The Add a log source window is displayed.

  6. In the Log Source Name field, type a name for your log source.
  7. In the Log Source Description field, type a description for the log source.
  8. From the Log Source Type list, select Cisco Firewall Services Module (FWSM).
  9. Using the Protocol Configuration list, select Syslog.

    The syslog protocol configuration is displayed.

  10. Configure the following values:

    Table 1: Syslog Parameters

    Parameter

    Description

    Log Source Identifier

    Type the IP address or host name for the log source as an identifier for events from your Cisco FWSM appliance.

  11. Click Save.
  12. On the Admin tab, click Deploy Changes.

    The configuration is complete.