The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
There are two main client applications that you use with Security Manager applications:
The following topics describe how to configure your web browser to run the clients and how to install the Security Manager client:
You must ensure that your web browser is configured to allow certain types of content and not to block popup windows from the server running the applications. The web browser is used for displaying online help as well as functional application windows. The following sections explain the browser settings you must configure so that you can use your browser effectively as an application client:
If you use an HTTP/HTTPS proxy, you need to configure a proxy exception for the Security Manager server.
This requirement applies to Internet Explorer and Firefox, for which additional configuration details are provided in the sections that follow.
When more than one browser is installed, the default browser's cookies should be enabled. More specifically, Internet Explorer Privacy Settings should be set at the Medium level or lower (IE > Tools > Internet Options > Privacy Settings <= Medium).
Blocking cookies can cause Security Manager user login to fail even after a clean installation of Security Manager. If user login fails after a clean installation of Security Manager, you may see the following error message: “CMF session id cannot be assigned.”
There are several settings that you need to configure in Internet Explorer for Security Manager and its applications to function correctly. Internet Explorer is used to display online help, activity reports, CS-MARS lookup information, and so forth. This procedure explains the settings you need to configure in Internet Explorer.
Step 1 If you are using Internet Explorer 8.x, 9.x, 10.x, or 11.x, use Compatibility View; Internet Explorer 8.x, 9.x, 10.x, and 11.x are supported only in Compatibility View. To use Compatibility View, open Internet Explorer, navigate to Tools > Compatibility View Settings, and add the Security Manager server as a website to be displayed in Compatibility View.
Step 2 Turn off Pop-up Blocker for Security Manager by performing the following steps:
b. Go to Tools > Pop-up Blocker > Pop-up Blocker Settings
c. In the Address of website to allow field, enter the IP address of your Security Manager server and then click Add. Refer to http://windows.microsoft.com/en-US/windows-vista/Internet-Explorer-Pop-up-Blocker-frequently-asked-questions.
Step 3 In Internet Explorer, select Tools > Internet Options. All subsequent steps in this procedure are performed in the Internet Options dialog box.
Step 4 Allow active content by performing the following steps:
a. Click the Advanced tab, scroll to the Security section, and select Allow active content to run in files on My Computer.
b. Click Apply to save your changes.
Step 5 Confirm that the browser security settings enable you to save encrypted pages to disk. If you cannot save encrypted pages, you cannot download the client software installer.
On the Advanced tab, in the Security area, deselect Do not save encrypted pages to disk. If you needed to change the setting, click Apply to save your changes.
Step 6 Confirm that the size of the disk cache for temporary files is greater than the size of the client software installer that you expect to download. If the cache allocation is too small, you cannot download the installer. Change the cache size by performing the following steps:
b. Click Settings in the Temporary Internet Files group.
c. If necessary, increase the amount of disk space to use for temporary Internet files, and click OK.
d. Click Apply to save your changes.
Step 7 (Optional) Some interactions between CS-MARS and Security Manager require the opening of pages that have both secure and nonsecure content. By default, Internet Explorer asks you whether you want to display the nonsecure items. You can click Yes to this prompt and the software will function normally.
If desired, you can change the Internet Explorer settings so that you are not prompted and any page that has mixed content, that is, both secure and nonsecure content, are displayed automatically. Configure Internet Explorer to display mixed content pages by performing the following steps:
b. Click Custom Level near the bottom of the dialog box.
c. Under the Miscellaneous heading, select the Enable radio button for the “Display mixed content” setting. (Ensure that you do not select Disable.)
d. Click Apply to save your changes.
Step 8 Click OK to close the Internet Options dialog box.
There are several settings that you need to configure in Firefox for Security Manager and its applications to function correctly. Firefox is used to display some features, such as online help, activity reports, CS-MARS lookup information, and so forth. This procedure explains the options you need to configure in Firefox.
To edit the preferences file, do the following:
Step 1 From the \Mozilla Firefox\defaults\pref subdirectory, open firefox.js in a text editor, such as Notepad.
Step 2 Add the following:
pref("dom.allow_scripts_to_close_windows", true);
Step 3 Save, and then close, the edited file.
Confirm that the size of the disk cache for temporary files is greater than the size of the client software installer that you expect to download. If the cache allocation is too small, you cannot download the installer.
To change the cache size, do the following:
Step 1 Select Tools > Options, then click Advanced.
Step 2 Reserve more space for the cache if the setting is too small, then click OK.
To disable popup blockers, do the following:
Step 1 Select Tools > Options, then click the Content icon.
Step 2 Deselect the Block pop-up windows check box.
Alternatively, to create an allow list of trustworthy sources from which to accept popups, select the Block pop-up windows check box, then click Exceptions and in the Allowed Sites - Popups dialog box do the following:
a. Enter http:// < SERVER_NAME > (where SERVER_NAME is the IP address or DNS-routable name of your Security Manager server) in the Address of web site field, then click Allow.
b. Enter file:/// C: /Documents%20and%20Settings/ <USER_NAME> /Local%20Settings/
Temp/ (where C: is the client system disk drive on which you installed Windows and USER_NAME is your Windows username on the client system), then click Allow.
To enable JavaScript, do the following:
Step 1 Select Tools > Options, then click the Contents icon.
Step 2 Select the Enable JavaScript check box.
Step 3 Click Advanced, and in the Advanced JavaScript Settings dialog box, select every check box in the Allow scripts to area.
When you access online help the first time, two new browser windows might be opened: a blank page and a page with help contents. Also, existing browser windows might not be reused during subsequent attempts to access online help.
To configure Firefox to display online help on a new tab in the most recently opened browser window and to reuse existing windows on later occasions, follow these steps:
Step 1 In the address bar, enter about:config and press Enter. The list of user preferences is displayed.
Step 2 Double-click browser.link.open_external and enter 3 in the resulting dialog box. This value denotes that links from an external application are opened in a new tab in the browser window that was last opened.
Step 3 Double-click browser.link.open_newwindow and set it to 1. This value denotes that links are opened in the active tab or window.
Step 4 Double-click browser.link.open_newwindow.restriction and set it to 0. This value causes all new windows to be opened as tabs.
Step 5 Close the about:config page.
Note A blank page might be displayed when you open context-sensitive help, even after the browser status bar displays the status as Done. If this problem occurs, wait for a few minutes to allow the content to be downloaded and displayed.
Some third-party popup blockers enable you to allow popups from a specific site or server without allowing popups universally. If your popup blocker does not allow you to configure exceptions to include in an allow list, or if that option fails to meet your requirements, you must set your utility to allow all popups. The method for allowing popups from a trusted site varies according to the utility that you use. Please refer to the third-party product’s documentation for more information.
You use the Security Manager client to configure your devices. When you save changes in the client, they are saved to your workstation. You then must submit the changes to the database, which updates the database that resides on the server.
While using the client, there is constant back-and-forth communication between the client and the server. With that in mind, consider the following tips on installing the client to help improve client performance:
On the other hand, you can start the client more than once to connect to different Security Manager servers that are running the same version.
The Security Manager client is a separate program that you install on your workstation. You use the client to log in to the Security Manager server and to configure security policies on your devices. The Security Manager client is the main application that you use with the product.
You might have already installed the client on the Security Manager server when you installed the server software. However, using the client on the same system as the server is not recommended for normal day-to-day usage of the product. Instead, you should install the client on a separate workstation using the following procedure. For information on workstation system requirements and supported browser versions, see Client Requirements, page 3-11 .
If you run into problems during installation, see the following topics:
Tip To disable Cisco Security Agent on your workstation, use one of the following two methods: (1) right-click the Cisco Security Agent icon in the system tray and select Security Level > Off or (2) open Services (Control Panel > Administrative Tools > Services), right-click Cisco Security Agent, and click Stop. For both of these two methods, you then need to take the following step for some versions of Windows: open Services right-click Cisco Security Agent Monitor, and click Stop. After you finish installing the client, re-start Cisco Security Agent.
Step 1 Log in to the client workstation using a user account that has Windows administrator privileges.
Step 2 In your web browser, open one of these URLs, where SecManServer is the name of the computer where Security Manager is installed. Click Yes on any Security Alert windows.
The Cisco Security Management Suite login screen is displayed. Verify on the page that JavaScript and cookies are enabled and that you are running a supported version of the web browser.
Step 3 Log in to the Cisco Security Management Suite server with your username and password. When you initially install the server, you can log in using the username admin and the password defined during product installation.
Step 4 On the Cisco Security Management Suite home page, click Cisco Security Manager Client Installer.
You are prompted to either open or run the file or to save it to disk. You can choose either option. If you choose to save it to disk, run the program after downloading it (double-click the file or select the Run option if your browser prompts you).
Tip If you get any security warnings about the application, such as “a problem was detected” or “the publisher cannot be verified” or that an unidentified application wants access to your computer, ensure that you allow the access. You might need to click more than one button, and the button names vary based on the application prompting you (such as Allow, Yes, Apply, and so forth).
Note A special consideration applies if you are using Internet Explorer 10.x. When you click Cisco Security Manager Client Installer, you receive a prompt for user action (save or run), just as you do for all versions of Internet Explorer supported by Cisco Security Manager 4.14. If you choose the option to run, a dialog box appears and states that this option is not recommended; you then receive another prompt for user action. When you receive that prompt and click the Actions button, the SmartScreen Filter dialog box for Internet Explorer appears. Important--You need to choose the option Run Anyway to start the client installation process.
Step 5 The installation wizard displays a “Welcome” screen.
The Security Manager client is installed as a single application with six views—Configuration Manager, Event Viewer, Report Manager, Health and Performance Manager, Image Manager, and Dashboard. Each can be launched independently in one of the following three ways (further information is available in Logging In to Security Manager Using the Security Manager Client):
Note A desktop icon is also created for Cisco Security Manager. This icon opens the Cisco Security Management Suite home page.
Step 6 Follow the installation wizard instructions. During installation, you are asked for the following information:
Step 7 Continue to follow the installation wizard instructions.
Step 8 After you click Done to complete the installation, if you disabled an antivirus application temporarily, re-enable it.
If the Cisco Security Agent on your workstation was stopped by the client installer, it is restarted at the end of the installation. However, if you manually disabled the Cisco Security Agent on your system, you must enable it after client installation is complete.
There are many different ways to configure security settings on your workstation, and many different products that you may have installed, that might prevent you from installing the Security Manager client. If you run into problems during installation, first ensure that your Windows user account has the administrative privileges required for installing software, then consider the following note:
Note If Microsoft Windows User Account Control (UAC) is turned on, you must install and run the client with “Run as administrator.”
The Security Manager server uses these default ports: HTTPS is 443; HTTP is 1741. If your organization installed the Security Manager server to use a different port, you need to configure the client to use the non-standard port. Otherwise, the client cannot connect to the server.
To configure different ports for your client, edit the C:\Program Files (x86)\Cisco Systems\Cisco Security Manager Client\jars\client.info file using a text editor such as NotePad. Add the following settings and specify the custom port number in place of <port number> :
When you attempt to install the Security Manager client when you already have an older client installed, or when you used to have a client installed on the workstation, the client installer first uninstalls the previous version before installing the new one. If you receive the error message “Could not find main class. Program will exit,” the installer cannot install the client.
This problem occurs because of the presence of old registry entries in your system. To correct this problem, do the following:
Step 1 Start the Registry Editor by selecting Start > Run and entering regedit.
Step 2 Remove the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\f427e21299b0dd254754c0d2778feec4-837992615
Step 3 Delete the previous installation directory, usually C:\Program Files (x86)\Cisco Systems\Cisco Security Manager Client.
Step 4 Rename the following folder:
C:\Program Files (x86)\Common Files\InstallShield\Universal\common\Gen1
Step 5 Select Start > Control Panel > Add or Remove Programs. If the Cisco Security Manager Client is still listed, click Remove. If you receive the message, “Program already removed; do you want to remove it from the list?”, click Yes.
If you still cannot re-install the Security Manager client, rename the C:\Program Files (x86)\Common Files\InstallShield directory, then try again. Also see Client Problems During Installation.
After you apply a service pack or a point patch to your Security Manager server, the Security Manager client prompts you to apply an update when you log in to the server. The version number of the client software must be the same as the version number of the server software.
When you are prompted to download and apply a required software update, your web browser is used to download the update. You are prompted to either open or run the file, or to save it to disk. You can choose either option. If you choose to save it to disk, run the program after downloading it (double-click the file or select the Run option if your browser prompts you).
Installation of the patch is similar to installation of the client, and you must permit (or click Yes) any security alerts from Cisco Security Agent or other security software you have installed to allow the installer to run.
When prompted for installation location, ensure that you select the folder in which you installed the client, and select Yes to All if you are asked if you want to overwrite files.
Tip If you get an error message that says that the URL cannot be retrieved or that the connection timed out, you need to uninstall the Security Manager client, then install a fresh copy (which will already have the patch applied). For more information, see Uninstalling Security Manager Client and Installing the Security Manager Client.
After you have installed the server applications, configured your web browser, and installed the Security Manager client, you can log in to the applications:
The Security Manager client is installed as an application suite with six applications—Configuration Manager, Event Viewer, Report Manager, Health and Performance Monitor, Image Manager, and Dashboard. Each can be launched independently in one of the three ways described in the procedure below.
Use the Configuration Manager application (which is part of the Security Manager client application suite) to perform most Security Manager tasks.
Tip You must log in to the client workstation using a Windows user account that has Administrator privileges to fully use the Security Manager client. If you try to operate the client with lesser privileges, you might find that some features do not work correctly.
Step 1 Launch your choice of Configuration Manager, Event Viewer, Report Manager, Health and Performance Monitor, Image Manager, or Dashboard. Each can be launched independently in one of the following three ways:
Step 2 In the Security Manager login dialog window, enter or select the DNS name of the server you want to log in to.
Note If you enter or select the IP address—instead of the DNS name—some features may not function as intended in an Internet Explorer 7 environment. To ensure the correct function of all Security Manager features, enter the DNS name of the server to which you want to log in.
Step 3 Enter your Security Manager username and password.
Step 4 If the server uses HTTPS for connections, ensure that the HTTPS check box is selected; otherwise, deselect it. Click Login.
Step 5 If the server prompts you to download and install a client software update, see Patching a Client, page 6-10 .
Step 6 If you log in to a Security Manager server that is running a higher version than your client, a notification will be displayed and you will have the option of downloading the matching client version.
Step 7 If there are no sessions running with the username and password that you just entered, the client application (Configuration Manager, Event Viewer, Report Manager, Health and Performance Monitor, Image Manager, or Dashboard) logs in to the server and opens the client interface.
Step 8 If there is already a session running with the username and password that you just entered, an informational message appears to inform you that there is an easier way to launch the new application with the same session from the existing application. That way is the following:
[after starting one of the applications] Launch > [choose a different one of the applications in the Security Manager client application suite].
Step 9 The new application is launched from the existing session, or, if it is already running, it is brought to focus.
Tip The client closes if it is idle for 120 minutes. To change the idle timeout, select Tools > Security Manager Administration, select Customize Desktop from the table of contents, and enter the desired timeout period. You can also disable the feature so that the client does not close automatically.
Step 10 To exit Security Manager, select File > Exit.
Only the Security Manager server uses a regular Windows application client for hosting the client application. All other applications, including the server administration features of Security Manager (through the Common Services application), CiscoWorks, and Auto Update Server are hosted in your web browser.
Logging in to these applications is identical. If you install more than one application on a single server, you log in to all installed applications at the same time. This is because the login is controlled by CiscoWorks, and all these applications are hosted under the CiscoWorks umbrella.
Step 1 In your web browser, open one of these URLs, where server is the name of the computer where you installed any of the server applications. Click Yes on any Security Alert windows.
The Cisco Security Management Suite login screen is displayed. Verify on the page that JavaScript and cookies are enabled and that you are running a supported version of the web browser. For information on configuring the browser to run the applications, see Configuring Web Browser Clients.
Step 2 Log in to the Cisco Security Management Suite server with your username and password. When you initially install the server, you can log in using the username admin and the password defined during product installation.
Step 3 On the Cisco Security Management Suite home page, you can access the features installed on the server. The home page can contain different items based on what you installed.
Step 4 To exit the application, click Logout in the upper right corner of the screen. If you have both the home page and the Security Manager client open at the same time, exiting the browser connection does not exit the Security Manager client.
If you want to uninstall the Security Manager client, select Start > All Programs > Cisco Security Manager Client > Uninstall Cisco Security Manager Client and follow the uninstallation wizard prompts.