Security Manager

Open Security Manager Settings Page

  • On the toolbar, click Settings > Security Manager.

Most fields contain recommended default settings to ensure the best performance of the module. However, all fields can be modified to accommodate your business needs.

Click Save after making any changes to settings.

Analysis

  • Enable Highlight Security Rules Search to highlight the matching results for source, destination, and /or service in the Security Rules list after a search is performed.
  • Enable Optimize Size of Network Objects to return the object in the smallest number of objects that match what was provided in the request. If not enabled, the system will return the requested object exactly as provided in the request.
  • Rebuild Network Maps CRON Expression is used to set a CRON expression that will trigger a job that rebuilds outdated network maps. When using this functionality, device group maps will only be regenerated when the schedule occurs, otherwise device group maps will be regenerated when a device deletion or addition with a valid normalized revision that has an interface change. The needUpdate flag is ignored if a CRON expression is set until the schedule runs and then the map will rebuild if needUpdate is true. The needUpdate field can be found on the netgraph table.

Change

  • Purge Device Revisions CRON Expression triggers the execution of the retention job. The retention job purges device revisions, is used to maintain stability, and reduce backup file size. This CRON expression should run no more or less than once per day.
  • Number of Day to Keep Device Revisions is used to set the number of days to keep a revision before it's purged.
  • Minimum Device Revisions to Keep is used to determine which revisions are eligible to be deleted by the Purge Device Revisions CRON Expression.

    All revisions (including successful revisions, normalization errors, RAW data files, retrieval errors) will be deleted.

Normalization

  • Enable Enable Confidence Check to ensure usage history is not lost during normalization. A check is only performed when a previous successful normalization exists. A failure will occur when the previous and next revision data does not match. If a valid device configuration fails, disable the check until the condition is no longer an issue.

Clean Up

  • Enable Compute Removable Rules Backward Redundancy to also report rules that can be removed because a later rule would handle the traffic.

Compliance

  • Execute Assessment CRON Expression triggers the execution of assigned assessments for trending. This CRON expression should execute no more or less than once per day.
  • Update Zone Matrix CRON Expression triggers the execution of the zone access matrix update job.
  • Synchronize Auth Servers CRON Expression triggers the execution of the authentication server sync job. The auth server sync job synchronizes remote authorization servers with the local authorization data. This is only applicable to some auth types (Active Directory and LDAP). The default value for this CRON is empty, and the sync will not be performed until set.
  • Purge Change Window Violations CRON Expression triggers the execution of the change window violation job which purges the table.
  • Number of Days to Keep Change Window Violations is used to set how many days to keep change window violations before they're purged.

JVM Proxy Settings

  • Enable Proxy is used to set your own proxy settings not related to FMOS. Enabling will allow you to enter HTTP or HTTPS information that differs from FMOS proxy settings.

The java virtual machine (JVM) must be restarted before any changes take effect.

Map

  • Max Interfaces is used to identify how many interface network segments are allowed before beginning to consolidate into Undefined Segments. -1 means no limit.
  • Max Devices per Map is used to specify the maximum number of devices allowed per device group map.

Notifications

  • Default From is the address that shows in the From field in system-generated email notifications. If you will utilize email encryption, this email address must match the Email field in the digital signing certificate.
  • URL is an external URL used to build the links in the email notification for specific reports (for example, Change Report) and reset password function.

  • Enable On-screen Device Change Notifications to control the ability to display or not display on-screen device change notification messages. This setting is enabled by default.

Policy View

  • Raw File Size Limit (MB) is used to set the files size limit for viewing raw files within the module. If you select a raw file that is under the set size limit, you will be able to view the diff in the policy view. If the file is equal to or over the set limit, you’ll be prompted to download the file.

Identity Management

From the Select Identity Management Tool list, choose either Remedy or CyberArk.

  • For Remedy, you will need to provide:

    • The URL for the Remedy instance.

    • The Username and Password for the Remedy account.

  • For CyberArk, you will need to provide:

    • The URL for the CyberArk instance.

    • The CyberArk token. This token (cyberark://) allows us to differentiate between a CyberArk identifier and an actual credential value.

Credentials not prefixed with the CyberArk keyword (default is cyberark://) will be treated as the actual credential and Security Manager will not call CyberArk to get the value.

  • Uploaded CyberArk client certificate.

  • The Certificate Password for the CyberArk client certificate.

Reporting

  • Number of Days to Keep Reports is used to change the default number of days reports remain in My Reports in Security Manager.

    A best practice recommendation is to set the days to 182 (about six months) for convenience. You can always change to a lesser amount to reduce system resource usage.

  • PDF Generation Timeout Seconds is the number of seconds to wait until a report generation timeout error is returned as some reports take longer than others to generate.
  • Report Wait Seconds is the number of seconds to wait until re-running the report.
  • Custom Logo is used to upload a custom company logo to appear on reports (replacing the default FireMon branding).

Usage

  • Number of Days to Keep Usage is used to set the number of days to keep per object usage logs based on when the object is added to the network. Objects will drop from counters once they meet the set days to keep usage.
  • Device Health Usage Threshold is used for the Device Health queries to determine what the Security Manager health check status is for usage based on the set number of days a device can exist without reporting usage.
  • Collect Usage in Application Server is used to enable or disable this feature. It is enabled by default.
  • Log Usage in Application Server Log File is used to enable or disable this feature. It is disabled by default.
  • Calculate Last Used Date at Management Station Level is used to enable or disable this feature. It is enabled by default.
  • Preprocess Device Usage Check for Rule Search Controls is disabled by default. If a Rule Search Control evaluates last used date or usage criteria, then enabling will cause an optimization preprocess step to occur. The pre-process step will fail if the device has no usage.
  • Number of Months to Keep Event Logs is used for setting how long to retain event logs. Retaining event logs longer than 24 months (default value) may negatively impact system performance.