Cisco Network Security Troubleshooting Handbook

Unlike the command line interface or the PIX device manager (PDM), the Firewall MC is a policy-based tool targeted for managing multiple firewalls in a large enterprise environment.

Firewall MC Processes

There are several processes that perform different tasks on Firewall MC. If one of these processes is not running, the function that it is responsible for will not work. If there are problems in running the application, it is always a good practice to check that all these processes are running. The processes and their main functions are the following:

• Apache This is the web server process. Be sure that the web server is running properly.

• ASANYs_SqlCoreDB This a SQL database. For the Firewall MC to function properly, be sure this is running properly.

• Tomcat Be sure that the Java servlets that make up the Firewall MC and Auto Update Server (AUS) user interface are running properly.

If any of these processes are not running, the tasks they control will not run. To check the status of the processes and start them, go to Server Configuration > Administration > Process Management. From there you can view the status of the processes, stop the processes, or start stopped processes.

As mentioned before, Firewall MC is used to manage single or multiple firewalls on a variety of firewall platforms. It is important to understand and be aware of the versions of firewall supported by different Firewall MC Versions. Refer to the following link (Release notes) for a list of firewall versions that are supported by Firewall MC Version 1.3.3:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/mgt_pix/fwmc133/dvice133.htm

Communication Architecture

Firewall MC uses HTTPS (HTTP/SSL) protocol to communicate with Firewall to perform different tasks. Following is the list of functions Firewall MC performs with the help of the HTTPS protocol:

• Importing Configuration of Firewall Firewall MC communicates with the firewalls using the HTTPS protocol to import the configuration. Firewall needs to be enabled with a web server, and an SSL certificate must be generated for secure http communication.

• Deployment Configuration of the Firewall Firewall MC deploys configuration to the Firewall using the HTTPS protocol.

• Communication with Auto-update Server When configuration is pushed to the Auto-update server from the Firewall MC, it uses the HTTPS protocol. When the firewall pulls the image or the configuration files, it also uses the HTTPS protocol.

So, as you can see, all communications that take place among firewalls, Firewall MC, and the Auto-update server use the HTTPS (http/SSL) protocol.