|
|
Proper planning is the key to a successful installation. The discussions in this chapter introduce you to issues that you should consider and provide an orientation to the tasks that you should perform prior to installing Cisco Secure Policy Manager. This chapter includes the following sections:
A Policy Enforcement Point is a gateway or firewall that can alter a traffic flow from one network to another. For the purposes of this installation guide, a gateway is only considered a Policy Enforcement Point if Cisco Secure Policy Manager manages it through distribution of policies.
Table 1-1 lists the Cisco Secure PIX Firewall and Cisco IOS software versions (for Cisco router/firewalls and Cisco VPN Gateways) currently supported by Cisco Secure Policy Manager. Certain versions of the PIX Firewall require connection to the inside interface to receive commands from the Policy Proxy host. These dependencies are listed in Table 1-1. You should refer to the Release Notes for Cisco Secure Policy Manager for any updates to this table.
| Policy Enforcement Point | Supported Version | Managed Interface Dependency |
|---|---|---|
Cisco Secure PIX Firewall | 4.2(4) | Inside |
4.2(5) | Inside | |
4.4(x) | Inside | |
5.1(x) | (none) | |
Cisco router/firewall and Cisco VPN Gateway | Cisco IOS Release 12.0(5)T | (none) |
Cisco IOS Release 12.0(5)XE | (none) | |
Cisco IOS Release 12.0(7)T | (none) |
Policy Enforcement Points, though managed by Cisco Secure Policy Manager, are not part of the installed system. Therefore, before you can manage a Policy Enforcement Point, you must ensure that it has a basic configuration that enables it to receive commands from Cisco Secure Policy Manager. These basic configuration settings are called bootstrap settings. The worksheets included in this chapter and in "Meeting the Prerequisites," guide you through bootstrapping procedures for the supported Policy Enforcement Points. You should follow the worksheets for any Policy Enforcement Point you intend to manage with Cisco Secure Policy Manager.
The Cisco Secure Policy Manager system is composed of multiple subsystems, each of which provides a set of related functionality within the overall system. A feature set is a collection of these subsystems, which are offered as installable options via the installation process. Depending on the installation option you choose, the feature sets that follow may all reside on the same target host or be distributed among various hosts on the network.
You have the option of installing Cisco Secure Policy Manager in one of four ways, depending on the topology of your network and the number of managed devices. This section includes the following topics, which describe each installation option:
When you install a standalone Cisco Secure Policy Manager system, the Policy Server feature set is installed on a single host. This single host carries out all database, generation, proxy, monitoring, and reporting functionality, as well as local administration of the standalone system.
When you install a client-server Cisco Secure Policy Manager system, the Policy Server feature set is installed on a single host, just like the standalone system. However, with the client-server system, the Policy Administrator feature set may be installed on one or more hosts in the network. This arrangement enables you to administer the standalone system locally or from any Policy Administrator host on your network.
When you install a distributed Cisco Secure Policy Manager system, the Policy Administrator feature set can be installed on one or more hosts. The Policy Server feature set is installed on a single computer that serves as a central point for administration of your network. The Policy Proxy, Policy Proxy-Monitor, and Policy Monitor feature sets can be installed on any number of additional computers that serve as secondary and tertiary hosts spread across a physical network. Each of the secondary and tertiary hosts assumes responsibility for Monitoring and Proxy functionality for a portion of an enterprise network.
When you install the Cisco Secure Policy Manager demo, the Policy Administrator feature set and demo files are installed on a single host. The demo enables you explore the Policy Administrator interface without installing a fully functional system. To install the Policy Manager demo, see the section "Installing the Cisco Secure Policy Manager Demo" in "Working with Cisco Secure Policy Manager."
After you understand the different installation options, you must decide which option is the most practical for your network(s). To make this decision, you should consider the current topology of your network and compare it to the three topology scenarios in this section. Each scenario represents a general network topology and the optimal Cisco Secure Policy Manager installation for that scenario.
These scenarios are not intended to represent an exact match of your network topology; however, they should help you decide which installation option to implement.
Figure 1-1 depicts a small office environment comprising several internal networks with Internet access. Shared resources, such as web servers, are placed in a publicly accessible isolated services network (DMZ network) and are protected by a firewall. Each floor network is also protected by a firewall/gateway. Another firewall protects the internal server farm network containing web, e-mail, FTP, file, and print servers. A standalone Cisco Secure Policy Manager system is used to manage security services throughout the network.
Figure 1-2 depicts a multi-office environment comprising several internal networks that are dispersed across three locations. Office connectivity is provided through a service provider network. Internet access is provided only through the headquarter's network with a firewall in place to support an isolated network and general protection. Each office is also protected by a company-owned firewall/gateway. IPSec VPN tunnels are established between the office locations. A client-server Cisco Secure Policy Manager system enables 24x7 management support of security services throughout the corporate network.
Figure 1-3 depicts a multi-office environment comprising several internal networks that are dispersed across many locations. Office connectivity is provided through a company-owned intranet network. Internet access is provided only through corporate headquarters. Publicly accessible server resources are placed in an isolated network (DMZ) and are protected by a firewall. Each office is also protected by a firewall/gateway. IPSec VPN tunnels are established between all office locations. A distributed Cisco Secure Policy Manager system enables 24x7 management of security services throughout the corporate network from multiple locations. The distributed installation also provides better performance of the Cisco Secure Policy Manager system by off loading critical functions to different servers. In offices that contain several Policy Enforcement Points and larger networks, dedicated Policy Monitor and Policy Proxy hosts are deployed. Policy Monitor hosts provide enhanced firewall/gateway monitoring while Policy Proxy hosts assist in distributing policies to the appropriate Policy Enforcement Points.
You should keep in mind the following guidelines as you decide how to deploy your Cisco Secure Policy Manager system.
After you have decided which Cisco Secure Policy Manager installation best fits your network, you should follow the preparation worksheet for that installation option. The worksheets in this section present questions, possible responses, and solutions that guide you through issues that you should consider to ensure the Policy Enforcement Point(s) and target host(s) are properly prepared prior to installing a Cisco Secure Policy Manager system on your network.
The worksheets provide an overall assessment of any remaining prerequisites for your network. Details for fulfilling each prerequisite are discussed in "Meeting the Prerequisites." As you work through each question, you will see references to the specific section in Appendix A where you can find the discussions and procedures related to that prerequisite.
Locate the worksheet that corresponds to the Cisco Secure Policy Manager system you want to install and answer each question. This section includes the following topics:
The worksheet in Table 1-2 guides you through required preparations for a standalone system.
| Element Requiring Preparation | Question | Response | Solution |
|---|---|---|---|
Policy Enforcement Point(s) |
|
|
|
Answer these questions for any Policy Enforcement Point on your network. | Do you want to use Cisco Secure Policy Manager to manage this Policy Enforcement Point? | Yes | Continue answering the questions in this worksheet. |
| No | The questions in this worksheet apply only to the Policy Enforcement Points on your network that you want to manage with Cisco Secure Policy Manager. | |
| Is this Policy Enforcement Point (and the software it runs) currently supported by Cisco Secure Policy Manager? | Yes | Continue answering the questions in this worksheet. |
| No | Cisco Secure Policy Manager will not support this Policy Enforcement Point. See Table 1-1 for supported versions. | |
| Is this Policy Enforcement Point configured and running on your network? | Yes | Continue answering the questions in this worksheet. |
| No | Follow the bootstrapping procedures for this particular Policy Enforcement Point. For a PIX Firewall, see "Bootstrapping the PIX Firewall" in Appendix A. For a Cisco router, see "Bootstrapping a Cisco Router" in Appendix A. | |
Policy Enforcement Points | Can you Telnet to this Policy Enforcement Point from the target host? | Yes | Continue answering the questions in this worksheet. |
| No | Follow the procedures for "Testing Connectivity between the Policy Enforcement Point and Policy Proxy Host" in Appendix A. | |
| Do you get a password prompt when you first log in to this Policy Enforcement Point? | Yes | This Policy Enforcement Point meets the initial configuration settings and can be discovered by Cisco Secure Policy Manager. Follow this worksheet for any additional Policy Enforcement Points on your network before continuing with preparation of the target host in your standalone system. |
| No | Follow the procedures for "Testing Connectivity between the Policy Enforcement Point and Policy Proxy Host" in Appendix A. | |
target host |
|
|
|
| Does this computer meet the "Minimum Hardware Requirements" listed in Appendix A? | Yes | Continue answering the questions in this worksheet. |
| No | Do not install Cisco Secure Policy Manager on this machine. | |
| Does this computer run Windows NT 4.0? | Yes | Continue answering the questions in this worksheet. |
| No | Do not install Cisco Secure Policy Manager on this machine. | |
target host | Does this computer run an NTFS file partition? | Yes | Continue answering the questions in this worksheet. |
| No | Review "Converting Your File Partition from FAT to NTFS" in Appendix A. | |
| Does this computer have the TCP/IP protocol stack installed? | Yes | Continue answering the questions in this worksheet. |
| No | Review "Installing the TCP/IP Protocol Stack" in Appendix A. | |
| Do you want to secure the command and control channel between the Policy Enforcement Point and the Policy Proxy host? | Yes | Review "Installing Cisco Secure VPN Client" in Appendix A. |
| No | Continue answering the questions in this worksheet. | |
| Do you want to receive e-mail or pager notifications from the Policy Monitor host? | Yes | Review "Installing TAPI and MAPI" in Appendix A. |
| No | Continue answering the questions in this worksheet. | |
| Does this computer have DHCP enabled? | Yes | We recommend disabling DHCP. Review "Disabling DHCP" in Appendix A. |
| No | Continue answering the questions in this worksheet. | |
| Is the Windows NT startup time for this computer set to zero seconds? | Yes | Continue answering the questions in this worksheet. |
| No | This is a recommended setting. Review "Changing the Timeout Setting" in Appendix A. | |
target host | Have you created a Windows NT account for installation? | Yes | Continue answering the questions in this worksheet. |
| No | We recommend creating an account with administrative privileges. Review "Creating a Windows NT Account for Installation" in Appendix A. | |
| Is this computer running Service Pack 5 for Windows NT? | Yes | Continue answering the questions in this worksheet. |
| No | The Autostart utility will detect this requirement and prompt you to install SP5 before continuing with the setup program. Review "Requisite Software" in Appendix A. | |
| Is Microsoft Internet Explorer 5.0 installed on this computer? | Yes | Continue answering the questions in this worksheet. |
No | The Autostart utility will detect this requirement and prompt you to install IE 5.0 before continuing with the setup program. Review "Requisite Software" in Appendix A. | ||
| Is HTML Help 1.22 Update installed on this computer? | Yes | Follow the procedures for "Installing a Standalone System" in Chapter 2. |
No | The Autostart utility will detect this requirement and prompt you to install HTML Help 1.22 Update before continuing with the setup program. Review "Requisite Software" in Appendix A. |
 |
Note After you have properly prepared each Policy Enforcement Point and the target host, you are ready to install Cisco Secure Policy Manager. Follow the procedures for "Installing a Standalone System" in "Installation Procedures." |
The worksheet Table 1-3 guides you through required preparations for a client-server system.
| Element Requiring Preparation | Question | Response | Solution |
|---|---|---|---|
Policy Enforcement Point(s) |
|
|
|
Answer these questions for any Policy Enforcement Point on your network. | Do you want to use Cisco Secure Policy Manager to manage this Policy Enforcement Point? | Yes | Continue answering the questions in this worksheet. |
| No | The questions in this worksheet apply only to the Policy Enforcement Points on your network that you want to manage with Cisco Secure Policy Manager. | |
| Is this Policy Enforcement Point (and the software it runs) currently supported by Cisco Secure Policy Manager?
| Yes | Continue answering the questions in this worksheet. |
| No | Cisco Secure Policy Manager will not support this Policy Enforcement Point. See Table 1-1 for supported versions. | |
Policy Enforcement Points | Is this Policy Enforcement Point configured and running on your network? | Yes | Continue answering the questions in this worksheet. |
| No | Follow the bootstrapping procedures for this particular Policy Enforcement Point. For a PIX Firewall, see "Bootstrapping the PIX Firewall" in Appendix A. For a Cisco router, see "Bootstrapping a Cisco Router" in Appendix A. | |
| Can you Telnet to this Policy Enforcement Point from the target host? | Yes | Continue answering the questions in this worksheet. |
| No | Follow the procedures for "Testing Connectivity between the Policy Enforcement Point and Policy Proxy Host" in Appendix A. | |
| Do you get a password prompt when you first log in to this Policy Enforcement Point? | Yes | This Policy Enforcement Point meets the initial configuration settings and can be discovered by Cisco Secure Policy Manager. Follow this worksheet for any additional Policy Enforcement Points on your network before continuing with preparation of the target host in your standalone system. |
| No | Follow the procedures for "Testing Connectivity between the Policy Enforcement Point and Policy Proxy Host" in Appendix A. | |
target hosts |
|
|
|
Policy Server host | Does this computer meet the "Minimum Hardware Requirements" listed in Appendix A? | Yes | Continue answering the questions in this worksheet. |
| No | Do not install the Policy Server feature set on this machine. | |
| Does this computer run Windows NT 4.0? | Yes | Continue answering the questions in this worksheet. |
| No | Do not install the Policy Server feature set on this machine. | |
| Does this computer run an NTFS file partition? | Yes | Continue answering the questions in this worksheet. |
| No | Review "Converting Your File Partition from FAT to NTFS" in Appendix A. | |
| Does this computer have the TCP/IP protocol stack installed? | Yes | Continue answering the questions in this worksheet. |
| No | Review "Installing the TCP/IP Protocol Stack" in Appendix A. | |
| Do you want to secure the command and control channel between the Policy Enforcement Point and the Policy Proxy host? | Yes | Review "Installing Cisco Secure VPN Client" in Appendix A. |
| No | Continue answering the questions in this worksheet. | |
| Do you want to receive e-mail or pager notifications from the Policy Monitor host? | Yes | Review "Installing TAPI and MAPI" in Appendix A. |
| No | Continue answering the questions in this worksheet. | |
Policy Server host | Does this computer have DHCP enabled? | Yes | We recommend disabling DHCP. Review "Disabling DHCP" in Appendix A. |
| No | Continue answering the questions in this worksheet. | |
| Is the Windows NT startup time for this computer set to zero seconds? | Yes | Continue answering the questions in this worksheet. |
| No | This is a recommended setting. Review "Changing the Timeout Setting" in Appendix A. | |
| Have you created a Windows NT account for installation? | Yes | Continue answering the questions in this worksheet. |
| No | We recommend creating an account with administrative privileges. Review "Creating a Windows NT Account for Installation" in Appendix A. | |
| Is this computer running Service Pack 5 for Windows NT? | Yes | Continue answering the questions in this worksheet. |
| No | The Autostart utility will detect this requirement and prompt you to install SP5 before continuing with the setup program. Review "Requisite Software" in Appendix A. | |
| Is Microsoft Internet Explorer 5.0 installed on this computer? | Yes | Continue answering the questions in this worksheet. |
No | The Autostart utility will detect this requirement and prompt you to install IE 5.0 before continuing with the setup program. Review "Requisite Software" in Appendix A. | ||
Policy Server host | Is HTML Help 1.22 Update installed on this computer? | Yes | Continue answering the questions in this worksheet to prepare the host(s) for installation of the Policy Administrator feature set. |
No | The Autostart utility will detect this requirement and prompt you to install HTML Help 1.22 Update before continuing with the setup program. Review "Requisite Software" in Appendix A. | ||
Policy Administrator host(s) | Does this computer meet the "Minimum Hardware Requirements" listed in Appendix A? | Yes | Continue answering the questions in this worksheet. |
| No | Do not install the Policy Administrator feature set on this machine. | |
| Does this computer run Windows 95, 98, or NT 4.0? | Yes | Continue answering the questions in this worksheet. |
| No | Do not install the Policy Administrator feature set on this machine. | |
| If this computer runs Windows NT 4.0, is it using an NTFS file partition? | Yes | Continue answering the questions in this worksheet. |
| No | Review "Converting Your File Partition from FAT to NTFS" in Appendix A. | |
| Does this computer have the TCP/IP protocol stack installed? | Yes | Continue answering the questions in this worksheet. |
| No | Review "Installing the TCP/IP Protocol Stack" in Appendix A. | |
Policy Administrator | Does this computer have DHCP enabled? | Yes | We recommend disabling DHCP. Review "Disabling DHCP" in Appendix A. |
| No | Continue answering the questions in this worksheet. | |
| If this computer runs Windows NT 4.0, is the startup time set to zero seconds? | Yes | Continue answering the questions in this worksheet. |
| No | This is a recommended setting. Review "Changing the Timeout Setting" in Appendix A. | |
| If this computer runs Windows NT 4.0, is Service Pack 5 for Windows NT installed? | Yes | Continue answering the questions in this worksheet. |
No | The Autostart utility will detect this requirement and prompt you to install SP5 before continuing with the setup program. Review "Requisite Software" in Appendix A. | ||
| Is Microsoft Internet Explorer 5.0 installed on this computer? | Yes | Continue answering the questions in this worksheet. |
| No | The Autostart utility will detect this requirement and prompt you to install IE 5.0 before continuing with the setup program. Review "Requisite Software" in Appendix A. | |
| Is HTML Help 1.22 Update installed on this computer? | Yes | Follow the procedures for "Installing a Client-Server System" in Chapter 2. |
No | The Autostart utility will detect this requirement and prompt you to install HTML Help 1.22 Update before continuing with the setup program. Review "Requisite Software" in Appendix A. |
|
Note After you have properly prepared each Policy Enforcement Point and the target hosts, you are ready to install Cisco Secure Policy Manager. Follow the procedures for "Installing a Client-Server System" in "Installation Procedures." |
The worksheet in Table 1-4 guides you through required preparations for a distributed system.
| Element Requiring Preparation | Question | Response | Solution |
|---|---|---|---|
Policy Enforcement Point(s) |
|
|
|
Answer these questions for any Policy Enforcement Point on your network. | Do you want to use Cisco Secure Policy Manager to manage this Policy Enforcement Point? | Yes | Continue answering the questions in this worksheet. |
| No | The questions in this worksheet apply only to the Policy Enforcement Points on your network that you want to manage with Cisco Secure Policy Manager. | |
| Is this Policy Enforcement Point (and the software it runs) currently supported by Cisco Secure Policy Manager? | Yes | Continue answering the questions in this worksheet. |
| No | Cisco Secure Policy Manager will not support this Policy Enforcement Point. See Table 1-1 for supported versions. | |
Policy Enforcement Points | Is this Policy Enforcement Point configured and running on your network? | Yes | Continue answering the questions in this worksheet. |
| No | Follow the bootstrapping procedures for this particular Policy Enforcement Point. For a PIX Firewall, see "Bootstrapping the PIX Firewall" in Appendix A. For a Cisco router, see "Bootstrapping a Cisco Router" in Appendix A. | |
| Can you Telnet to this Policy Enforcement Point from the target host? | Yes | Continue answering the questions in this worksheet. |
| No | Follow the procedures for "Testing Connectivity between the Policy Enforcement Point and Policy Proxy Host" in Appendix A. | |
| Do you get a password prompt when you first log in to this Policy Enforcement Point? | Yes | This Policy Enforcement Point meets the initial configuration settings and can be discovered by Cisco Secure Policy Manager. Follow this worksheet for any additional Policy Enforcement Points on your network before continuing with preparation of the target host in your standalone system. |
| No | Follow the procedures for "Testing Connectivity between the Policy Enforcement Point and Policy Proxy Host" in Appendix A. | |
target hosts |
|
|
|
Policy Server host | Does this computer meet the "Minimum Hardware Requirements" listed in Appendix A? | Yes | Continue answering the questions in this worksheet. |
| No | Do not install the Policy Server feature set on this machine. | |
| Does this computer run Windows NT 4.0? | Yes | Continue answering the questions in this worksheet. |
| No | Do not install the Policy Server feature set on this machine. | |
| Does this computer run an NTFS file partition? | Yes | Continue answering the questions in this worksheet. |
| No | Review "Converting Your File Partition from FAT to NTFS" in Appendix A. | |
| Does this computer have the TCP/IP protocol stack installed? | Yes | Continue answering the questions in this worksheet. |
| No | Review "Installing the TCP/IP Protocol Stack" in Appendix A. | |
| Does this computer have DHCP enabled? | Yes | We recommend disabling DHCP. Review "Disabling DHCP" in Appendix A. |
| No | Continue answering the questions in this worksheet. | |
| Is the Windows NT startup time for this computer set to zero seconds? | Yes | Continue answering the questions in this worksheet. |
| No | This is a recommended setting. Review "Changing the Timeout Setting" in Appendix A. | |
Policy Server host, (continued) | Have you created a Windows NT account for installation? | Yes | Continue answering the questions in this worksheet. |
| No | We recommend creating an account with administrative privileges. Review "Creating a Windows NT Account for Installation" in Appendix A. | |
| Is this computer running Service Pack 5 for Windows NT? | Yes | Continue answering the questions in this worksheet. |
No | The Autostart utility will detect this requirement and prompt you to install SP5 before continuing with the setup program. Review "Requisite Software" in Appendix A. | ||
| Is Microsoft Internet Explorer 5.0 installed on this computer? | Yes | Continue answering the questions in this worksheet. |
| No | The Autostart utility will detect this requirement and prompt you to install IE 5.0 before continuing with the setup program. Review "Requisite Software" in Appendix A. | |
| Is HTML Help 1.22 Update installed on this computer? | Yes | Continue answering the questions in this worksheet to prepare each target host for the remaining feature sets. |
No | The Autostart utility will detect this requirement and prompt you to install HTML Help 1.22 Update before continuing with the setup program. Review "Requisite Software" in Appendix A. | ||
Does this computer meet the "Minimum Hardware Requirements" listed in Appendix A? | Yes | Continue answering the questions in this worksheet. | |
| No | Do not install the Policy Administrator feature set on this machine. | |
| Does this computer run Windows 95, 98, or NT 4.0? | Yes | Continue answering the questions in this worksheet. |
| No | Do not install the Policy Administrator feature set on this machine. | |
| If this computer runs Windows NT 4.0, is it using an NTFS file partition? | Yes | Continue answering the questions in this worksheet. |
| No | Review "Converting Your File Partition from FAT to NTFS" in Appendix A. | |
| Does this computer have the TCP/IP protocol stack installed? | Yes | Continue answering the questions in this worksheet. |
| No | Review "Installing the TCP/IP Protocol Stack" in Appendix A. | |
| Does this computer have DHCP enabled? | Yes | We recommend disabling DHCP. Review "Disabling DHCP" in Appendix A. |
| No | Continue answering the questions in this worksheet. | |
| If this computer runs Windows NT 4.0, is the startup time set to zero seconds? | Yes | Continue answering the questions in this worksheet. |
| No | This is a recommended setting. Review "Changing the Timeout Setting" in Appendix A. | |
Policy Administrator host(s) | If this computer runs Windows NT 4.0, is Service Pack 5 for Windows NT installed? | Yes | Continue answering the questions in this worksheet. |
No | The Autostart utility will detect this requirement and prompt you to install SP5 before continuing with the setup program. Review "Requisite Software" in Appendix A. | ||
| Is Microsoft Internet Explorer 5.0 installed on this computer? | Yes | Continue answering the questions in this worksheet. |
No | The Autostart utility will detect this requirement and prompt you to install IE 5.0 before continuing with the setup program. Review "Requisite Software" in Appendix A. | ||
Policy Proxy-Monitor host(s) | Is HTML Help 1.22 Update installed on this computer? | Yes | Continue answering the questions in this worksheet to prepare each target host for the remaining feature sets. |
| No | The Autostart utility will detect this requirement and prompt you to install HTML Help 1.22 Update before continuing with the setup program. Review "Requisite Software" in Appendix A. | |
| Does this computer meet the "Minimum Hardware Requirements" listed in Appendix A? | Yes | Continue answering the questions in this worksheet. |
| No | Do not install the Policy Proxy-Monitor feature set on this machine. | |
Policy Proxy-Monitor host(s) (continued) | Does this computer run Windows NT 4.0? | Yes | Continue answering the questions in this worksheet. |
| No | Do not install the Policy Proxy-Monitor feature set on this machine. | |
| Does this computer run an NTFS file partition? | Yes | Continue answering the questions in this worksheet. |
| No | Review "Converting Your File Partition from FAT to NTFS" in Appendix A. | |
| Does this computer have the TCP/IP protocol stack installed? | Yes | Continue answering the questions in this worksheet. |
| No | Review "Installing the TCP/IP Protocol Stack" in Appendix A. | |
| Do you want to secure the command and control channel between the Policy Enforcement Point and the Policy Proxy host? | Yes | Review "Installing Cisco Secure VPN Client" in Appendix A. |
| No | Continue answering the questions in this worksheet. | |
| Do you want to receive e-mail or pager notifications from the Policy Monitor host? | Yes | Review "Installing TAPI and MAPI" in Appendix A. |
| No | Continue answering the questions in this worksheet. | |
| Does this computer have DHCP enabled? | Yes | We recommend disabling DHCP. Review "Disabling DHCP" in Appendix A. |
| No | Continue answering the questions in this worksheet. | |
Policy Proxy-Monitor host(s) (continued) | Is the Windows NT startup time for this computer set to zero seconds? | Yes | Continue answering the questions in this worksheet. |
| No | This is a recommended setting. Review "Changing the Timeout Setting" in Appendix A. | |
| Is this computer running Service Pack 5 for Windows NT? | Yes | Continue answering the questions in this worksheet. |
No | The Autostart utility will detect this requirement and prompt you to install SP5 before continuing with the setup program. Review "Requisite Software" in Appendix A. | ||
| Is Microsoft Internet Explorer 5.0 installed on this computer? | Yes | Continue answering the questions in this worksheet. |
| No | The Autostart utility will detect this requirement and prompt you to install IE 5.0 before continuing with the setup program. Review "Requisite Software" in Appendix A. | |
| Is the HTML Help 1.22 Update installed on this computer? | Yes | Continue answering the questions in this worksheet to prepare each target host for the remaining feature sets. |
No | The Autostart utility will detect this requirement and prompt you to install HTML Help 1.22 Update before continuing with the setup program. Review "Requisite Software" in Appendix A. | ||
Policy Monitor host(s) | Does this computer meet the "Minimum Hardware Requirements" listed in Appendix A? | Yes | Continue answering the questions in this worksheet. |
| No | Do not install the Policy Monitor feature set on this machine. | |
Policy Monitor host(s) | Does this computer run Windows NT 4.0? | Yes | Continue answering the questions in this worksheet. |
| No | Do not install the Policy Monitor feature set on this machine. | |
| Does this computer run an NTFS file partition? | Yes | Continue answering the questions in this worksheet. |
| No | Review "Converting Your File Partition from FAT to NTFS" in Appendix A. | |
| Does this computer have the TCP/IP protocol stack installed? | Yes | Continue answering the questions in this worksheet. |
| No | Review "Installing the TCP/IP Protocol Stack" in Appendix A. | |
| Do you want to receive e-mail or pager notifications from the Policy Monitor host? | Yes | Review "Installing TAPI and MAPI" in Appendix A. |
| No | Continue answering the questions in this worksheet. | |
| Does this computer have DHCP enabled? | Yes | We recommend disabling DHCP. Review "Disabling DHCP" in Appendix A. |
| No | Continue answering the questions in this worksheet. | |
| Is the Windows NT startup time for this computer set to zero seconds? | Yes | Continue answering the questions in this worksheet. |
| No | This is a recommended setting. Review "Changing the Timeout Setting" in Appendix A. | |
Policy Monitor host(s) | Is this computer running Service Pack 5 for Windows NT? | Yes | Continue answering the questions in this worksheet. |
| No | The Autostart utility will detect this requirement and prompt you to install SP5 before continuing with the setup program. Review "Requisite Software" in Appendix A. | |
| Is Microsoft Internet Explorer 5.0 installed on this computer? | Yes | Continue answering the questions in this worksheet. |
No | The Autostart utility will detect this requirement and prompt you to install IE 5.0 before continuing with the setup program. Review "Requisite Software" in Appendix A. | ||
| Is the HTML Help 1.22 Update installed on this computer? | Yes | Continue answering the questions in this worksheet to prepare each target host for the remaining feature sets. |
No | The Autostart utility will detect this requirement and prompt you to install HTML Help 1.22 Update before continuing with the setup program. Review "Requisite Software" in Appendix A. | ||
Policy Proxy host(s) | Does this computer meet the "Minimum Hardware Requirements" listed in Appendix A? | Yes | Continue answering the questions in this worksheet. |
| No | Do not install the Policy Proxy feature set on this machine. | |
| Does this computer run Windows NT 4.0? | Yes | Continue answering the questions in this worksheet. |
| No | Do not install the Policy Proxy feature set on this machine. | |
Policy Proxy host(s) | Does this computer run an NTFS file partition? | Yes | Continue answering the questions in this worksheet. |
| No | Review "Converting Your File Partition from FAT to NTFS" in Appendix A. | |
| Does this computer have the TCP/IP protocol stack installed? | Yes | Continue answering the questions in this worksheet. |
| No | Review "Installing the TCP/IP Protocol Stack" in Appendix A. | |
| Do you want to secure the command and control channel between the Policy Enforcement Point and the Policy Proxy host? | Yes | Review "Installing Cisco Secure VPN Client" in Appendix A. |
| No | Continue answering the questions in this worksheet. | |
| Does this computer have DHCP enabled? | Yes | We recommend disabling DHCP. Review "Disabling DHCP" in Appendix A. |
| No | Continue answering the questions in this worksheet. | |
| Is the Windows NT startup time for this computer set to zero seconds? | Yes | Continue answering the questions in this worksheet. |
| No | This is a recommended setting. Review "Changing the Timeout Setting" in Appendix A. | |
| Is this computer running Service Pack 5 for Windows NT? | Yes | Continue answering the questions in this worksheet. |
No | The Autostart utility will detect this requirement and prompt you to install SP5 before continuing with the setup program. Review "Requisite Software" in Appendix A. | ||
Policy Proxy host(s) | Is Microsoft Internet Explorer 5.0 installed on this computer? | Yes | Continue answering the questions in this worksheet. |
| No | The Autostart utility will detect this requirement and prompt you to install IE 5.0 before continuing with the setup program. Review "Requisite Software" in Appendix A. | |
| Is HTML Help 1.22 Update installed on this computer? | Yes | Continue answering the questions in this worksheet to prepare any remaining target hosts. After you have prepared all the target hosts, follow the procedures for "Installing a Distributed System" in Chapter 2. |
No | The Autostart utility will detect this requirement and prompt you to install HTML Help 1.22 Update before continuing with the setup program. Review "Requisite Software" in Appendix A. |
|
Note After you have properly prepared each Policy Enforcement Point and the target hosts, you are ready to install Cisco Secure Policy Manager. Follow the procedures in the "Installing a Distributed System" in "Installation Procedures." |
Posted: Thu May 25 12:55:09 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.