CMG Overview

A centralized management group is comprised of a primary Screen and a number of secondary Screens. The primary Screen, where all configuration objects reside, manages both itself and the centralized management group's secondary Screens. The primary Screen's function is to push policy configurations to the secondary Screens in the CMG. This capability enables you to manage many Screens effectively from one location.

To configure a centralized management group, you have to exchange certificate information between the CMG primary and secondary Screens, then add these certificates, along with the Admin IP address information and encryption algorithms for the respective Screens, to the Screen objects.

On the CMG primary Screen, you need to specify each interface present on any secondary Screen. These interface definitions should include the related Screen object to make them Screen-specific.

Finally, you must add packet filtering rules to both the primary and secondary Screens so the primary Screen can push its policy to the secondary Screens.