Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
56-13
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 56 Configuring Service Policy Rules on Firewall Devices
IPS, QoS, and Connection Rules Page
Input (Traffic Policing) Enables policing of traffic flowing into the device; these options apply
to ASA/PIX 7.2+ devices only. If you enable policing, you can specify
the following values:
Committed Rate – The rate limit for this traffic flow; this is a
value in the range 8,000 to 2,000,000,000, specifying the
maximum speed (bits per second) allowed.
Burst Rate – A value in the range 1,000 to 512,000,000 that
specifies the maximum number of instantaneous bytes allowed in a
sustained burst before throttling to the conforming rate value.
Conform Action – The action to take when the rate is less than the
conform-burst value. Choices are Transmit or Drop.
Exceed Action – Take this action when the rate is between the
conform-rate value and the conform-burst value. Choices are
Transmit or Drop.
CSC tab
Enable Content Security
Control For This Traffic
Enables or disables the use of the Cisco CSC SSM (Content Security
and Control Security Services Module) for this traffic flow. When this
box is checked, the On CSC SSM Failure options become available.
These options are applicable on ASA 7.1+ devices only; they are not
applicable if TCP State Bypass is enabled.
The CSC SSM provides protection against viruses, spyware, spam, and
other unwanted traffic by scanning the FTP, HTTP, POP3, and SMTP
packets.
On CSC SSM Failure Specifies the action to take if the CSC SSM becomes inoperable:
Open – Permits traffic if the CSC SSM fails.
Close – Blocks traffic if the CSC SSM fails.
User Statistics tab
Enable user statistics
accounting (ASA 8.4(2)+
only)
Whether to collect user statistics accounting information for
identity-based firewall policies. These statistics are kept for users to
which a firewall policy is applied based on user name or user group
membership. Select the type of information you want to collect:
Account for sent drop count
Account for sent packet, sent drop and received packet count
ScanSafe Web Security tab
Enable Scansafe Web
Security for this traffic (ASA
9.0+ only)
Enables or disables the use of ScanSafe Web Security for this traffic
flow. When this box is checked, two options become available: These
options are applicable on ASA 9.0+ devices only.
ScanSafe Policy Map– enables policy map selection.
On ScanSafe Tower Communication Failure– specifies action
the system should take if ScanSafe Tower communication fails.
Table 56-3 Insert/Edit Service Policy (MPC) Rule Wizard—Step 3. Configure the actions.
Element Description