Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
56-17
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 56 Configuring Service Policy Rules on Firewall Devices
Configuring Traffic Flow Objects
These dialog boxes also can be opened by clicking the Create or Edit buttons in the Traffic Flows
Selector while defining a Service Policy rule. See for Step 2. Configure the traffic class, page 56-7 more
information about selecting a Traffic Flow class.
Related Topics
Creating Access Control List Objects, page 6-49
Field Reference
Table 56-5 Add and Edit Traffic Flow Dialog Boxes
Element Description
Name The name of the Traffic Flow object. A maximum of 40 characters is
allowed. The name space for class maps is local to a security context.
Therefore, the same name may be used in multiple security contexts.
The maximum number of class maps per security context is 255.
Description A description of the Traffic Flow (optional). A maximum of 1024
characters is allowed.
Traffic Match Type The type of traffic to match. The option you choose may change the
fields in the dialog box; all possible fields are explained later in this
table. The Traffic Match Type options are:
Any Traffic – Matches all traffic.
Source and Destination IP Address (access-list) – Matches the
source and destination IP addresses in a packet based on the access
control list that you specify.
For ASA 8.4(2+) devices, the ACL can include FQDN objects and
user specifications to perform identity-based traffic matching.
Default Inspection Traffic – Matches default inspection traffic. For
a list of default settings, see Default Inspection Traffic, page 56-18.
Default Inspection Traffic with access list – Matches default
inspection traffic limited by the access control list that you specify.
TCP or UDP Destination Port – Matches traffic to the TCP or UDP
destination port or port range that you specify. Valid port numbers
here are 0 to 65535.
RTP Range – Matches traffic to the range of UDP destination ports
that you specify. Valid port numbers here are 2000 to 65535.
Tunnel Group – Matches the destination address based on flows in
VPN tunnels belonging to a specified tunnel group.
IP Precedence Bits – Matches precedence values assigned to the
traffic packets. You can select a maximum of four values.
IP DiffServe Code Points (DSCP) Values – Matches DSCP values
associated with the traffic packets. You can select a maximum of
eight values.
Variable Fields
The following fields may appear in the Add and Edit Traffic Flow dialog boxes, depending on your
choice in the Traffic Match Type field. This list is the complete set of possible fields.