Filter
Top Products
5-29
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 5 Managing Policies
Managing Policies in Device View and the Site-to-Site VPN Manager
Related Topics
• Understanding Policies, page 5-1
Performing Basic Policy Management
The following topics describe the operations you can perform on local policies in Device view. Local
policies are policies that are specific to the device or VPN topology on which they are configured. They
are not shared by other network elements.
• Configuring Local Policies in Device View, page 5-29
• Copying Policies Between Devices, page 5-31
• Unassigning a Policy, page 5-33. (This topic also applies to the Site-to-Site VPN Manager.)
Related Topics
• Working with Shared Policies in Device View or the Site-to-Site VPN Manager, page 5-34
• Managing Shared Policies in Policy View, page 5-47
• Understanding Policies, page 5-1
Configuring Local Policies in Device View
Use Device view to configure local platform and service policies on individual devices. Each policy
defines a particular configuration or security task that the device can perform, such as NAT, OSPF
routing or inspection rules. Local policies are unnamed and are particular to the individual device on
which they have been defined. Any changes that you make to a local policy do not affect other devices
that Security Manager is managing.
When you configure a policy, a lock is placed on that policy to prevent other users from making changes
to the same policy at the same time. See Understanding Policy Locking, page 5-7.
You can modify any local policy assigned to a particular device provided you have permissions to modify
policies and to access that device. For more information about permissions, see the Installation Guide
for Cisco Security Manager.
After configuring a policy, you must deploy the changes to the device in order to make them active on
that device. For more information, see Chapter 8, “Managing Deployment”
A local policy is configured. The definition of this policy affects only the device or
VPN topology on which it is configured.
A shared policy is configured. Any changes to the definition of this policy affect all of
the devices or VPN topologies to which this policy is assigned.
A policy bundle is configured. Any changes to the definition of this policy affect all of
the devices or VPN topologies to which this policy is assigned, whether those policies
are assigned using the same policy bundle, another policy bundle that includes the
shared policy, or are assigned the shared policy directly and not through a policy
bundle.
Table 5-5 Policy Status Icons (Continued)
Icon Status