Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
5-32
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 5 Managing Policies
Managing Policies in Device View and the Site-to-Site VPN Manager
Right-click the device in the Device selector, then select Copy Policies Between Devices. The Copy
Policies wizard selects the device as the source device and starts at step 2, the Select Policies to Copy
page. You can change the source device by clicking Back.
Tip You can also right click a device in Map view and select Copy Policies Between Devices.
Step 2 Select the policies you want to copy on the Select Policies to Copy page. Initially, most policies from
the source device (both local and shared) that can be copied are selected. You can change the selection,
however, if you select a policy that depends on another policy, you must select the dependant policies.
Security Manager will prompt you if your selections are not valid.
Consider the following when selecting policies:
Selecting the check box for a policy group selects all of the policies in that group.
When you copy policies between firewall devices (ASA, PIX, FWSM), copying the failover policy
automatically copies the interface policy and vice-versa.
It is usually not a good idea to copy interface policies, because these policies can have specific IP
addresses. Other types of policies that you should carefully consider before copying them include
NAT, routing, or the IPS policy on IOS devices.
If you select the security contexts policy (for FWSM, PIX Firewall, or ASA devices), you must
submit your changes after copying the devices for the contexts to appear in the device selector. In
non-Workflow mode, select File > Submit. In Workflow mode, submit your activity.
Step 3 Use the policy object copy options to determine how policy objects are handled. These options are not
mutually exclusive, and the combination you select has important implications on how the policies are
defined on the target devices.
These are the possible combinations and their meanings:
To ensure that the target devices have the same policy object settings as the source device, select
both Copy the Global Values of Policy Objects and Copy the Overridden Values of Policy
Objects.
To ensure that if a policy object is used on the target device, its value is not overridden, select
neither option. If a selected policy uses a policy object, and an equivalent policy on the target device
uses the same policy object, the policy object’s value defined on the target device is preserved. If the
target device does not use the policy object, it is copied to the target using the policy object’s global
value (any overrides on the source device are ignored).
To ensure that any policy objects on the target device use the policy object’s global values, select
Copy the Global Values of Policy Objects but deselect Copy the Overridden Values of Policy
Objects. If the source device includes policies that use policy objects, only policies that use global
values for the policy objects are copied. If the target device has an equivalent policy that uses local
values for the policy object, the local values are replaced by the policy object’s global values.
To ensure that only policy objects with local values on the source device are copied to the target
device, deselect Copy the Global Values of Policy Objects but select Copy the Overridden
Values of Policy Objects. If the source device includes policies that use policy objects, only policies
that override the policy object’s global values are copied. The target devices get the source device’s
override value for the policy object.
Click Next.
Step 4 Select the target devices to which you want to copy policies on the Copy Policies to these Devices page.
Selecting the check box for a device group selects all of the devices in that group.