Filter
Top Products
5-36
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 5 Managing Policies
Managing Policies in Device View and the Site-to-Site VPN Manager
• That the shared policy was imported. Imported policies might be re-imported at some point if the
policy is managed on a different server. Any changes that you make are eliminated if the policy is
imported again. Before editing the policy, ensure that you understand the protocols used in your
organization for policy management and importation. You can control whether this message appears
using an option on the Tools > Security Manager Administration > Policy Management page (see
Policy Management Page, page 11-45).
You can use the links in the banner to create shared policies, assign a shared policy, and configure policy
inheritance. The following illustration shows an example of a device policy banner.
Figure 5-3 Policy Banner Example
The fields in the policy banner have the following meanings and uses:
• Policy Assigned—The name of the policy assigned to this device or VPN. If the name has a link,
you can assign a shared policy to the element by clicking the link. If there is no link, a shared policy
cannot be assigned to this particular type of policy.
–
Local—The policy is a local policy (configured on this device only) rather than a shared policy.
–
Specific policy name—The shared policy is assigned to the device policy.
• Assigned To—If a shared policy is assigned, the number of devices or VPNs to which the policy is
assigned. If no shared policy is assigned, local device or this VPN is indicated. If the name has a
link, you can do the following:
–
Local Device or This VPN links—Click the link to create a shared policy from this local policy.
You can then assign the shared policy to other devices or VPNs.
–
Number of Devices or VPNs links—Click the link to change the devices or VPNs assigned to
the shared policy.
• Inherits From—The name of the policy from which this policy inherits rules. This field appears only
for policies that allow inheritance. Click the link to specify a policy or set of policies from which
the policy will inherit rules. For more information about inheritance, see Understanding Rule
Inheritance, page 5-4.
The field can contain these entries:
–
None—The policy does not inherit rules from any other policy.
–
Single policy name—The policy inherits rules from this policy.
–
Multiple policy names separated by > signs—The policy inherits rules from the indicated
hierarchy of policies.
• Policy Bundle Assigned—The name of the policy bundle assigned to this device or VPN.
Related Topics
• Understanding Policies, page 5-1
• Managing Policies in Device View and the Site-to-Site VPN Manager, page 5-28
• Sharing a Local Policy, page 5-38
• Assigning a Shared Policy to a Device or VPN Topology, page 5-41
• Adding Local Rules to a Shared Policy, page 5-42