Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
5-42
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 5 Managing Policies
Managing Policies in Device View and the Site-to-Site VPN Manager
The Assign Shared Policy dialog box is displayed if there are any shared policies available for
assignment.
Step 2 Select a shared policy from the displayed list to assign to the device or VPN topology and click OK. If
the policy does not allow inheritance, the shared policy is assigned to the selected device and you are
finished.
Step 3 If the policy allows inheritance, you are warned that the shared policy will replace the current policy and
given the option to inherit the rules instead with the Local Policy Will Be Replaced dialog box.
Your options are:
Assign Policy—Assign the shared policy to replace the existing local policy. If you choose to assign,
all local rules are removed and they cannot be retrieved.
Inherit From Policy—Inherit the rules of the shared policy. If you choose to inherit, the inherited
rules are added to the local rules that are already defined in the device’s local policy. Use inheritance
instead of assignment when the device needs to maintain the set of local rules already defined for it.
Tip You can select Do not show this again to save your selection and have it applied to all future
times that you assign rule-based policies. Otherwise, you are prompted each time you assign
policies so that you can make different selections based on the circumstances. If you select this
option, you can turn it off by resetting it on the Customize Desktop administration settings page
(see Customize Desktop Page, page 11-6).
Adding Local Rules to a Shared Policy
After you assign a shared rule-based policy, such as access rules, to a device, you can define additional
rules in the policy that are local to that device. Selecting this option creates an inheritance relationship,
where the policy defined on the device inherits rules from the shared policy while adding rules that affect
only this particular device. For more information about inheritance, see Understanding Rule Inheritance,
page 5-4.
Local rules that you add to a device do not affect the shared policy from which the device inherits its
remaining rules. For example, if the shared policy Access_Rules_South is assigned to five devices and
you define local rules on one of those devices, the access rules policy on that device consists of the rules
defined in Access_Rules_South plus the local rules; the other four devices continue to use only the rules
defined Access_Rules_South.
Before You Begin
Assign a shared, rule-based policy to the device as described in Assigning a Shared Policy to a Device
or VPN Topology, page 5-41.
Related Topics
Understanding the Device View, page 3-1
Cloning (Copying) a Shared Policy, page 5-44
Assigning a Shared Policy to a Device or VPN Topology, page 5-41
Unsharing a Policy, page 5-40
Working with Shared Policies in Device View or the Site-to-Site VPN Manager, page 5-34