Filter
Top Products
CHAPTER
6-1
User Guide for Cisco Security Manager 4.4
OL-28826-01
6
Managing Policy Objects
Policy objects enable you to define logical collections of elements. They are reusable, named
components that can be used by other objects and policies. Objects aid policy definition by eliminating
the need to define that component each time you define a policy. When used, an object becomes an
integral component of the object or policy. This means that if you change the definition of an object, this
change is reflected in all objects and policies that reference the object.
Objects facilitate network updates, because you can identify objects separately but maintain them in a
central location. For example, you can identify the servers in your network as a network/host object
called MyServers, and the protocols to allow on these servers in a service object. You can then create an
access rule that permits the MyServers network/host object to send and receive traffic for the services
defined in the service object. If a change is made to these servers, you need only update the network/host
or service object and redeploy, instead of trying to locate and edit each rule in which the servers are used.
Objects are defined globally. This means that the definition of an object is the same for every object and
policy that references it. However, many object types (for example, interface roles) can be overridden at
the device level. Thus, you can create an object that works for most of your devices, yet customize the
object to match the configuration of a particular device that has slightly different requirements. For more
information, see Understanding Policy Object Overrides for Individual Devices, page 6-17.
This chapter contains the following topics:
• Selecting Objects for Policies, page 6-2
• Policy Object Manager, page 6-4
• Working with Policy Objects—Basic Procedures, page 6-9
• Understanding AAA Server and Server Group Objects, page 6-24
• Creating Access Control List Objects, page 6-49
• Configuring Time Range Objects, page 6-66
• Understanding Interface Role Objects, page 6-67
• Understanding Map Objects, page 6-72
• Understanding Networks/Hosts Objects, page 6-74
• Understanding Pool Objects, page 6-83
• Understanding and Specifying Services and Service and Port List Objects, page 6-86
• How Policy Objects are Provisioned as Object Groups, page 6-91