Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
6-58
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
Creating Access Control List Objects
Source
Destination
The source or destination of the traffic. You can enter more than one
value by separating the items with commas.
You can enter any combination of the following address types. For more
information, see Specifying IP Addresses During Policy Definition,
page 6-81.
Network/host object. Enter the name of the object or click Select
to select it from a list. You can also create new network/host objects
from the selection list.
(ASA 8.4(2+) only.) You can select FQDN network/host objects to
select traffic based on fully-qualified host names.
Host IP address, for example, 10.10.10.100.
Network address, including subnet mask, in either the format
10.10.10.0/24 or 10.10.10.0/255.255.255.0.
A range of IP addresses, for example, 10.10.10.100-10.10.10.200.
An IP address pattern in the format 10.10.0.10/255.255.0.255,
where the mask is a discontiguous bit mask (see Contiguous and
Discontiguous Network Masks for IPv4 Addresses, page 6-75).
Users (ASA 8.4(2+) only.) The Active Directory (AD) usernames, user
groups, or identity user group objects for the rule, if any. The user
specification is conjoined to the source address to limit the match to
user addresses within the source address range. You can enter more
than one value by separating the items with commas.
You can enter any combination of the following values.
Individual user names: NetBIOS_DOMAIN\username
User groups (note the double \): NetBIOS_DOMAIN\\user_group
Identity user group object names.
Click Select to select objects, users, or user groups from a list or to
create new objects.
For more information, see:
Selecting Identity Users in Policies, page 13-21
Configuring Identity-Based Firewall Rules, page 13-21
Creating Identity User Group Objects, page 13-19
Services The services that define the type of traffic to act on. You can enter more
than one value by separating the items with commas.
You can enter any combination of service objects and service types
(which are typically a protocol and port combination). If you type in a
service, you are prompted as you type with valid values. You can select
a value from the list and press Enter or Tab.
For complete information on how to specify services, see
Understanding and Specifying Services and Service and Port List
Objects, page 6-86.
Table 6-21 Add and Edit Extended Access Control Entry Dialog Boxes (Continued)
Element Description