Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
6-68
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
Understanding Interface Role Objects
Interface roles serve as an indirection entity between interfaces on the one hand and policies on the other.
This enables you to apply policies to particular device interfaces based on the assigned role.
Additionally, if you change the naming convention used for a particular interface type, you do not need
to determine which policies are affected by the change. All you do is edit the interface role.
Interface roles are especially useful when you apply policies to new devices. As long as the devices you
are adding share the same interface naming scheme as existing devices, the relevant policies can be
extended to them without the need to make additional assignments.
Security Manager includes the following predefined interface roles:
All-Interfaces—Includes every interface defined on a device.
Internal—Includes only specific interfaces that are meant to be on the inside of a network. See the
object definition for a list.
External—Includes only specific interfaces that are meant to be on the outside of a network. See the
object definition for a list.
Self—Does not include any interfaces. The Self interface role is specific to zone-based firewall rules
policies. The Self zone is the router itself. You can use it to identify traffic originating from the
router, or traffic directed to the router. It does not include traffic passing through the router.
The following topics describe how to work with interface role objects:
Creating Interface Role Objects, page 6-68
Specifying Interfaces During Policy Definition, page 6-70
Using Interface Roles When a Single Interface Specification is Allowed, page 6-71
Handling Name Conflicts between Interfaces and Interface Roles, page 6-72
Creating Interface Role Objects
You can create interface role objects that represent one or more interfaces on devices. You can then use
these roles when you define policies that require interfaces or zones. When you create an interface role
object, you must define the naming pattern of the device interfaces to include in the object. Interface
roles can refer to any of the actual interfaces on the device, including physical interfaces, subinterfaces,
and virtual interfaces.
Tip You can also create interface role objects when you define policies or objects that use this object type.
For more information, see Selecting Objects for Policies, page 6-2.
Related Topics
Creating Policy Objects, page 6-9
Specifying Interfaces During Policy Definition, page 6-70
Understanding Interface Role Objects, page 6-67
Using Interface Roles When a Single Interface Specification is Allowed, page 6-71
Managing Object Overrides, page 6-17
Step 1 Select Manage > Policy Objects to open the Policy Object Manager (see Policy Object Manager,
page 6-4).
Step 2 Select Interface Roles from the Object Type selector.