Filter
Top Products
6-70
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
Understanding Interface Role Objects
Field Reference
Specifying Interfaces During Policy Definition
When you configure policies that require you to identify an interface, you have several options for
specifying the interface:
• Enter the name of the interface manually, for example, Ethernet0.
To manually specify a subinterface as part of a policy definition, you must enter a backslash (\)
before the period. For example, Ethernet0\.1.
If you enter the period without the backslash, Security Manager treats the period as a wildcard for
a single character. For example, if you want to define Ethernet1/1.0 as part of an access rule, you
need to enter Ethernet1/1\.0. If you enter Ethernet1/1.0 instead, the name matches interfaces
named Ethernet1/1.0 and Ethernet1/1/0, because the period on its own is treated as a wildcard.
• Enter the name of an interface role manually. For more information about interface roles, see
Understanding Interface Role Objects, page 6-67.
• Select an interface or interface role from a list. By clicking Select next to the Interfaces field, you
are prompted with a list of valid interface names and interface roles. Subinterfaces appear with a
backslash before the period in their names.
Table 6-27 Interface Role Dialog Box
Element Description
Name The name of the policy object. A maximum of 128 characters is
allowed.
Description A description of the policy object. A maximum of 1024 characters is
allowed.
Interface Name Patterns The names to include in this interface role. The names are the complete
or partial names of interfaces, subinterfaces, and other virtual
interfaces. Separate multiple name patterns with commas.
You can use these wildcards to create name patterns that apply to
multiple interfaces:
• Use a period (.) as a wildcard for a single character.
To use a period as part of the pattern itself (for example, when
defining subinterfaces), enter a backslash (\) before the period.
• Use an asterisk (*) as a wildcard for one or more characters at the
end of the interface pattern. For example, FastEthernet* would
include interfaces named FastEthernet0 and FastEthernet1.
Category The category assigned to the object. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.
Allow Value Override per
Device
Overrides
Edit button
Whether to allow the object definition to be changed at the device level.
For more information, see Allowing a Policy Object to Be Overridden,
page 6-18 and Understanding Policy Object Overrides for Individual
Devices, page 6-17.
If you allow device overrides, you can click the Edit button to create,
edit, and view the overrides. The Overrides field indicates the number
of devices that have overrides for this object.