Filter
Top Products
6-71
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
Understanding Interface Role Objects
By selecting from a list, you can ensure that your entry is valid. For more information, see Selecting
Objects for Policies, page 6-2.
When a policy allows multiple interfaces, separate entries with commas.
In policies and object selectors, icons distinguish between interfaces and interface roles. If you create
interface roles with the same name as interfaces, be careful to select exactly what you want. Table 6-28
explains the icons.
Related Topics
• Basic Interface Settings on Cisco IOS Routers, page 59-1
• Configuring Firewall Device Interfaces, page 45-2
• Understanding Interface Role Objects, page 6-67
• Creating Interface Role Objects, page 6-68
• Using Interface Roles When a Single Interface Specification is Allowed, page 6-71
Using Interface Roles When a Single Interface Specification is Allowed
Interface roles objects can match a variable number of actual interfaces defined on a device depending
on how you define the role. Thus, for a particular device, and interface role might match zero, one, or
more than one interface. When you use an interface role in a policy, Security Manager converts the role
to commands that configure all interfaces defined on the device that match the role.
Many policies, however, require that you specify a single interface name. If you use an interface role in
a situation where the policy allows a single interface name, you should define the interface role so that
it matches a single interface. If you use an interface role that matches two or more interfaces on the
device, Security Manager selects the first interface on the device that matches the role, which might not
be the interface you desire (or that will work properly).
Related Topics
• Specifying Interfaces During Policy Definition, page 6-70
• Understanding Interface Role Objects, page 6-67
• Creating Interface Role Objects, page 6-68
Table 6-28 Icons for Interfaces and Interface Roles
Type Icon
Interface
Interface role
If you can edit the role, a pencil image overlays the icon.
Global “interface” on ASA 8.3+ devices, used for rules created as global instead
of interface-specific.