6-72
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
Understanding Map Objects
Handling Name Conflicts between Interfaces and Interface Roles
Under normal circumstances, you can configure an interface role that has the same name as an actual
interface on the device. If you use object selectors when defining policies (see Selecting Objects for
Policies, page 6-2), both the interface and the interface role are listed as available choices, enabling you
to select either option. If you type in this common name when you define a policy, Security Manager
automatically associates the interface role with the policy, not the interface.
However, a naming conflict can occur under the following circumstances:
1. You type the name of an interface when defining a policy.
2. You later create an interface role that has the same name.
3. You type this name again when defining a policy.
4. You click Select to display the object selector, or Save to save the policy, or in some cases, OK to
update the policy.
When this sequence of events occurs, the Interface Name Conflict dialog box opens automatically so that
you can select whether you want to specify the interface or the interface role. The dialog box lists only
those names for which there are conflicts.
Related Topics
• Specifying Interfaces During Policy Definition, page 6-70
• Understanding Interface Role Objects, page 6-67
Understanding Map Objects
The objects in the Maps folder in the Policy Object Manager allow you to configure class, parameter,
and policy maps for inspection rules, zone-based firewall rules, or IPS, QoS and connection rules
policies. The types of maps you can use with these policies depends on the operating system running on
the device as well as the specific version number, so typically it is best to configure the maps when you
are configuring the policies.
Tip Devices enforce unique names for all configured maps. For example, you cannot use the same name for
an FTP and DNS class map on the same device. If you select maps with the same name for a device,
Security Manager automatically adds a numerical suffix to the duplicate names, for example, dnsmap_1.
The Maps folder contains the following folders. Subfolders organize the maps based on whether they are
used for inspection or web content filtering.
• Class Maps—Layer 7 class maps used for identifying traffic that you want to act on.
• Parameter Maps—Parameter maps that configure settings used in zone-based firewall rules policies
or other maps.
• Policy Maps—Layer 7 policy maps used for identifying the action to take on selected traffic.
Also included in the Maps folder are entries for TCP Map objects (a Layer 4 object), Regular Expression
objects, and Regular Expression Group objects.
The following sections describe the different types of maps in more detail.