Filter
Top Products
6-78
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
Understanding Networks/Hosts Objects
When you create IPv4-based Host, Network, or Address Range objects for use on ASA 8.3+ devices, or
unified Host, Network, or Address Range objects for use on ASA 9.0.1+ devices, you can also configure
object NAT rules on the NAT tab of the dialog box. In both cases, you must select Allow Value Override
per Device to allow object NAT. For reference information on the NAT tab, see Add or Edit
Network/Host Dialog Box: NAT Tab, page 23-41.
In addition, you can create an object with no addresses. For this type of object, you must also select
Allow Value Override per Device and create overrides for every device that uses the object. For more
information about using unspecified addresses, see Using Unspecified Networks/Hosts Objects,
page 6-80.
Navigation Path
Choose Policy Objects from the Manage menu, or click the Policy Object Manager button in the button
bar, to open the Policy Object Manager pane in the lower section of the Configuration Manager window.
Select Networks/Hosts from the Object Type Selector. Right-click inside the work area and select New
Object (and select an object type), or right-click a row and select Edit Object; you also can use the
related buttons at the bottom of the pane to open either dialog box.
Related Topics
• Creating Networks/Hosts Objects, page 6-76
• Understanding Networks/Hosts Objects, page 6-74
• Policy Object Manager, page 6-4
• How Network/Host, Port List, and Service Objects are Named When Provisioned As Object Groups,
page 6-92
• Filtering Items in Selectors, page 1-42
Field Reference
Table 6-30 Network/Host Dialog Box (General Tab)
Element Description
Name The object name (up to 64 characters). Object names are not
case-sensitive. For more information, see Creating Policy Objects,
page 6-9.
Description An optional description of the object.
Category The category assigned to the object. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.
Allow Value Override per
Device
Overrides
Edit button
Whether to allow the object definition to be changed at the device level.
For more information, see Allowing a Policy Object to Be Overridden,
page 6-18 and Understanding Policy Object Overrides for Individual
Devices, page 6-17.
Tip If you configure NAT for host, address range, or network
objects, you must select this option. The NAT configuration is
created as a device override and is not kept in the object.
If you allow device overrides, you can click the Edit button to create,
edit, and view the overrides. The Overrides field indicates the number
of devices that have overrides for this object.