Filter
Top Products
6-93
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
How Policy Objects are Provisioned as Object Groups
Tip For ASA 8.3+ devices, service objects are provisioned using the object service command instead of the
object-group command.
Table 6-37 How Service Objects are Provisioned as Object Groups
Condition Generated Object Group Examples
Service object contains the
ICMP protocol and ICMP
message types.
Generates an ICMP-type object
group with the same name as the
service object.
Service object service1:
icmp/icmp-echo, 23
Object group:
object-group icmp-type
service1
icmp-object icmp-echo
icmp-object 23
Service object contains only
protocols.
Generates a protocol object
group with the same name as the
service object.
Service object service1: tcp, gre,
34
Object group:
object-group protocol
service1
protocol-object tcp
protocol-object gre
protocol-object 34
Service object uses port list
objects for both source and
destination ports.
Generates service object groups
that match the port list objects.
Service object contains multiple
ports or port ranges, but does not
use a port list object for the
source ports.
Generates service object group
with the name
<ObjectName>.src for the
source ports.
Service object serv1:
tcp/400,600/23-80
Object group:
object-group service
serv1.src tcp
port-object eq 400
port-object eq 600
Service object contains multiple
ports or port ranges, but does not
use a port list object for the
destination ports.
Generates service object group
for the destination ports with the
same name as the service object.
Service object serv1:
tcp/400,600/23-80, 566
Object group:
object-group service serv1
tcp
port-object range 23 80
port-object eq 566
object-group service
serv1.src tcp
port-object eq 400
port-object eq 600