Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

7-19

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 7 Managing FlexConfigs

Understanding FlexConfig Policies and Policy Objects

Predefined FlexConfig Policy Objects

Security Manager provides predefined FlexConfig policy objects for you to use. These policy objects

have predefined commands and scripting.

Predefined FlexConfig policy objects are read-only objects. To edit these predefined FlexConfig policy

objects, duplicate the desired object, make changes to the copy, and save it with a new name. This way,

the original predefined FlexConfigs remain unchanged. For lists of these predefined policy objects and

further information on each, see the following tables:

• Predefined ASA FlexConfig Policy Objects—Table 7-8 on page 7-21

• Predefined Catalyst FlexConfig Policy Objects—Table 7-7 on page 7-21

• Predefined Cisco IOS FlexConfig Policy Objects—Table 7-8 on page 7-21

• Predefined PIX Firewall FlexConfig Policy Objects—Table 7-9 on page 7-23

• Predefined Router FlexConfig Policy Objects—Table 7-10 on page 7-23

SYS_IOS_RA_VRF_NAME 1 Virtual routing and forwarding (VRF) names for

Cisco IOS devices.

Table 7-5 Remote Access System Variables (Continued)

Name Dimension Description

Table 7-6 Predefined ASA FlexConfig Policy Objects

Name Description

ASA_add_ACEs Adds an access control entry (ACE) to all access control lists on the

device.

ASA_add_EtherType_ACL_

remark

Loops through a list of ethertype access-list names and adds ACEs or

remarks to them. The ethertype access list is the same as Transparent

Rules for Firewalls in Security Manager. The remarks set by the CLI in

this FlexConfig will be shown in the description field of a transparent

rule.

ASA_add_IPv6_ACEs Loops through a list of IPv6 access lists and adds a deny ip any any log

entry to the end of the ACL.

ASA_command_alias Creates a command alias named “save” for the copy running-config

and copy startup_config commands.

ASA_copy_image Copies an image package from a TFTP server to flash.

ASA_csd_image Provides an ASA Cisco Secure Desktop image. It copies the CSD

image from /CSCOpx/tftpboot/device-hostname on the CSM server to

the device, then configures the CSD image path. Make sure you fill out

the device’s hostname in Device Properties. If the image name is

different than the default, you can override it in Device Properties >

Policy Object Overrides > Text Objects > AsaCsdImageName.

Unassign this FlexConfig from the device after the image has been

copied and configured.

previous next