Filter
Top Products
11-16
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 11 Configuring Security Manager Administrative Settings
Deployment Page
Create Object Groups for
Policy Objects (PIX, ASA,
FWSM, IOS 12.4(20)T+)
Create Object Groups for
Multiple Sources,
Destinations or Services in a
Rule (PIX, ASA, FWSM,
IOS 12.4(20)T+)
Optimize Network Object
Groups During Deployment
(PIX, ASA, FWSM, IOS
12.4(20)T+)
(IPv4 and IPv6 objects.)
Whether Security Manager should create object groups, such as
network objects, service group objects, and identity user group objects,
to replace comma-separated values in a rule table cell for the indicated
devices. When deselected, Security Manager flattens the object groups
to display the IP addresses, sources and destinations, users, ports, and
protocols for these devices.
Tip These options do not apply to host, network, or address range
network/host objects, or to service objects (as opposed to
service group objects), which are always created as objects.
Multiple FQDN network objects can be grouped into a single
network object.
If you select this option, you can also select these options:
• Create Object Groups for Multiple Sources, Destinations or
Services in a Rule—Whether to automatically create network
objects, service objects, and identity user group objects to replace
comma-separated values in a rule table cell that resulted when
multiple rules were combined. The objects are created during
deployment. For more information, see Combining Rules,
page 12-22.
• Optimize Network Object Groups During Deployment—Whether
to optimize network object groups by making them more succinct.
For more information on optimizing policy objects, see Optimizing
Network Object Groups When Deploying Firewall Rules,
page 12-35.
IPS Parameters
Remove Unreferenced
Signature and Event Action
Variables from IPS Device
(IPS Parameters object
group)
Whether to delete the unused variables from the sensor (IPS device)
configuration during the next deployment. IPS Event and Signature
Variables are defined as policy objects in Security Manager.
Disabled by default (checkbox is cleared by default); that is, do not
remove the unreferenced variables.
Applies to the following variables; applies to both IPv4 and IPv6:
• signature source and destination addresses
• signature service port variables in signature engine parameters
• victim and attacker addresses in event action filters
• network information target addresses
Does not apply to the following variables:
• signature source port
• OS identification address
• signature destination port
Table 11-8 Deployment Page (Continued)
Element Description