11-22
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 11 Configuring Security Manager Administrative Settings
Discovery Page
Field Reference
Table 11-12 Discovery Page
Element Description
Prepend Device Name when
Generating Security Context
Names
Whether the name of the device that contains the security context
should be added to the front of the security context’s name. For
example, if a security context is named admin, and it is contained in the
device with the display name 10.100.15.16, the name that will appear
in the Device selector is 10.100.15.16_admin.
If you do not prepend the device name, the security context name
appears in the inventory by itself. Because Security Manager does not
place security contexts in a folder related to the parent device, the only
way to easily see contexts that are related to a device is to prepend the
device name.
If you do not prepend device names, Security Manager adds a
numbered suffix to distinguish identically named devices. For example,
if the admin context exists in more than one firewall, you will see
admin_01, admin_02, and so on, in the Device selector.
Purge Discovery Tasks Older
Than
The number of days to save discovery and device-import tasks. Tasks
older than the number of days you enter are deleted.
Reuse Policy Objects for
Inline Values
Whether to substitute any named policy objects, such as network/host
or identity user group objects already defined in Security Manager, for
inline values in the CLI. For more information on policy objects, see
Chapter 6, “Managing Policy Objects”.
Tip Although this option generally applies to network/host objects,
it does not apply to FQDN network/host objects because you
cannot specify a fully-qualified domain name (FQDN) as an
inline value.
Allow Device Override for
Discovered Policy Objects
For the types of objects for which overrides are possible, whether to
allow users to override the parent object values at the device level for
policy objects that are discovered. For example, if you select this
option, if you run policy discovery on a device that has an ACL with the
same name as an ACL policy object in Security Manager, the name of
the discovered policy object is reused, but a device-level override is
created for the object. If you deselect this option, a new policy object is
created with a number appended to the name.
Tip For objects that have subtypes, such as network/host and
service, overrides are limited to within a type. For example, an
override can be created for a network/host group when
discovering a same-named network/host group, but no override
would be created when discovering a same-named network/host
address range. Instead, the newly-discovered object will have a
number appended to the name.
For more information, see Understanding Policy Object Overrides for
Individual Devices, page 6-17.