11-47
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 11 Configuring Security Manager Administrative Settings
Policy Management Page
Caution If you use AUS or CNS to deploy configurations to ASA or PIX devices, be aware that the device
downloads a full configuration from AUS or CNS. Thus, reducing the policies managed by Security
Manager actually removes the configurations from the device. If you intend to deselect some ASA/PIX
policies for management to use other applications along with Security Manager to configure devices, do
not use AUS or CNS.
Navigation Path
Select Tools > Security Manager Administration and select Policy Management from the table of
contents.
Field Reference
Table 11-27 Policy Management Page
Element Description
Policies to Manage The policy types are organized in folders, with router and firewall
(which includes all ASA, PIX, and FWSM devices) handled separately,
and then by category (NAT, Interfaces, and Platform). Select or deselect
policy types as desired and click Save. Deselecting the check box for a
group of policies deselects all policies in that group. By default, all
policies are selected.
Display a warning on all
shared policies and imported
objects
Whether to add a message to all shared policies and to objects that were
imported using the File > Import command. If you select this option,
messages appear on the following:
• All shared policies, whether they were imported or locally created.
• Policy objects that were created by importing devices or shared
policies using the File > Import command, but not imported policy
objects created by the PolicyObjectImportExport.pl command
(described in Importing and Exporting Policy Objects, page 6-21.
If you regularly import shared policies, the imported policies and
objects replace any same-named policies and objects, so any changes
made locally are removed. This message can notify users that policies
might be imported and help users identify policy objects that they might
not want to edit.
Tip When importing policies or devices, you are prompted to select
a setting for this option. Thus, users who import policies or
devices can change this setting without accessing this page
provided they have the required authorization. The change is
effective only after the importer submits (and if necessary,
approves) the changes. For more information, see Importing
Policies or Devices, page 10-13.