12-9
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 12 Introduction to Firewall Services
Managing Your Rules Tables
–
Edit the selected rule (pencil icon)—For more information, see Editing Rules, page 12-9.
–
Delete the selected rule (trash can icon)—For more information, see Adding and Removing
Rules, page 12-9.
Adding and Removing Rules
When you work with policies that use rules tables, like many of the firewall rules policies, you can add
rules to the policy using several methods:
• Add Row button (+ icon)—Clicking the Add Row button beneath the table is the standard method
to add a new rule. Clicking this button opens the dialog box for adding rules that is specific to that
type of policy. If you select a row or section heading, the new rule is added after the selected row.
Otherwise, it is added at the end of the appropriate scope (typically, the local scope).
• Right-click a row and select Add Row—This is equivalent to selecting a row and clicking the Add
Row button.
• Copy and paste—If you want to create a new rule that is similar to an existing rule, you can select
the rule, right-click and select Copy, then select the row after which you want to place the rule,
right-click and select Paste. This creates a duplicate rule, which you can select and edit (see Editing
Rules, page 12-9).
• Cut and paste—Cut and paste is similar to copy and paste, except you are deleting the existing rule
when you select the Cut command. Instead of cut and paste, consider moving the rule (see Moving
Rules and the Importance of Rule Order, page 12-19).
When you no longer need a rule, you can remove it by selecting the rule and clicking the Delete Row
button (trash can icon).
Tip Rather than deleting a rule, consider first disabling the rule. By disabling a rule, you remove it from the
device (when you redeploy the configuration) without removing it from Security Manager. Then, if you
discover that you really needed that rule after all, you can simply enable it and redeploy the
configuration. If you delete the rule, you would have to recreate it (there is no undo function). Thus, you
might want to develop a policy of deleting rules only after they have been disabled for a certain amount
of time. For more information, see Enabling and Disabling Rules, page 12-20.
Related Topics
• Using Rules Tables, page 12-7
• Using Sections to Organize Rules Tables, page 12-20
Editing Rules
To edit an existing rule in any of the rules policies that use rules tables, select the rule and click the Edit
Row button, or right-click and select Edit Row. This allows you to edit all aspects of the selected rule.
Tip You cannot edit any aspect of an inherited rule from a local device rule policy. Edit inherited rules in
Policy view.
For most rule tables, you can also edit specific attributes, or table cells, instead of editing the entire rule,
using commands in the right-click menu.