Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
12-10
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 12 Introduction to Firewall Services
Managing Your Rules Tables
The ability to edit a cell is limited by whether it makes sense to edit the content. For example, Inspection
Rules have many limitations based on how the rule is configured:
If you applied the rule to All Interfaces, you cannot edit source or destination addresses, the
interface, or the direction of the rule.
If you selected Default Inspection Traffic for the traffic match criteria (without selecting the option
to limit inspection between source and destination), or Custom Destination Ports, you cannot edit
source or destination addresses.
If you selected Destination Address and Port (IOS), you cannot edit source addresses.
The following cell-level commands are available, although the ability to edit multiple rows is not
supported in all policies that use rule tables:
Add <Attribute Type>—When you select multiple rows and right-click a Source, User,
Destination, Services, or Interface cell, you can select the Add command to append entries to the
data currently in the selected cells. The Add command’s full name includes the name of the attribute,
for example, Add Source.
Edit <Attribute Type>—Most attributes allow you to edit the content. Editing replaces the content
of the cell. You can edit a single cell, or select multiple rows and edit the contents of the same type
of cell in all rows at once. The Edit command’s full name includes the name of the attribute, for
example, Edit Interfaces.
Edit <Entry>—In some cases, when you edit Source, User, Destination, Services, or Interfaces, you
can select an entry in the cell and edit just that entry. For example, if the Sources cell contains three
network/host objects and an IP address, you can select any of them and edit the entry. The edit
command includes the name of the entry, for example, Edit HostObject.
Remove <Entry>—In some cases, when you edit Source, User, Destination, Services, or Interfaces,
you can select an entry in the cell and remove the entry. You cannot remove the last entry in the cell,
because the rule would become invalid. The remove command includes the name of the entry, for
example, Remove IP.
Create <Object Type> Object from Cell Contents—In the Sources, User, Destinations, and
Services cells, you can select the Create command to create a policy object of the appropriate type.
You can also select an entry in the cell and create a policy object from just the selected item. The
create command includes the policy object type you can create, and the name of the item that is the
source for the object, either cell contents for everything in the cell, or the name of an entry if you
selected one. When creating network/host objects, you are always creating network/host group
objects.
Show <Attribute Type> Contents; Show <Entry> Contents—The show commands let you view
the actual data defined in the cell. The results depend on the view you are in:
Device View, Map View, or Import Rules—You are shown the actual IP addresses,
fully-qualified domain names (FQDNs), services, or interfaces to which the rule will apply for
the specific device. For example, if the rule uses network/host objects, you will see the specific
IP addresses or FQDNs defined by the objects. If the rule uses interface objects, you will see
the specific interfaces defined on the device that the object identifies, if any.
The IP addresses for network/host objects are sorted in ascending order on the IP address, and
then descending order on the subnet mask.
Service objects are sorted on protocol, source port, and destination port.
Interface objects are listed in alphabetical order. If the interface is selected because it matches
a pattern in an interface object, the pattern is listed first, and the matching interface is shown in
parentheses. For example, “* (Ethernet1)” indicates that the Ethernet1 interface on the device
is selected because it matches the * pattern (which matches all interfaces).