Filter
Top Products
12-11
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 12 Introduction to Firewall Services
Managing Your Rules Tables
• Policy View—You are shown the patterns defined in the policy objects and entries defined for the
policy. Entries are sorted alphabetically, with numbers and special characters coming first.
Related Topics
• Using Rules Tables, page 12-7
• Adding and Removing Rules, page 12-9
• Moving Rules and the Importance of Rule Order, page 12-19
• Enabling and Disabling Rules, page 12-20
• Using Sections to Organize Rules Tables, page 12-20
Adding or Editing Address Cells in Rules Tables
Use the Add or Edit Sources or Destinations dialog boxes, or Address dialog boxes for NAT tables, to
edit the source or destination entry in a rules table that includes sources or destinations. For detailed
information on editing firewall rules cells, see Editing Rules, page 12-9.
You can enter any combination of the following address types to define the source or destination of the
traffic. The type of policy determines whether an IPv4 or IPv6 address is required; you cannot mix
address types. You can enter more than one value by separating the items with commas. For more
information, see Specifying IP Addresses During Policy Definition, page 6-81.
• Network/host object. Enter the name of the object or click Select to select it from a list. You can also
create new objects from the selection list.
Note The only way to specify a fully-qualified domain name (FQDN) is to use an FQDN
network/host object or a group object that includes an FQDN object. You cannot directly
type in an FQDN. Not all policy types allow FQDN; you are prevented from specifying an
object that contains an FQDN object if the policy does not allow it.
• Host IP address, for example, 10.10.10.100 (IPv4) or 2001:DB8::200C:417A (IPv6).
• IPv4 network address, including subnet mask, in either the format 10.10.10.0/24 or
10.10.10.0/255.255.255.0.
• IPv6 network address and prefix length in the format 2001:DB8::/32.
• A range of IP addresses, for example, 10.10.10.100-10.10.10.200 (IPv4) or
2001:DB8::1-2001:DB8::100 (IPv6).
• (IPv4 only.) An IP address pattern in the format 10.10.0.10/255.255.0.255, where the mask is a
discontiguous bit mask (see Contiguous and Discontiguous Network Masks for IPv4 Addresses,
page 6-75).
• Interface roles object. Enter the name of the object or click Select to select it from a list (you must
select Interface Role as the object type). When you use an interface role, the rule behaves as if you
supplied the IPv4 or IPv6 address of the selected interface. This is useful for interfaces that get their
address through DHCP, because you do not know what IP address will be assigned to the device. For
more information, see Understanding Interface Role Objects, page 6-67.
If you select an interface role as a source, the dialog box displays tabs to differentiate between hosts
or networks and interface roles.
Navigation Path
Do any of the following in a rules policy that includes sources, destinations, or other address cells: