Filter
Top Products
12-23
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 12 Introduction to Firewall Services
Managing Your Rules Tables
These can be combined into a single rule: permit TCP for source 10.100.10.1 to destination 10.100.12.1,
10.100.13.1.
Multidimensional sorting is used to combine rules. For example, for access rules:
1. Rules are sorted by their sources, so rules with the same source are placed together.
2. Same-source rules are sorted by destination, so rules with the same source and destination are placed
together.
3. Same-source and same-destination rules are combined into a single rule, and the services are
concatenated.
4. Adjacent rules are checked to see if they have the same source and service. If so, they are combined
into a single rule, and the destinations are concatenated.
5. Adjacent rules are checked to see if they have the same destination and service. If so, they are
combined into a single rule, and the sources are concatenated.
Sorting is repeated based on destination and service in place of source.
Tip Rules from different sections are never combined. Any sections you create to organize rules limit the
scope of the possible combinations. Also, interface-specific and global access rules are never combined.
For more information about global rules, see Understanding Global Access Rules, page 16-3.
Related Topics
• Chapter 15, “Managing Firewall AAA Rules”
• Chapter 16, “Managing Firewall Access Rules”
Step 1 Select the policy whose rules you want to combine from the Firewall folder. You can combine rules for
the following types of policy:
• AAA rules
• Access rules
Step 2 If you want the tool to limit possible combinations to a specific group of rules, select them. You can
select rules using Shift+click and Ctrl+click, select all rules in a section by selecting the section heading,
or all rules within a scope by selecting the scope heading (for example, Local). To not limit the tool, do
not select anything in the table. Keep the following in mind:
• In Device view, you can save combinations only for local rules. The tool will allow you to run it on
shared and inherited rules, but you cannot save the results. If you do not select any rules, the default
is to consider all local scope rules.
• To combine rules in shared policies, you must run the tool in Policy view. If you do not select any
rules, the default is to consider all mandatory rules.
You are warned if you try to run the tool when you cannot save the results.
Step 3 Click the Tools button located below the table, then select Combine Rules to open the Combine Rules
Selection Summary Dialog Box, page 12-24.
Step 4 Select the columns you want the rule to consider combining. If you do not select certain columns, the
combined rules must have the identical settings in those columns to be combined.
You can also elect to consider combining the rules you selected or all rules within the policy.