Filter
Top Products
12-28
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 12 Introduction to Firewall Services
Managing Your Rules Tables
Related Topics
• Chapter 15, “Managing Firewall AAA Rules”
• Chapter 16, “Managing Firewall Access Rules”
Converting IPv4 Rules to Unified Rules
Prior to the release of Security Manager 4.4 and versions 9.0 and higher of the ASA, separate pages,
policies and policy objects were provided for configuring IPv4 and IPv6 firewall rules and policies. With
Security Manager 4.4 and ASA 9.0+, these policies and policy objects were combined or unified.
However, for the earlier ASA versions, a separate page for IPv6 access rules is still provided in Device
view, while in Policy view, IPv4 and unified versions of the AAA-, access- and inspection-rule policy
types are provided.
A utility to convert separate IPv4 and IPv6 firewall rules to “unified” rules is provided with Security
Manager 4.4 for use when you upgrade an ASA from an earlier version to 9.0 or later.
Navigation Path
To access the firewall-rule unification utility:
• (Policy view) Select the firewall IPv4 rule type from the Policy Type selector and then right-click
the desired policy in the Policies pane; choose Convert to <rule-type> Rules (Unified).
Related Topics
• AAA Rules Page, page 15-10
• Access Rules Page, page 16-9
• Inspection Rules Page, page 17-7
Step 1 Open the utility as described above; in the Convert Policy dialog box, provide a name for the new unified
policy and click OK.
Following processing, the new unified rules policy is displayed. You can now assign this policy to ASA
9.0+ devices.
Generating Policy Query Reports
For most of the firewall rules policies, you can generate policy query reports that can help you evaluate
your rules. With policy query reports, you can determine what rules already exist for a particular source,
user, destination, interface, service, or zone before creating new rules to apply to those items.
To a limited degree, you can also determine if there are some blocking rules that prevent a rule from
being used, or redundant rules that you can delete. If you are evaluating access rules, however, it is better
to use the more powerful rule analysis tool to determine these problems.
When you create a policy query, you describe the traffic that interests you, much the same way you
describe traffic when creating a rule. Creating a query is essentially the same as creating a rule, but you
might want to describe the rule more broadly to capture a wider set of traffic so you can see a set of
related rules rather than a single rule or a limited number of rules. The query you create depends on the
information you are trying to discover.
The possible extent of a query depends on the view you are in: