Filter
Top Products
12-32
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 12 Introduction to Firewall Services
Managing Your Rules Tables
Interpreting Policy Query Results
Use the Policy Query Results dialog box to view the results of a policy query that you defined on the
Query Device or Policy dialog box. The results report opens after you define your query parameters on
the Querying Device or Policy Dialog Box, page 12-29 and click OK. For the procedure, see Generating
Policy Query Reports, page 12-28. To see an example report, see Example Policy Query Result,
page 12-34.
Tip In the query results table, you can double-click a row, or right-click and select Go to Rule, to select the
rule in the rules policy page, where you can edit the rule. If the appropriate rules policy is not already
selected in the policy selector, you might have to do this twice to actually select the rule.
To read the report, consider the following report sections:
• Query Parameters—The top portion of the report specifies the parameters you entered for the
query. If you want to change them, click Edit Query to open the Querying Device or Policy Dialog
Box, page 12-29, where you can make your changes and regenerate the report.
Services The services that define the type of traffic that is acted on. You can enter
more than one value by separating the items with commas.
Note If you leave the field blank, the query matches any service.
You can enter any combination of service objects and service types
(which are typically a protocol and port combination). If you type in a
service, you are prompted as you type with valid values. You can select
a value from the list and press Enter or Tab.
For complete information on how to specify services, see
Understanding and Specifying Services and Service and Port List
Objects, page 6-86.
Tip You can create an object with a list of the services to facilitate
future policy query requests.
Interfaces The interfaces for which the rule is defined. You can enter any
combination of interface or interface role names, separated by commas.
Enter the name or click Select to select the interface or interface role.
Note If you leave the field blank, the query matches any interface or
interface role.
Query for Global Rules Whether the query should also consider global rules when querying
access rules or inspection rules.
From Zone
To Zone
For zone based firewall rules, the zones defined for the rule. Enter the
zone names (which are interface roles), or click Select to select them
from a list.
Actions For zone based firewall rules, the actions defined for the rule.
Check if Matching Rules Are
Shadowed by Rules Above
Whether to have the policy query results include rule conflict detection
information. Selecting this option might have an impact on
performance and cost results.
Table 12-6 Querying Device or Policy Dialog Box (Continued)
Element Description