Filter
Top Products
16-7
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 16 Managing Firewall Access Rules
Configuring Access Rules
Configuring Access Rules
Access rules policies define the rules for allowing traffic to pass through an interface. If you do not
configure an access rules policy, the device behavior differs based on device type as explained in
Understanding Device Specific Access Rule Behavior, page 16-4.
Note With the release of Security Manager 4.4 and versions 9.0 and higher of the ASA, the separate
pages/policies for configuring IPv4 and IPv6 access rules were unified. However, for the earlier ASA
versions, a separate page for IPv6 access rules is still provided in Device view. In Policy view, IPv4 and
unified versions of the policy type are provided. In addition, a utility that you can use to convert IPv4
policies is provided (see Converting IPv4 Rules to Unified Rules, page 12-28). The following
descriptions apply to apply to all versions of the access rule table, except where noted.
Before you configure access rules, consider the other types of firewall rules you will configure. Access
rules are processed before all other types of rules except AAA rules. See the following topics for more
information about things you should consider:
• Understanding Access Rules, page 16-1
• Understanding Global Access Rules, page 16-3
• Understanding Access Rule Address Requirements and How Rules Are Deployed, page 16-5
Before You Begin
You might have a set of access rules that you want to apply to all devices. To do this, you can create a
shared rule and inherit its rules to each device’s access rules policy. For more information, see Creating
a New Shared Policy, page 5-51 and Inheriting or Uninheriting Rules, page 5-43.
Related Topics
• Using Sections to Organize Rules Tables, page 12-20
• Copying Policies Between Devices, page 5-31
• Working with Shared Policies in Device View or the Site-to-Site VPN Manager, page 5-34
• Understanding Networks/Hosts Objects, page 6-74
• Understanding Interface Role Objects, page 6-67
• Understanding and Specifying Services and Service and Port List Objects, page 6-86
Step 1 Do one of the following to open the Access Rules Page, page 16-9:
• (Device view) Select Firewall > Access Rules (or Firewall > Settings > IPv6 Access Rules) from
the Policies selector.
• (Policy view) Select Firewall > Access Rules (or Firewall > Settings > IPv6 Access Rules) from
the Policy Type selector. Select an existing policy or create a new one.
Step 2 Select the row after which you want to create the rule and click the Add Row button or right-click and
select Add Row. This opens the Add and Edit Access Rule Dialog Boxes, page 16-13.