16-11
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 16 Managing Firewall Access Rules
Configuring Access Rules
Service The services or service objects that specify the protocol and port of the
traffic to which the rule applies. Multiple entries are displayed on
separate lines within the table cell. See Understanding and Specifying
Services and Service and Port List Objects, page 6-86.
Hit Count Number of times this rule has been “hit”; that is, number of times it has
permitted or denied traffic; it is actually the sum of the hit counts for all
accesss control entries (ACEs) created by the rule. This information is
useful in debugging the deployed policies.
Use the Refresh Hit Count button at the bottom of this page to update
the hit information; opens the Hit Count Selection Summary Dialog
Box, page 16-18.
You can right-click this cell and choose Show Hit Count Details to open
the Hit Count Details pane at the bottom of the Configuration Manager
window. See Viewing Hit Count Details, page 16-33 for more
information.
Last Hit Time Timestamp for the most-recent hit.
Interface The interfaces or interface roles to which the rule is assigned. Interface
role objects are replaced with the actual interface names when the
configuration is generated for each device. Multiple entries are
displayed on separate lines within the table cell. See Understanding
Interface Role Objects, page 6-67.
For ASA 8.3+ devices, global rules are indicated with the name Global
and a special icon to distinguish them from rules that use interface or
interface role names (for an explanation of the icons, see Specifying
Interfaces During Policy Definition, page 6-70).
Dir. The direction of the traffic to which this rule applies:
• In—Packets entering the interface.
• Out—Packets exiting the interface.
Options Any additional options configured for the rule. These include logging,
time range, and some additional IOS rule options. See Advanced and
Edit Options Dialog Boxes, page 16-15.
Category The category assigned to the rule. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.
Description The description of the rule, if any.
Expiration Date The date on which the rule expires. Expired rules show Expired in bold
text. Expired rules are not automatically deleted.
Last Ticket(s) Shows the ticket(s) associated with last modification to the rule. You
can click the ticket ID in the Last Ticket(s) column to view details of
the ticket and to navigate to the ticket. If linkage to an external ticket
management system has been configured, you can also navigate to that
system from the ticket details (see Ticket Management Page,
page 11-51).
Page elements below the rules table
Table 16-1 Access Rules Page (Continued)
Element Description