Filter
Top Products
16-17
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 16 Managing Firewall Access Rules
Configuring Access Rules
Enable Logging (IOS)
Log Input
(IPv4 only; neither option
presented on the IPv6 Access
Control page)
Whether to generate an informational logging message about the packet
that matches the entry; the message will be sent to the console for IOS
devices.
Select Log Input to include the input interface and source MAC address
or virtual circuit in the logging output.
Traffic Direction For interface-specific access rules, the direction of the traffic to which
this rule applies:
• In—Packets entering an interface.
• Out—Packets exiting an interface.
Note You can change the direction for an existing rule in the table on
the Access Rules Page, page 16-9 by right-clicking the Dir. cell
and choosing the opposite direction.
Global rules are always applied in the In direction, so you cannot
change this setting when configuring a global rule.
Time Range The name of a time range policy object that defines the times when this
rule applies. The time is based on the system clock of the device. The
feature works best if you use NTP to configure the system clock.
Enter the name or Select the object. If the object that you want is not
listed, click the Create button to create it.
Note Time range is not supported on FWSM 2.x or PIX 6.3 devices.
Options (IOS)
(IPv4 only; not presented on
the IPv6 Access Control
page)
Additional options for IOS devices:
• none—Do not apply.
• Fragment—Allow fragmentation, which provides additional
management of packet fragmentation and improves compatibility
with NFS.
By default, a maximum of 24 fragments is accepted to reconstruct
a full IP packet. However, based on your network security policy,
you might want to consider configuring the device to prevent
fragmented packets from traversing the firewall.
• Established—Allow outbound TCP connections return access
through the device. This option works with two connections: an
original connection outbound from a network protected by the
device, and a return connection inbound between the same two
devices on an external host.
Table 16-3 Advanced Dialog Box (Continued)
Element Description