Filter
Top Products
16-32
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 16 Managing Firewall Access Rules
Using Automatic Conflict Detection
• (Policy view) Select Firewall > Access Rules from the Policy Type selector and select an existing
policy.
This opens the Access Rules Page, page 16-9. If conflict detection is enabled, the access rules will be
analyzed for conflicts after the table has been loaded. If conflict detection is not enabled, select Enable
conflict detection to begin the conflict analysis.
The analysis progress is shown below the rules table. With the exception of the conflict detection
features, you can perform functions on the rules table while the rules are being analyzed. After analysis
has completed, the conflict detection features are enabled.
Step 2 Make sure that the rules you are interested in analyzing are being shown in the rules table. This includes
expanding sections and making sure that if you are using filters that they are set correctly. Any rules that
are being filtered or are in a section that is collapsed will not be included in the conflict detection
analysis.
Tip You can use the Expand all rows/Collapse all rows buttons located in the upper-right corner of
the Filter area above the access rules table, to quickly expand or collapse all sections in the rules
table.
Step 3 Click the Annotation Display Options button, which is located above the Conflict navigation bar to the
right of the vertical scroll bar, to open the Annotation Display Options dialog box. Verify that the types
of conflicts you want detected are all enabled, and then click OK.
Tip You can hover the mouse pointer over the Annotation Display Options button to view a summary
of the conflicts for each type and also to see which conflict types are disabled.
Note The Annotation Display Options that you select remain in effect until those options are changed.
Be sure to verify these settings whenever you are working on resolving conflicts.
Step 4 If you would like to print or save a copy of the conflicts that are found in the rule table, click Generate
Report.
The Rule Analysis Detail Report is opened in your browser. The Rule Analysis Detail Report shows
details of all the conflicts in your rules table. It does not use the settings you selected in the Annotation
Display Options dialog box and does not consider the filter settings defined for the table. You can save
the report or print it as needed.
Step 5 Use the Conflict navigation bar to navigate to a conflict. You can use the Previous Conflict and Next
Conflict buttons on the Conflict navigation bar to step through the conflicts. You can also click on one
of the conflict locators in the Conflict navigation bar to move directly to a specific conflict. This is
particularly helpful when working with large rules tables.
Tip Hovering over a conflict locator provides a quick summary of the conflict.
The conflict locators are color-coded as follows:
• Red locators—Redundant objects
• Blue locators—Redundant and partially redundant rules
• Grey locators—Shadowed and partially shadowed rules