16-41
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 16 Managing Firewall Access Rules
Importing Rules
• Access Rules Page, page 16-9
• Understanding Networks/Hosts Objects, page 6-74
• Understanding Interface Role Objects, page 6-67
• Understanding and Specifying Services and Service and Port List Objects, page 6-86
• Filtering Tables, page 1-45
Field Reference
Examples of Imported Rules
The following are some examples of CLI that you can import and the rules and policy objects that are
created from them. For information on how to import rules, see Importing Rules, page 16-37.
Example 1: Restrict a network from accessing FTP servers (ASA devices)
The following access list uses object groups and restricts the 10.200.10.0/24 network from accessing
some FTP servers. All other traffic is allowed.
object-group network ftp_servers
network-object host 172.16.56.195
network-object 192.168.1.0 255.255.255.224
access-list ACL_IN extended deny tcp 10.200.10.0 255.255.255.0 object-group ftp_servers
access-list ACL_IN extended permit ip any any
Table 16-10 Import Rules Wizard—Preview Page
Element Description
Rules tab The rules that were created from your CLI and that will be imported to
the access rules policy. All rules are converted to extended format, even
if your CLI was for a standard ACL.
Icons indicate the permit and deny status:
• Permit—Shown as a green check mark.
• Deny—Shown as a red circle with slash.
You can right-click the source, destination, services, and interfaces
cells and select Show Contents to see the detailed information in the
cell.
You can also right-click and select Copy to copy a rule to the clipboard
in HTML format, which you can paste into a text editor.
Objects tab The policy objects created from your CLI, if any. Depending on the
CLI, Security Manager might create time range, network/host, service,
or port list objects.
Right-click an object and select View Object to see the object
definition in read-only format.