Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

17-9

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 17 Managing Firewall Inspection Rules

Inspection Rules Page

Field Reference

Table 17-1 Inspection Rules Page

Element Description

Expand all rows/Collapse all

rows

Use these buttons to expand or collapse all sections in the rules table.

Note The buttons are located in the upper-right corner of the Filter

area above the inspection rules table.

Conflict Indicator icons Identifies conflicts and provides a quick visual representation of the

type of conflict. For more details, including types of conflicts and the

actions you can take from this column, see Understanding the

Automatic Conflict Detection User Interface, page 16-27.

No. The ordered rule number.

Permit Whether a rule identifies traffic that should be inspected based on the

conditions set:

• Permit—Identifies traffic that will be inspected. Shown as a green

check mark.

• Deny—Exempts the traffic from inspection. Your access rules will

determine if the traffic is allowed or blocked. Shown as a red circle

with slash.

Sources The sources of traffic for this rule; can be networks, security groups

(ASA 9.0+ only), and users. Multiple entries are displayed on separate

lines within the table cell.

Destinations The destinations for this rule; can be networks and security groups

(ASA 9.0+ only). Multiple entries are displayed on separate lines

within the table cell.

Traffic Match The type of matching used in the rule:

• default-inspection—The rule inspects traffic based on the default

port.

• TCP,UDP/port number—The rule inspects traffic based on a

custom port number.

• Service—The rule inspects traffic based on a service specification

or service object. Multiple entries are displayed as separate

subfields within the table cell. See Understanding and Specifying

Services and Service and Port List Objects, page 6-86.

Interface The interfaces or interface roles to which the rule is assigned. Global

indicates that the rule is assigned to all interfaces. Interface role objects

are replaced with the actual interface names when the configuration is

generated for each device. Multiple entries are displayed as separate

subfields within the table cell. See Understanding Interface Role

Objects, page 6-67.

Dir. The direction of the traffic to which this rule applies:

• In—Packets entering the interface.

• Out—Packets exiting the interface.

previous next