Filter
Top Products
17-11
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Inspection Rules Page
• Understanding Access Rule Requirements for Inspection Rules, page 17-4
• Using Inspection To Prevent Denial of Service (DoS) Attacks on IOS Devices, page 17-4
• Configuring Inspection Rules, page 17-5
Navigation Path
From the Inspection Rules Page, page 17-7, click the Add Row button or select a row and click the Edit
Row button.
Related Topics
• Add or Edit Inspect/Application FW Rule Wizard, Step 2, page 17-12
• Add or Edit Inspect/Application FW Rule Wizard, Inspected Protocol Page, page 17-16
• Understanding Interface Role Objects, page 6-67
• Editing Rules, page 12-9
Field Reference
Table 17-2 Add and Edit Inspect/Application FW Rule Wizard Step 1: Traffic Match Method
Element Description
Enable Rule Whether to enable the rule, which means the rule becomes active when
you deploy the configuration to the device. Disabled rules are shown
overlain with hash marks in the rule table. For more information, see
Enabling and Disabling Rules, page 12-20.
Apply the Rule to The interface to which the rule applies:
• All Interfaces—Apply the rule to all interfaces. The rule becomes
a global rule on ASA, PIX, and FWSM devices. For IOS devices,
the rule is configured for each interface in the In direction.
• Interface (PIX 7.x+, ASA, FWSM 3.x+, IOS)—Apply the rule only
to those interfaces identified in the Interfaces field. Enter the name
of the interface or the interface role, or click Select to select the
interface or role from a list, or to create a new role. An interface
must already be defined to appear on the list.
For IOS devices only, you can select the direction of the traffic to
which this rule applies, either traffic entering an interface (In) or
exiting it (Out). For other devices, leave In as the direction.
Match Traffic By
How you want to identify the traffic to inspect. If you select something other than Default Protocol
Ports (by itself), you are prompted for the other port or address information when you click Next.