17-38
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
FTP Class and Policy Maps Add or Edit Match Condition (and Action) Dialog Boxes
Use the Add or Edit FTP Match Criterion (for FTP class maps) or Match Condition and Action (for FTP
policy maps) dialog boxes to do the following:
• Define the match criterion and value for an FTP class map.
• Select an FTP class map when creating an FTP policy map.
• Define the match criterion, value, and action directly in an FTP policy map.
The fields on this dialog box change based on the criterion you select and whether you are creating a
class map or policy map.
Navigation Path
When creating an FTP class map, in the Policy Object Manager, from the Add or Edit Class Maps dialog
boxes for FTP, right-click inside the table, then select Add Row or right-click a row, then select Edit
Row. See Configuring Class Maps for Inspection Policies, page 17-26.
When creating an FTP policy map, in the Policy Object Manager, from the Match Condition and Action
tab on the Add and Edit FTP Map dialog boxes, right-click inside the table, then select Add Row or
right-click a row, then select Edit Row. See Configuring FTP Maps, page 17-37.
Related Topics
• Understanding Map Objects, page 6-72
• Configuring Protocols and Maps for Inspection, page 17-21
Match Condition and Action Tab
The Match All table lists the criteria included in the policy map. Each row indicates whether the
inspection is looking for traffic that matches or does not match each criterion, the criterion and value
that is inspected, and the action to be taken for traffic that satisfies the conditions.
• To add a criterion, click the Add button and fill in the Match Condition and Action dialog box (see
FTP Class and Policy Maps Add or Edit Match Condition (and Action) Dialog Boxes, page 17-38).
• To edit a criterion, select it and click the Edit button.
• To delete a criterion, select it and click the Delete button.
Category The category assigned to the object. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.
Allow Value Override per
Device
Overrides
Edit button
Whether to allow the object definition to be changed at the device level.
For more information, see Allowing a Policy Object to Be Overridden,
page 6-18 and Understanding Policy Object Overrides for Individual
Devices, page 6-17.
If you allow device overrides, you can click the Edit button to create,
edit, and view the overrides. The Overrides field indicates the number
of devices that have overrides for this object.
Validate For
Validate button
The device platforms for which to validate the object. Select the
platform for which you intend to use this object and click Validate to
determine if the object is configured in a way that will prevent policy
deployment.
Table 17-19 Add and Edit FTP Map Dialog Boxes (Continued)
Element Description