Filter
Top Products
21-19
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 21 Managing Zone-based Firewall Rules
Configuring Inspection Maps for Zone-based Firewall Policies
Match table
Match Type
(Except for Trend Content
Filter class maps.)
The Match table lists the criteria included in the class map. Each row
indicates whether the inspection is looking for traffic that matches or
does not match each criterion and the criterion and value that is
inspected.
The name of the table indicates whether every one of the criteria must
be met for the traffic to match the class (Match All), or whether
matching any of the listed criteria is sufficient (Match Any). For the
HTTP (IOS) and SMTP classes, you can choose whether to match all
or any. When using a Match All table, if you add more than one criteria,
ensure that you are not defining a set of characteristics that no traffic
can match.
Tip Match All works for devices running Cisco IOS Software
version 12.4(20)T or higher only.
• To add a criterion, click the Add button and fill in the Match
Criterion dialog box. For more information, see the topics
referenced above.
• To edit a criterion, select it and click the Edit button.
• To delete a criterion, select it and click the Delete button.
Trend Content Filter Match
Criteria
The match criteria for Trend Content Filter class maps differs from that
of all other class maps. Instead of adding items to a table, you simply
select the items you want from a list. Select the Enable checkbox for
any of the Trend-Micro classifications on the following tabs. Traffic
matches the class if it matches any of your selections.
• Productivity Categories—Matches the traffic to the category to
which the URL belongs. For example, you can target traffic
associated with gambling or pornography.
• Security Ratings—Matches the traffic to the security rating
assigned to it by Trend-Micro. For example, you can target adware,
which is traffic associated with advertising.
See the Trend-Micro documentation for specific information on these
categories or security classifications.
Category The category assigned to the object. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.
Allow Value Override per
Device
Overrides
Edit button
Whether to allow the object definition to be changed at the device level.
For more information, see Allowing a Policy Object to Be Overridden,
page 6-18 and Understanding Policy Object Overrides for Individual
Devices, page 6-17.
If you allow device overrides, you can click the Edit button to create,
edit, and view the overrides. The Overrides field indicates the number
of devices that have overrides for this object.
Table 21-3 Add or Edit Class Maps Dialog Boxes for Zone-Based Firewall Policies (Continued)
Element Description