Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
21-37
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 21 Managing Zone-based Firewall Rules
Configuring Content Filtering Maps for Zone-based Firewall Policies
Class Maps for Zone-Based Firewall Policies, page 21-17, Local Web Filter Class Add or Edit
Match Criterion Dialog Boxes, page 21-28, and Configuring URLF Glob Parameter Maps,
page 21-44.
SmartFilter (N2H2) or Websense Filtering—The class maps for N2H2 and Websense define
any server response as the matching criterion. For detailed usage information, see Configuring
Class Maps for Zone-Based Firewall Policies, page 21-17.
Trend Micro Filtering – The Trend class map lets you select various Productivity Categories
and Security Ratings, as defined by Trend Micro, that you want to target. For detailed usage
information, see Configuring Class Maps for Zone-Based Firewall Policies, page 21-17.
Besides the maps used to define content filtering, you can also configure the following maps for content
filter rules:
Inspect Parameters maps – Zone-based firewall inspection includes several general settings, all of
which have default values that are appropriate for most networks. If you want to adjust any of these
settings, you can create an Inspect Parameters map. In the Policy Object Manager, select Maps >
Parameter Maps > Inspect > Inspect Parameters, and review the detailed usage information in
Configuring Inspect Parameter Maps, page 21-29.
HTTP policy map – If you want to use deep inspection on the individual HTTP packets in addition
to Web filtering, you can configure an HTTP policy map by clicking Configure next to the Protocol
field in the Action section of the Adding and Editing Zone-based Firewall Rules, page 21-59. The
HTTP policy map incorporates HTTP class maps that define the type of traffic you want to match
and then defines the action to take. For example, you can target traffic that includes Java applets. In
the Policy Object Manager, select Maps > Policy Maps > Inspect > HTTP (Zone Based IOS), and
review the detailed usage information in Configuring Policy Maps for Zone-Based Firewall Policies,
page 21-33, HTTP (IOS) Class Add or Edit Match Criterion Dialog Boxes, page 21-21, and
Configuring Class Maps for Zone-Based Firewall Policies, page 21-17.
Related Topics
Understanding the Zone-based Firewall Rules, page 21-3
Zone-based Firewall Rules Page, page 21-57
Creating Policy Objects, page 6-9
Understanding Map Objects, page 6-72
Configuring Local Web Filter Parameter Maps
Use the Add and Edit Local Parameter Map dialog boxes to define a parameter map for local web
filtering for zone-based firewall policies on routers. If you configure the action of a zone-based firewall
policy rule as Content Filter, you can select a Web Filter policy map that incorporates a Local web filter
parameter map (when you select Local for the parameter type on the Parameter tab). For more
information about Web Filter policy maps, see Configuring Web Filter Maps, page 21-46.
Navigation Path
Select Manage > Policy Objects, then select Maps > Parameter Maps > Web Filter > Local in the
table of contents. Right-click inside the work area and select New Object, or right-click a row and select
Edit Object.
Related Topics
Understanding Map Objects, page 6-72