Filter
Top Products
21-47
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 21 Managing Zone-based Firewall Rules
Changing the Default Drop Behavior
Field Reference
Changing the Default Drop Behavior
By default, all traffic between zones is dropped unless explicitly allowed. However, you can change this
default behavior, as described in this section.
Security Manager converts the parameters—including class, parameter, and policy maps—that you
supply for zone-based firewall rules into a series of IOS commands that the router will recognize. These
are the so-called "CLI" (command line interface) configuration commands, which you can preview in
separate window by choosing Tools > Preview Configuration. See Previewing Configurations, page 8-45
for more information. In addition, the section, Troubleshooting Zone-based Rules and Configurations,
page 21-53, discusses an example of zone-based firewall CLI commands.
Table 21-19 Add and Edit FTP Map Dialog Boxes
Element Description
Name The name of the policy object. A maximum of 40 characters is allowed.
Description A description of the policy object. A maximum of 200 characters is
allowed.
Parameters tab
Parameter Type
Parameter Map
The type of parameter map to include in the Web Filter policy map.
Select None if you do not want to select a parameter map.
If you select a specific parameter type, enter the name of the parameter
map in the Parameter Map field. Click Select to select the map from
a list or to create a new parameter map object.
Match Condition and Action Tab
The Match All table lists class maps included in the policy map, and the action to take for traffic that
matches the class. For traffic to match this class, all criteria defined in the selected class maps must be
met.
• To add a criterion, click the Add button and fill in the Match Condition and Action dialog box (see
Add or Edit Match Condition and Action Dialog Boxes for Zone-Based Firewall and Web Filter
Policies, page 21-34).
• To edit a criterion, select it and click the Edit button.
• To delete a criterion, select it and click the Delete button.
Category The category assigned to the object. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.
Allow Value Override per
Device
Overrides
Edit button
Whether to allow the object definition to be changed at the device level.
For more information, see Allowing a Policy Object to Be Overridden,
page 6-18 and Understanding Policy Object Overrides for Individual
Devices, page 6-17.
If you allow device overrides, you can click the Edit button to create,
edit, and view the overrides. The Overrides field indicates the number
of devices that have overrides for this object.