Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

21-50

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 21 Managing Zone-based Firewall Rules

Configuring Settings for Zone-based Firewall Rules

Navigation Path

To access the Zone Based Firewall page, do one of the following:

• (Device view) Select a device, then select Firewall > Settings > Zone Based Firewall from the

Policy selector.

• (Policy view) Select Firewall > Settings > Zone Based Firewall from the Policy Type selector.

Create a new policy or select an existing one.

• (Map view) Right-click a device and choose Edit Firewall Settings > Zone Based Firewall.

Related Topics

• Configuring Settings for Zone-based Firewall Rules, page 21-48

• Understanding the Zone-based Firewall Rules, page 21-3

• Adding Zone-Based Firewall Rules, page 21-12

Field Reference

Table 21-20 Zone Based Firewall Page

Element Description

Zones tab This tab displays the Zones table, which lists unreferenced zones; that

is zones without any associated interfaces, rules or policies.

Unreferenced zones are usually found and listed during device

discovery, but you also can create named, “empty” zones here.

The Zones table lists the following information for each unreferenced

zone:

• Zone – The name of the Zone/Interface Role.

• Content – Any interfaces assigned to the zone.

• Description – Any user-provided comments about the zone.

To add a zone to this table, click the Add Row button and provide a

Zone name in the Zone dialog box.

VPN tab This tab presents the VPN Zone field; a zone entry in this field ensures

that dynamic VPN traffic can be processed by the zone-based firewall

rules on this router. See Using VPNs with Zone-based Firewall

Policies, page 21-5 for more information about this zone.

Enter or Select the zone through which VPN traffic will pass.

WAAS tab This tab presents the Enable WAAS check box. Select this option to

enable Wide Area Application Services interoperability.

If this option is not enabled, packets being optimized by a WAAS

device may be dropped because WAAS increases the TCP packet

sequence number during the TCP handshake. This behavior may be

viewed as a possible attack by the IOS device.

Content Filtering tab This tab displays server settings and certificate links for Trend

Micro-based content filtering. For more information, see Zone Based

Firewall Page - Content Filter Tab, page 21-51.

previous next