Filter
Top Products
21-51
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 21 Managing Zone-based Firewall Rules
Configuring Settings for Zone-based Firewall Rules
Zone Based Firewall Page - Content Filter Tab
To use Trend Micro-based content filtering, you must configure contact information for the Trend Micro
server on this tab of the Zone Based Firewall page. This tab also provides links to Trend Micro
registration and certificate download. You must have an active subscription with Trend Micro to utilize
this form of content filtering, and you must download and install a valid subscription certificate on this
IOS device.
Navigation Path
To access the Zone Based Firewall page, do one of the following:
• (Device view) Select a device, then select Firewall > Settings > Zone Based Firewall from the
Device selector.
• (Policy view) Select Firewall > Settings > Zone Based Firewall from the Policy selector.
• (Map view) Right-click a device and choose Edit Firewall Settings > Zone Based Firewall.
Related Topics
• Zone-based Firewall Rules Page, page 21-57
• Configuring Content Filtering Maps for Zone-based Firewall Policies, page 21-35
• Understanding the Zone-based Firewall Rules, page 21-3
• Adding Zone-Based Firewall Rules, page 21-12
Global Parameters (ASR) tab This tab displays global, logging-related settings specific to ASR
devices. Configure these settings as follows:
• Log Dropped Packets – Select this option to log all packets dropped
by the device; syslog logging must be enabled to view the
information.
• Log Flow export timeout rate – NetFlow logs are created after a
flow either expires or is timed out, and it is important to put a time
limit on how long a flow can be active before expiring. This value
is maximum number of minutes a flow can remain active before it
is expired. The value can be any integer from 1 to 3600; the default
is 30.
• Log Flow export destination IP – The IP address or host name of
the NetFlow collector to which flow data is to be sent.
• Log Flow export destination port – The UDP port monitored by the
NetFlow collector for flow data.
Table 21-20 Zone Based Firewall Page (Continued)
Element Description