Filter
Top Products
21-60
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 21 Managing Zone-based Firewall Rules
Zone-based Firewall Rules Page
Traffic
Define the traffic flow to which this rule is applied.
Match Choose whether to Permit or Deny matched traffic. See Understanding
the Relationship Between Permit/Deny and Action in Zone-based
Firewall Rules, page 21-7 for additional information about this option.
Sources
Destinations
Provide the source networks/hosts and destination networks/hosts for
matching traffic. Each field allows multiple entries separated by
commas.
You can enter any combination of the following address types to define
the source or destination of the traffic. For more information, see
Specifying IP Addresses During Policy Definition, page 6-81.
• Network/host object. Enter the name of the object, or click Select
to select it from a list. You can also create new network/host objects
in the selection dialog box.
• Host IP address; for example, 10.10.10.100.
• Network address, including subnet mask, in either 10.10.10.0/24 or
10.10.10.0/255.255.255.0 formats.
• A range of IP addresses; for example, 10.10.10.100-10.10.10.200.
• An IP address pattern in the format 10.10.0.10/255.255.0.255,
where the mask is a discontiguous bit mask (see Contiguous and
Discontiguous Network Masks for IPv4 Addresses, page 6-75).
Services Specify the services that define the type of traffic to matched by this
rule. You can enter any combination of service objects and service
types (which are typically a protocol and port combination), separated
by commas. See Understanding the Relationship Between Services and
Protocols in Zone-based Firewall Rules, page 21-10 for additional
information about this option.
If you type in a service, you are prompted as you type with valid values.
You also can click Select to select services from a list. For complete
information on how to specify services, see Understanding and
Specifying Services and Service and Port List Objects, page 6-86.
From Zone
To Zone
Basic zone-based firewall rules are unidirectional; that is, they define a
traffic flow that moves in only one direction between two zones.
Enter or Select the zone from which traffic flows can originate for this
rule, and enter or Select the zone to which traffic can flow.
Advanced button Opens the Advanced Options dialog box where you can select
time-range options. See Zone-based Firewall Rule: Advanced Options
Dialog Box, page 21-63.
Table 21-23 Add and Edit Zone based Firewall Rule Dialog Boxes (Continued)
Element Description