Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
21-61
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 21 Managing Zone-based Firewall Rules
Zone-based Firewall Rules Page
Action
The action applied to traffic that matches this rule. Choose the desired
Action:
Action: Drop, Drop and Log,
Pass, Pass and Log
Drop – Silently drops all packets for the specified Services. The
default action for all traffic.
Drop and Log – Matched traffic is logged and dropped.
Pass – The router forwards matched packets from the From Zone
to the To Zone. Return traffic is not recognized, so you have to
specify additional rules for return traffic. This option is useful only
for protocols such as IPsec-encrypted traffic.
Pass and Log – Traffic is logged and forwarded.
For any of these Actions, you can select one or more protocols to be
matched by clicking the Select button next to the Protocol table to open
the Protocol Selector Dialog Box, page 21-64. However, this is not
necessary; you can leave the Protocol table empty and pass or drop
traffic based on the Sources, Destinations, and Services parameters; in
effect, these are standard access rules.
The Protocol Selector dialog box also provides access to the Configure
Protocol Dialog Box, page 21-65, where you can edit the Port
Application Mapping (PAM) parameters for the selected protocol.
Note The Log options generate system-log messages; you must
ensure that syslog logging is configured to capture these
messages.
Table 21-23 Add and Edit Zone based Firewall Rule Dialog Boxes (Continued)
Element Description