Filter
Top Products
21-62
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 21 Managing Zone-based Firewall Rules
Zone-based Firewall Rules Page
Action: Inspect Inspect provides state-based traffic control—the device maintains
connection or session information for TCP and UDP traffic, meaning
return traffic in reply to connection requests is permitted.
Choose this option to apply packet inspection based on your selected
Layer 4 (TCP, UDP) and Layer 7 (HTTP, IMAP, instant messaging, and
peer-to-peer) protocols. You also can edit PAM settings for the selected
protocols, and you can set up deep packet inspection (DPI) and provide
additional protocol-related information for the Layer 7 protocols. See
Configuring Inspection Maps for Zone-based Firewall Policies,
page 21-15 for more information.
1. You can select one or more protocols for inspection by clicking the
Select button next to the Protocol table to open the Protocol
Selector Dialog Box, page 21-64.
2. The Protocol Selector dialog box also provides access to the
Configure Protocol Dialog Box, page 21-65, where you can create
custom protocols, and edit the PAM and DPI parameters for the
selected protocol.
3. Inspect Parameters – You can apply a customized set of
connection, timeout, and other settings by entering the name of an
Inspect Parameter map in this field, or you can click Select to select
one from a list. You also can create new Inspect Parameter maps
from the selection-list dialog box; see Configuring Inspect
Parameter Maps, page 21-29 for more information.
If you do not specify an Inspect Parameters map, the default
settings are used.
Table 21-23 Add and Edit Zone based Firewall Rule Dialog Boxes (Continued)
Element Description