Chapter9 Firewall Policy
Edit Firewall Policy/ACL
9-16
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Type
Choose one of the following:
A Network—If you choose this, provide a network address in the IP address
field. Note that the wildcard mask enables you to enter a network number that
may specify multiple subnets.
A Host Name or IP Address—If you choose this, provide a host IP address
or host name in the next field.
Any IP address—If you choose this, the action you specified is to apply to
any host or network.
IP Address/Wildcard Mask
Enter a network address and then the wildcard mask to specify how much of the
network address must match exactly.
For example, if you entered a network address of 10.25.29.0 and a wildcard ma sk
of 0.0.0.255, any Java applet with a source address containing 10.25.29 would be
filtered. If the wildcard mask were 0.0.255.255, any Java applet with a source
address containing 10.25 would be filtered.
Host Name/IP
This field appears if you chose A Host Name or IP Address as Type. If you enter
a host name, ensure that there is a DNS server on the network that can resolve the
host name to an IP address.
Cisco SDM Warning: Inspection Rule
This window is displayed when Cisco SDM finds two inspection rules have been
configured for a direction in a traffic flow. For example, you might have one
inspection rule applied to traffic inbound on the From interface, and another
applied to traffic outbound on the To interface. Two inspection rules may not harm
the functioning of the router, but they may be unnecessary. Cisco SDM allows you
to keep the inspection rules the way they are, to remove the inspection rule on the
From interface, or to remove the inspection rule on the To interface.
Do not make any change—Cisco SDM will not remove either inspection
rule.