CHAP TER
5-1
User Guide for Cisco Security Manager 4.4
OL-28826-01
5
Managing Policies
The following topics describe the concept of policies in Cisco Security Manager and how to use and
manage them.
Understanding Policies, page 5-1
Discovering Policies, page 5-12
Managing Policies in Device View and the Site-to-Site VPN Manager, page 5-28
Working with Shared Policies in Device View or the Site-to-Site VPN Manager, page 5-34
Managing Shared Policies in Policy View, page 5-47
Managing Policy Bundles, page 5-53

Understanding Policies

In Security Manager, a policy is a set of rules or parameters that define a particular aspect of network
configuration. You configure your network by defining policies on devices (which includes individual
devices, service modules, security contexts, and virtual sensors) and VPN topologies (which are made
up of multiple devices), and then deploying the configurations defined by these policies to these devices.
Several types of policies might be required to configure a particular solution. For example, to configure
a site-to-site VPN, you might need to configure multiple policies, such as IPsec, IKE, GRE, and so forth.
Policies are assigned to one or more devices. After a policy is assigned to a device, any changes to the
policy definition change the behavior of the device.
The following topics describe policies in more detail:
Settings-Based Policies vs. Rule-Based Policies, page 5-2
Service Policies vs. Platform-Specific Policies, page 5-2
Local Policies vs. Shared Policies, page 5-3
Understanding Rule Inheritance, page 5-4
Policy Management and Objects, page 5-7
Understanding Policy Locking, page 5-7
Customizing Policy Management for Routers and Firewall Devices, page5-10