5-35
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter5 Managing Policies
Managing Policies in Device View and the Site-to-Site VPN Manager
As an alternative to sharing local policies, you can create new shared policies and manage them at the
network level using Policy view. For more information, see Managing Shared Policies in Policy View,
page 5-47. After creating the shared policy and assigning it to devices or VPN topologies in Policy view,
you can return to Device view or the Site-to-Site VPN Manager and perform additional operations on
the policy as described in the sections that follow. Note that all shared policies that you create in Device
view or the Site-to-Site VPN Manager automatically appear as shared policies in Policy view.
Tip In Device view or the Site-to-Site VPN Manager, if you edit a shared policy, your changes are applied
to all devices or VPN topologies that share the policy. Thus, you do not need to go to Policy view to edit
shared policies. You are warned when you try to edit a shared policy that this will happen, to ensure you
do not inadvertently make a change to more devices or topologies than what you intend. If you need to
change the policy for just one device or topology, you can unshare the policy before editing it, as
described in Unsharing a Policy, page 5-40.
The following topics describe how to share policies and the operations that can be performed on them in
Device view or the Site-to-Site VPN Manager:
Using the Policy Banner, page 5-35
Policy Shortcut Menu Commands in Device View and the Site-to-Site VPN Manager, page 5-37
Sharing a Local Policy, page5-38
Sharing Multiple Policies of a Selected Device, page 5-39
Unsharing a Policy, page5-40
Assigning a Shared Policy to a Device or VPN Topology, page 5-41
Adding Local Rules to a Shared Policy, page5-42
Inheriting or Uninheriting Rules, page 5-43
Cloning (Copying) a Shared Policy, page5-44
Renaming a Shared Policy, page5-45
Modifying Shared Policy Definitions in Device View or the Site-to-Site VPN Manager, page 5-45
Modifying Shared Policy Assignments in Device View or the Site-to-Site VPN Manager, page 5-46
Related Topics
Importing Policies or Devices, page 10-13
Understanding Policies, page 5-1
Managing Policies in Device View and the Site-to-Site VPN Manager, page 5-28
Using the Policy Banner
When you view a device policy in Device view, or a site-to-site VPN policy in the Site-to-Site VPN
Manager, there is a banner above the content of the policy in the work area. The banner provides
information about whether the policy is local to the device or a shared policy. For shared policies, the
banner also indicates the number of devices that use the policy. For policies that allow inheritance, the
banner includes information about inheritance.
Messages might appear below the banner to indicate the following:
That the policy is locked by another user. You cannot save changes to the policy until the other user
submits (and approves) the changes, cancels an edit, or discards the changes.