5-43
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter5 Managing Policies
Managing Policies in Device View and the Site-to-Site VPN Manager
Step 1 In Device view, select a device from the Device selector, then select a shared policy assigned to that
device from the Device Policies selector. You must select a rule-based policy, such as access rules. The
details of the policy appear in the work area.
Step 2 Do one of the following:
Select Policy > Add Local Rules.
Right-click the policy, then select Add Local Rules.
A message is displayed indicating that the policy on this device is now defined as a child policy that
inherits rules from the shared policy. If the shared policy in turn inherits rules from a different shared
policy, those rules are automatically inherited as well.
Note To change the parent policy from which this policy inherits rules, see Inheriting or Uninheriting
Rules, page 5-43.
Step 3 Click OK to confirm. In the work area, headings are added for local mandatory and default rules in
addition to the mandatory and default rules inherited from the shared policy.
In the Device Policies selector, the status icon changes to the icon for a local policy. For more
information, see Policy Status Icons, page 5-28.
Step 4 Define local rules as required.
Tip If you assign a shared policy after adding local rules, both the inherited rules and your local rules
are replaced with the selected shared policy.
Inheriting or Uninheriting Rules
This procedure describes how certain types of rule-based policies, such as access rules, can inherit rules
from shared policies of the same type. Child policies inherit both the mandatory rules and default rules
that are defined in the parent policy.
When working in Device view, you can then define additional rules that are local to the selected device.
For more information, see Adding Local Rules to a Shared Policy, page5-42.
You can edit rule inheritance from either Device view or Policy view.
Related Topics
Understanding the Device View, page 3-1
Managing Shared Policies in Policy View, page 5-47
Assigning a Shared Policy to a Device or VPN Topology, page 5-41
Understanding Rule Inheritance, page 5-4
Inheritance vs. Assignment, page 5-6
Understanding Policies, page 5-1
Using the Policy Banner, page 5-35
Step 1 Select a shared rule-based policy in either Device view or Policy view, then do one of the following: