6-2
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
Selecting Objects for Policies
Selecting Objects for Policies
Modifying Policies using Drag and Drop
If you are modifying an existing policy, you can easily update the policy definition by dragging and
dropping objects from the Policy Object Manager onto the applicable field in the policy. You can select
a range of objects from the Policy Object Manager window by selecting the first object in the range and
then, with the Shift key pressed, selecting the last object in the range. You can select multiple objects by
clicking those objects while keeping the Ctrl key pressed. You can also select a range of objects and then
add additional objects to your selection by using the Ctrl key method. To drag multiple objects, press
and hold the Ctrl key while dragging or drag using the right-mouse button.
Creating Policies using Object Selector
When creating a policy, you often need to select one or more objects to include in the policy definition.
For example, firewall policies make use of network/host objects, interface role objects, and service
objects.
To include objects in policies, you can manually enter the object name or click the Select button to
display an object selector dialog box. In certain cases, the object selector is prefiltered to display only
the objects that are applicable to the policy that you are configuring. For example, when configuring a
policy that requires a subnet, the object selector displays only those network/host objects that represent
subnets, not network/host objects that represent single hosts. Object selectors make it easy for you to
select which objects to include in a particular policy.
Additionally, object selectors enable you to create and edit objects of that type on the fly. This makes it
easy to work with objects without leaving the policy you are defining to open the Policy Object Manager.
For example, if when creating a dynamic NAT rule you discover that the ACL object you require does
not exist, you can click the Create button to open the dialog box for creating an ACL object. When you
finish creating the object, you are returned to the object selector with the new object selected and ready
for inclusion in the policy. If you need to modify an existing object before using it, select it, click the
Edit button and make your modifications, then click OK to save your changes; this returns you to the
object selector.
When you create an object by opening the object editor from within a selector, the new object must
conform to the requirements of the field from which the selector was opened. For example, if you open
a selector from a field requiring a host and then decide to create a network/host object for that field, you
must define the network/host object as a host.
There are two types of objects selectors—a simple list selector for policies that require you to select a
single object, and a dual selector for policies that allow you to select multiple objects of a certain type.
The following table explains these selectors and how to use them.