6-19
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter6 Managing Policy Objects
Working with Policy Objects—Basic Procedures
Related Topics
Understanding Policy Object Overrides for Individual Devices, page6-17
Allowing a Policy Object to Be Overridden, page6-18
Creating or Editing Object Overrides for Multiple Devices At A Time, page6-19
Deleting Device-Level Object Overrides, page6-21
Step 1 (Device view) Right-click a device in the Device selector and select Device Properties.
Step 2 Select the object type you want to override from the Policy Object Overrides folder.
The table displays all objects of the selected type that can be overridden at the device level. If an object
has an override already defined for the device, the Value Overridden? column contains a check mark.
Step 3 Select the object whose override you want to change and do one of the following:
Click the Create Override button, or right-click and select Create Override.
Click the Edit Override button, or right-click and select Edit Override.
The dialog box for defining that type of object is displayed with the current properties (either the global
properties or the local override).
Step 4 Modify the definition of the object and click OK to save the device-level override. In the Device
Properties window, a green check mark appears in the Value Overridden? column.
Creating or Editing Object Overrides for Multiple Devices At A Time
You can create or edit device-level object overrides from the Policy Object Manager window.
This method enables you to create overrides on multiple devices at the same time, which is especially
useful when creating overrides for several devices that participate in the same VPN topology. For
example, if the spokes located in one part of the VPN use a different CA server than the spokes located
in a different part of the VPN, you can override the PKI enrollment object that defines the server for
these devices. This is a more convenient method than selecting each device individually from Device
view and defining the override from the Device Properties window.
Related Topics
Understanding Policy Object Overrides for Individual Devices, page6-17
Allowing a Policy Object to Be Overridden, page6-18
Creating or Editing Object Overrides for a Single Device, page6-18
Deleting Device-Level Object Overrides, page6-21
Step 1 Select Manage > Policy Objects to open the Policy Object Manager, page 6-4.
Step 2 Select the object type you want to override from the table of contents, and then select the object to
override.
Tip Not all types of object allow overrides, and not all objects are defined as overridable. Look for
a green check mark in the Overridable column. If the object type allows overrides, but this object
does not have a check mark, edit the object to enable object override (see Allowing a Policy
Object to Be Overridden, page 6-18).