6-54
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
Creating Access Control List Objects
If you choose Access Control Entry for Type, specify the characteristics of the traffic that you want
to match and whether you are permitting or denying the traffic. You can filter based on the network
destination of the traffic (Network Filter) or the web address (URL Filter). For detailed information
about the fields on the dialog box, see Add and Edit Web Access Control Entry Dialog Boxes,
page 6-60.
If you choose ACL Ob ject, select the object in the available objects list and click >> to add it to the
list of selected objects.
Step 8 Click OK to save your changes.
The dialog box closes and you return to the Add WebType Access List page. The new entry is shown in
the table. If necessary, select it and click the up or down buttons to position it at the desired location.
Step 9 (Optional) Under Category, select a category to help you identify this object in the Objects table. See
Using Category Objects, page 6-12.
Step 10 Click OK to save the object.
Creating Unified Access Control List Objects
A unified access control list allows you to permit or deny traffic from specific networks, hosts, security
groups, and users, destined for specific networks, hosts and security groups. You also specify the
service(s) involved.
Related Topics
Creating Access Control List Objects, page 6-49
Understanding Access Rule Address Requirements and How Rules Are Deployed, page 16-5
Creating Policy Objects, page 6-9
Understanding Networks/Hosts Objects, page 6-74
Step 1 Choose Manage > Policy Objects to open the Policy Object Manager (see Policy Object Manager,
page 6-4).
Step 2 From the Object Type selector, select Access Control Lists.
The Access Control List page appears.
Step 3 Click the Unified tab.
Step 4 Right-click inside the work area, then select New Object.
The Add Unified Access List dialog box appears (see Add or Edit Access List Dialog Boxes, page6-55).
Step 5 Enter a name for the object and optionally a description of the object.
Step 6 Right-click inside the table in the dialog box, then choose Add.
The Add Unified Access Control Entry dialog box appears.
Step 7 Create the access control entry:
If you choose Access Control Entry for Type, specify the characteristics of the traffic that you want
to match and whether you are permitting or denying the traffic. Enter the source addresses whence
the traffic originates and select logging options. For detailed information about the fields on the
dialog box, see Add and Edit Unified Access Control Entry Dialog Boxes, page 6-62.