6-69
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter6 Managing Policy Objects
Understanding Interface Role Objects
Step 3 Right-click in the work area, then select New Object.
The Interface Role dialog box appears.
Step 4 Enter a name for the object and optionally a description of the object. Names can be up to 128 characters,
descriptions up to 1024.
Step 5 Enter one or more naming patterns for the interface role object. The names are the complete or partial
names of interfaces, subinterfaces, and other virtual interfaces. Separate multiple name patterns with
commas.
You can use these wildcards to create name patterns that apply to multiple interfaces:
Use a period (.) as a wildcard for a single character.
To use a period as part of the pattern itself (for example, when defining subinterfaces), enter a
backslash (\) before the period.
Use an asterisk (*) as a wildcard for one or more characters at the end of the interface pattern. For
example, FastEthernet* would include interfaces named FastEthernet0 and FastEthernet1.
If the pattern does not include a wildcard, it must match the exact name of the interface. For example,
the pattern “FastEthernet” will not match FastEthernet0/1 unless you include an asterisk at the end of
the pattern.
Step 6 (Optional) Under Category, select a category to help you identify this object in the Objects table. See
Using Category Objects, page 6-12.
Step 7 (Optional) Select Allow Value Override per Device to allow the properties of this object to be redefined
on individual devices. See Allowing a Policy Object to Be Overridden, page 6-18.
Step 8 Click OK to save the object.
Interface Role Dialog Box
Use the Interface Role dialog box to create, copy, or edit an interface role object. Interface Role objects
have the following uses:
Specifying multiple interfaces— Interface role objects allow you to apply policies to specific
interfaces on multiple devices without having to manually define the names of each interface.
Zones—You use interface role objects to define the zones in a zone-based firewall rules policy.
Navigation Path
Select Manage > Policy Objects, then select Interface Roles from the Object Type Selector. Right-click
inside the work area and select New Object or right-click a row and select Edit Object.
Related Topics
Creating Policy Objects, page 6-9
Creating Interface Role Objects, page 6-68
Using Interface Roles When a Single Interface Specification is Allowed, page 6-71
Specifying Interfaces During Policy Definition, page6-70
Understanding Interface Role Objects, page 6-67
Understanding the Zone-based Firewall Rules, page 21-3
Policy Object Manager, page 6-4