6-76
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
Understanding Networks/Hosts Objects
Although discontiguous network masks are not typically used for network configurations, they are
sometimes used for certain commands, such as filtering commands when defining access control lists
(ACLs). Security Manager supports the use of nonstandard network masks in the policies whose CLI
commands support them. An error is displayed if you try to define a discontiguous network mask in a
policy that does not support them.
Network Masks and Discovery
During discovery, Security Manager attempts to match network/host objects with existing equivalent
objects defined in the Policy Object Manager:
For contiguous network masks—Two network/host objects containing only standard networks are
considered equivalent if they consist of the same set of IP addresses.
For discontiguous network masks—Two network/host objects are considered equivalent only if the
standard networks consist of the same set of IP addresses and the nonstandard networks are
syntactically equivalent.
How Network Masks are Displayed
Although you can enter both contiguous and discontiguous network masks using dotted decimal
notation, all contiguous network masks are converted to CIDR notation. This makes it easier to
distinguish them from discontiguous network masks, which are displayed in dotted decimal notation
only.
Related Topics
Creating Networks/Hosts Objects, page 6-76
Specifying IP Addresses During Policy Definition, page6-81
Using Unspecified Networks/Hosts Objects, page 6-80
Understanding Networks/Hosts Objects, page 6-74
Creating Networks/Hosts Objects
You can create Networks/Hosts objects to represent networks, individual hosts, or groups of both. When
you create a Networks/Hostst object, you must choose the type of object (group, host, FQDN, network,
address range). Once created, you cannot change the object type.
Tip You can create Networks/Hosts objects “on the fly” when defining policies or objects that use this object
type. For more information, see Selecting Objects for Policies, page 6-2.
Related Topics
Understanding Networks/Hosts Objects, page 6-74
Creating Policy Objects, page 6-9
Contiguous and Discontiguous Network Masks for IPv4 Addresses, page 6-75
Specifying IP Addresses During Policy Definition, page6-81
Using Unspecified Networks/Hosts Objects, page 6-80
How Network/Host, Port List, and Service Objects are Named When Provisioned As Object Groups,
page 6-92