6-80
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
Understanding Networks/Hosts Objects
Using Unspecified Networks/Hosts Objects
When you define a Networks/Hosts object, you can leave the address fields blank, thereby creating a
Networks/Hosts object with an unspecified value. Networks/Hosts objects with unspecified values
require that you create overrides for every device that uses them.
The advantage of using a Networks/Hosts object with an unspecified value is that Security Manager
displays an error if you submit your changes without creating a device-level override on every device
using the object. By contrast, when you define the global object with a placeholder value (such as,
10.10.10.10), that global value could be deployed by mistake if you fail to define an override.
The following procedure describes how to create and implement Networks/Hosts objects with
unspecified values.
Related Topics
Creating Networks/Hosts Objects, page 6-76
Understanding Policy Object Overrides for Individual Devices, page6-17
Contiguous and Discontiguous Network Masks for IPv4 Addresses, page 6-75
Specifying IP Addresses During Policy Definition, page6-81
Understanding Networks/Hosts Objects, page 6-74
Step 1 Create a Networks/Hosts object, making sure to:
Leave the address fields blank (for example, the Members in Group, IP Address and Net
Mask/Prefix, FQDN, or Start and End IP Address).
Select the Allow Value Override per Device check box.
For more information, see Creating Networks/Hosts Objects, page 6-76.
Step 2 Create overrides for each device that will use the object:
a. Click the green checkmark in the Overrides column for the object in the Networks/Hosts table to
open the Policy Object Overrides Window, page6-20.
b. Click the Create Override button and select the devices on which you want to create overrides, then
define a value in the address field. At this point, this override value applies to all the selected
devices. For more information, see Creating or Editing Object Overrides for Multiple Devices At A
Time, page 6-19.
Network object options
IP Address
Net Mask/Prefix
The IPv4 or IPv6 address that represents the network; for example,
10.100.10.0 or 2001:DB8::/32.
If you entered an IPv4 address, enter its subnet mask in the Net
Mask/Prefix field. You can type a mask in either CIDR format, for
example, 24 (without the forward slash), or in dotted decimal format,
for example, 255.255.255.0.
If you entered an IPv6 address, enter its prefix length in the Net
Mask/Prefix fi eld.
Table6-30 Network/Host Dialog Box (General Tab) (Continued)
Element Description