6-92
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
How Policy Objects are Provisioned as Object Groups
How Network/Host, Port List, and Service Objects are Named When Provisioned As Object Groups
In most cases, network/host, port list, and service objects can be provisioned as object groups without
changing the object name. Table 6-36 on page 6-92 describes how object names are changed when the
names cannot be converted directly to object groups on supported devices.
Note The predefined network/host object any is not provisioned as an object group.
Related Topics
Understanding Networks/Hosts Objects, page 6-74
Understanding and Specifying Services and Service and Port List Objects, page 6-86
How Service Objects are Provisioned as Object Groups, page 6-92
How Policy Objects are Provisioned as Object Groups, page 6-91
How Service Objects are Provisioned as Object Groups
The following table describes how Security Manager creates object groups when deploying service
objects to supported devices.
Table6-36 How Network/Host, Port List, and Service Objects are Named as Object Groups
Condition New Name Examples
Object name includes a space. Space is replaced with an
underscore.
An object named my object is
provisioned as an object group
named my_object.
Object name is longer than 64
characters (the maximum
supported by object groups).
Name is truncated so that any
suffixes required by the object
group (such as _TCP or _UDP, or
unique numbers, such as _1) can
be added while remaining within
the 64-character limit.
Device already has an object
group (Protocol/ICMP/Service)
with the same name.
A numeric suffix is added to the
name, starting from 1.
If you have a network/host object
named West and the device
already has a TCP service object
group named West, the name of
the object group is changed to
West _1 when deployed.
You have already created a
network/host object group with
the same name.
A numeric suffix is added to the
name, starting from 1.
If you have a network/host object
and a port list or service object
that are both named West , the
network/host object is deployed
as West and the port list is
deployed as West_ 1.