12-12
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 12 Introduction to Firewall Services
Managing Your Rules Tables
Right-click an address cell in a rules table and select Edit Sources or Edit Destinations or a similar
command. The data replaces the content of the selected cells.
Select an entry in an address cell and select Edit <Entry>. The data replaces the selected entry.
Select multiple rules, right-click a Sources or Destination cell, and select Add Sources or Add
Destinations. The data is appended to the data already in the cell.
Adding or Editing User Cells in Rules Tables
Tip The user cell applies to ASA 8.4(2+) only. Anything configured in the cell is ignored for other device
types or OS versions.
Use the Add or Edit Users dialog boxes to edit the user entry in a rules table that includes user identity
groups. For detailed information on editing firewall rules cells, see Editing Rules, page12-9.
You can enter any combination of the following to identify traffic based on Active Directory (AD) user
or user group names. If you configure identity user groups, they apply to source traffic only. For traffic
to match the rule, both the source addresses and identity user groups must match. That is, the rule applies
to traffic sent from users on the specific networks or hosts defined in the source field when directed at
the destination. For more information, see Configuring Identity-Based Firewall Rules, page 13-21.
To make the rule apply to a user without regard for the source address, specify any in the source cell.
You can enter more than one value by separating the items with commas. Following are the supported
formats:
Identity user group objects.
Individual users: NETBIOS_DOMAIN\user
User groups (note the double \): NETBIOS_DOMAIN\\user_group
Click Select to select objects, users, or user groups from a list or to create new objects. For more
information, see Selecting Identity Users in Policies, page 13-21 and Creating Identity User Group
Objects, page 13-19.
Navigation Path
Do any of the following in a rules policy that includes user cells:
Right-click a user cell in a rules table and select Edit Users. The data replaces the content of the
selected cells.
Select an entry in a user cell and select Edit <Entry>. The data replaces the selected entry.
Select multiple rules, right-click a user cell, and select Add Users. The data is appended to the data
already in the cell.
Adding or Editing Services Cells in Rules Tables
Use the Edit Services dialog box to edit the services that define the type of traffic to act on. You can enter
more than one value by separating the items with commas.
You can enter any combination of service objects and service types (which are typically a protocol and
port combination). If you type in a service, you are prompted as you type with valid values. You can
select a value from the list and press Enter or Tab. You can also click Select to select the service from a
list, or to create a new service.