12-14
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 12 Introduction to Firewall Services
Managing Your Rules Tables
Editing Category Cells in Rules Tables
Use the Edit Category dialog box to change the category assigned to a rule. Categories help you organize
and identify rules and objects. See Using Category Objects, page 6-12. For detailed information on
editing firewall rules cells, see Editing Rules, page12-9.
Navigation Path
Right-click a Category cell in a rules policy that includes categories and select Edit Category.
Editing Description Cells in Rules Tables
Use the Edit Description dialog box to edit the description of the rule. The description helps you identify
the purpose of a rule and can be up to 1024 characters. For detailed information on editing rules cells,
see Editing Rules, page 12-9.
Navigation Path
Right-click a Description cell in a rules policy that includes descriptions and select Edit Description.
Showing the Contents of Cells in Rules Tables
Use the Show Contents dialog boxes to display the actual, translated data defined in a source, user,
destination, services, interfaces, zones, or other cell in a rules table that includes addresses, identity user
groups, interfaces, services, or policy objects that define those things. The title of the dialog box
indicates which cell or entry you are examining. Use this information to determine to which addresses,
services, or interfaces the rule will actually apply when deployed to the device. For detailed information
about editing or viewing cell contents, see Editing Rules, page 12-9.
What you see in the dialog box depends on the view you are in:
Device View, Map View—You are shown the actual IP addresses, users, services, or interfaces to
which the rule will apply for the specific device. For example, if the rule uses network/host objects,
you will see the specific IP addresses or fully-qualified domain names (FQDN) defined by the
objects. If the rule uses interface objects, you will see the specific interfaces defined on the device
that the object identifies, if any.
The IP addresses for network/host objects are sorted in ascending order on the IP address, and
then descending order on the subnet mask.
Service objects are sorted on protocol, source port, and destination port.
Interface objects are listed in alphabetical order. If the interface is selected because it matches
a pattern in an interface object, the pattern is listed first, and the matching interface is shown in
parentheses. For example, “* (Ethernet1)” indicates that the Ethernet1 interface on the device
is selected because it matches the * pattern (which matches all interfaces).
Policy View—You are shown the patterns defined in the policy objects and entries defined for the
policy. Entries are sorted alphabetically, with numbers and special characters coming first.
Filtering Contents
A List Filter field is provided above the results in the Show Contents dialog box. You can use the List
Filter field to quickly locate any entries that contain a specified text string.