Cisco Systems CL-28826-01 Finding and Replacing Items in Rules Tables

12-16

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 12 Introduction to Firewall Services

Managing Your Rules Tables

Navigation Path

Do any of the following in a rules policy that includes sources, user, destinations, services, interfaces,

zones, or other fields that specify networks, identity user groups, interfaces, or services. You can also

show contents when using tools that work with rules, such as importing rules.

•Right-click one of those cells and select Show <Attribute Type> Contents, where the attribute type

is the name of the cell. The data includes all entries defined in the cell.

•Right-click an entry in one of those cells and select Show <Entry> Contents, where the name of

the selected entry is included in the command name. The data displayed is only for the selected

entry.

Tip For inspection rules, services appear in the Traffic Match column and only for rules where the traffic

matches source, destination, and port.

Finding and Replacing Items in Rules Tables

In policies that use rules tables, you can search for items in some cells and selectively replace them. The

cells that you can search depend on the policy. You can use wildcard characters to find items based on

pattern matching, for example, so that you can replace several related networks with a new network/host

policy object defined for them.

To use find and replace, click the Find and Replace (binoculars icon) button at the bottom of any policy

that uses rules tables to open the Find and Replace Dialog Box, page 12-17. In the Firewall folder, this

includes AAA rules, access rules, IPv6 access rules, inspection rules, zone based firewall rules, and web

filter rules (for ASA/PIX/FWSM devices only). For ASA/PIX/FWSM devices, it also includes the NAT

translation rules policy (but not for every combination of context and operational mode) and the IOS,

QoS, and connection rules platform service policy.

When searching for items, you select the type of item, the columns you want to search, and enter the

string that you want to find and optionally, the string you want to use to replace it. You can find and

replace the following types of items:

•Network—A network/host object name, or the IP address of a host or network.

•User—An Active Directory (AD) username (NetBIOS_DOMAIN\user), user group name

(NetBIOS_DOMAIN\\user_group), or identity user group object name.

•Service—A service object name or protocol and port, for example TCP/80. The search is syntactic,

not semantic, that is, if you are searching for TCP/80 and a rule uses HTTP, the search results will

not find it.

•Interface Role—An interface name or interface role object name.

Note In access rules, you can search for global rules by using the Global interface name. However,

there is no way to convert between global and interface-specific rules. Although you can find

global rules using the Global interface name, if you try to replace an int erface name with the

name “Global,” you are actually creating an interface-specific access rule that uses a policy

object named Global.

•Text—A text string in a Description field.

The following are some examples of what you might do with find and replace: