12-19
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter1 2 Introduction to Firewall Services
Managing Your Rules Tables
Moving Rules and the Importance of Rule Order
Rules policies that use rules tables are ordered lists. That is, the top to bottom order of the rules matters
and has an effect on the policy.
When the device analyzes a packet against a rules policy, the device searches the rules in order from top
to bottom. The first rule that matches the packet is the rule that is applied to the packet, and all
subsequent rules are ignored. Thus, if you place a general rule pertaining to IP traffic before a more
specific rule pertaining to HTML traffic for a given source or destination, the more specific rule might
never be applied.
For access control rules, you can use the automatic conflict detection tool to help identify when rule
order will prevent a rule from ever being applied to traffic (for more information, see Using Automatic
Conflict Detection, page 16-25). For other rules policies, carefully inspect the table to spot problems
with rule order.
Find Whole Words Only Whether the search should find and select only whole words, which are
strings delimited by spaces or punctuation. For example, a whole word
search for SanJose will find SanJose but not SanJose1.
If you use this option with the Allow Wildcard option, you can search
for partial strings but if you replace the located string, you replace the
whole word and not the partial string. For example, you can search for
^10.100* to find all addresses like 10.100.10.0/24, and replace with
them with the network10.100 policy object. By selecting Whole Words,
the network/host object replaces the entire address, not just the portion
you searched for.
For text searches, this option and the Allow Wildcards option are
mutually exclusive.
Allow Wildcards Whether the search or replacement strings use wildcard characters. If
you do not select this option, all characters are treated literally.
You can use the Java regular expression syntax to create your
expression with the following exceptions:
Period (.)—The period is a literal period and it is implicitly
escaped.
Question mark (?)—The question mark indicates a single
character.
Asterisk (*)—The asterisk matches one or more characters. It does
not match zero characters.
Plus sign (+)—The plus sign means the same as the asterisk; it
matches one or more characters.
Find Next button Click this button to find the next occurrence of the search string.
Replace button Click this button to replace the found string with the replacement string.
Replace All button Click this button to automatically find the search string and replace it
throughout the table.
Table12-2 Find and Replace Page (Continued)
Element Description