12-22
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 12 Introduction to Firewall Services
Managing Your Rules Tables
Moving Rules and the Importance of Rule Order, page 12-19
Enabling and Disabling Rules, page 12-20

Add and Edit Rule Section Dialog Boxes

Use the Add and Edit Rule Section dialog boxes to add or edit a user-defined section heading in a rules
table. For detailed information about how to use sections to organize a rules table, see Using Sections to
Organize Rules Tables, page12-20.
Navigation Path
Do one of the following:
Select one or more rules in a rules table, right-click and select Include in New Section.
Right-click a section heading and select Edit Section.
Field Reference
Combining Rules
Access rules and AAA rules policies can grow over time to include a large number of rules. The size of
these policies can make it difficult to manage them. To alleviate this problem, you can use the rule
combiner tool to reduce the number of rules in a policy without changing how the policy handles traffic.
Tip Combining rules can dramatically compress the number of access rules required to implement a
particular security policy. For example, a policy that required 3,300 access rules might only require 40
rules after hosts and services are efficiently grouped. However, you cannot use the rule combiner with
IPv6 access rules or with rules that specify users or user groups, either directly or with identity user
group objects. You can use the tool with rules that use FQDN network/host objects.
You might have several rules that allow a specific range of services to various trusted hosts (as sources)
to various public servers (as destinations). If you have 10 rules applying to this situation, it is possible
that those 10 rules can be combined into a single rule. You could then create new policy objects for the
collection of services (for example, AllowedServices), hosts (for example, TrustedHosts), and servers
(for example, PublicServers). To create the new objects during rule combination, you can right-click the
newly-combined cells and select Create Network (or Service) Object from Cell Contents.
For example, you might have two rules for interface FastEthernet0:
Permit TCP for source 10.100.10.1 to destination 10.100.12.1
Permit TCP for source 10.100.10.1 to destination 10.100.13.1
Table12-3 Add and Edit Rule Section Dialog Boxes
Element Description
Name The name of the section.
Description A description for the section, up to 1024 characters.
Category The category assigned to the section. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.