12-25
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter1 2 Introduction to Firewall Services
Managing Your Rules Tables
Interpreting Rule Combiner Results
Use the Rule Combiner Results dialog box to evaluate the results of a rule combination (see Combining
Rules, page 12-22). The dialog box includes a summary of the results, and shows the new rules that will
be created if you click OK.
Changed rule cells are outlined in red. Select a combined rule in the upper table to see the rules in the
lower table that were combined to create the rule.
You can refine some elements of the results in this window:
You can right-click on the Source, Destination, and Service cells with multiple elements and select
Create Network (or Service) Object from Cell Contents to create a new policy object that
contains the contents of the combined cell. The new object replaces the contents of the cell.
You can also automatically create network object groups in the deployed configuration to replace
the comma-separated values in a rule table cell. The network objects are created during deployment,
and they do not affect the content of your rules policy. To enable this option, select Tools > Security
Manager Administration > Deployment to open the Deployment Page, page 11-9 and select
Create Object Groups for Multiple Sources, Destinations, or Services in a Rule.
You can right-click on Description and select Edit Description to change the description. The
descriptions of combined rules are a concatenation of the descriptions of the old rules separated by
new lines.
For an example, see Example Rule Combiner Results, page 12-27.
Tips
The combined results are not applied to the policy until you click OK. If you do not like the results
of the combination, click Cancel and consider selecting smaller groups of rules to limit the scope
of the Combine Rules tool.
If you click OK but then decide you do not want to accept the changes, you have two options. First,
make sure you do not click Save on the policy page, select a different policy, and click No when
prompted to save your changes to the policy. If you already clicked Save, you can still back out the
Choose which columns to
combine
The columns in the rules table that can be combined. Any columns that
you do not select must have the identical content for two rules to be
combined (even those not listed as combinable, except for the
Description column). The columns you can combine are:
Source
User
Destination
Service
Interface
For AAA rules, these additional columns:
Action
Auth Proxy
Table12-4 Combine Rules Selection Summary Dialog Box (Continued)
Element Description