12-29
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter1 2 Introduction to Firewall Services
Managing Your Rules Tables
Device or Map view—The query is limited to the selected device. However, you can query across
all supported rule types. This allows you to compare different types of rules that apply to the same
traffic.
Policy view—The query is limited to the selected policy. You see only rules that are defined in that
policy, and you cannot query other types of policies. If you want to query a shared policy while
examining other policies, select a device that is assigned to the shared policy, and query the policy
from the device in Device view.
Related Topics
AAA Rules Page, page 15-10
Access Rules Page, page 16-9
Inspection Rules Page, page 17-7
Web Filter Rules Page (ASA/PIX/FWSM), page 18-3
Zone-based Firewall Rules Page, page 21-57
Step 1 Select the policy that you want to query from the Firewall folder. You can query any of the following
types of policy:
AAA Rules
Access Rules
Inspection Rules
Web Filter Rules (PIX/ASA/FWSM)
Zone Based Rules
Step 2 Click the Too ls button located below the table, then select Query to open the Querying Device or Policy
dialog box.
Step 3 Enter the parameters that define the rules you want to query. When setting up your query, you must select
at least one rule type; enabled, disabled or both; permitted, denied, or both; and mandatory, default, or
both. For detailed information about the query parameters, see Querying Device or Policy Dialog Box,
page 12-29.
In Policy view, you cannot change the type of rule you are querying. In Device view, you can query any
combination of rule types.
Step 4 Click OK to view the rules that match the criteria in the Policy Query Results dialog box. For
information on reading the report, see Interpreting Policy Query Results, page12-32.
For an example of a policy query report, see Example Policy Query Result, page12-34.
Querying Device or Policy Dialog Box
Use the Querying Device or Querying Policy dialog box to set up the parameters for a query. The query
results show the rules that match your parameters. The title of the dialog box indicates what you are
querying:
In Device or Map view, you are querying rules defined for the selected device.
In Policy view, you are querying rules within the selected policy only.