15-13
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter15 Managing Firewall AAA Rules
AAA Rules Page
If you right-click a rule in the table, the options may include editing functions relative to the specific
table cell right-clicked. For example, the command “Edit Server Group” is included when you
right-click a Server Group cell. See Editing Rules, page 12-9 for more information.
The Combine Rules option is also included in the right-click menu. See Combining Rules,
page 12-22 for more information.
Add and Edit AAA Rule Dialog Boxes
Use the Add and Edit AAA Rules dialog boxes to add and edit AAA rules. AAA rule configuration is
more complex than just filling in this dialog box, and differs significantly based on the operating system.
Carefully read the following topics before configuring AAA rules:
Understanding AAA Rules, page 15-1
Understanding How Users Authenticate, page 15-2
Configuring AAA Rules for ASA, PIX, and FWSM Devices, page 15-4
Configuring AAA Rules for IOS Devices, page 15-7
Navigation Path
From the AAA Rules Page, page 15-10, click the Add Row button or select a row and click the Edit
Row button.
Related Topics
Adding and Removing Rules, page 12-9
Editing Rules, page 12-9
Field Reference
Table15-2 Add and Edit AAA Rules Dialog Boxes
Element Description
Enable Rule Whether to enable the rule, which means the rule becomes active when
you deploy the configuration to the device. Disabled rules are shown
overlain with hash marks in the rule table. For more information, see
Enabling and Disabling Rules, page 12-20.
Action (Permit/Deny) Whether the defined traffic will be subject to the rule (Permit) or
exempted from the rule (Deny).
For example, if you create an authentication deny rule for the
10.100.10.0/24 network to any destination using the HTTP service,
users on this network are not prompted to authenticate with the device
when making HTTP requests.