CHAP TER
16-1
User Guide for Cisco Security Manager 4.4
OL-28826-01
16
Managing Firewall Access Rules
Access rules define the rules that traffic must meet to pass through an interface. When you define rules
for incoming traffic, they are applied to the traffic before any other policies are applied (with the
exception of less common AAA rules). In that sense, they are your first line of defense.
Tip For some types of devices, you can configure IPv6 access rules in addition to IPv4 access rules. For
information on supported device types, see IPv6 Support in Security Manager, page1-7.
The following topics help you understand and work with access rules:
Understanding Access Rules, page 16-1
Understanding Global Access Rules, page 16-3
Understanding Device Specific Access Rule Behavior, page 16-4
Understanding Access Rule Address Requirements and How Rules Are Deployed, page 16-5
Configuring Access Rules, page 16-7
Configuring Expiration Dates for Access Rules, page 16-19
Configuring Settings for Access Control, page 16-20
Using Automatic Conflict Detection, page 16-25
Viewing Hit Count Details, page16-33
Importing Rules, page 16-37
Optimizing Access Rules Automatically During Deployment, page 16-43
The following topics can help you with general rule table usage:
Adding and Removing Rules, page 12-9
Editing Rules, page 12-9
Enabling and Disabling Rules, page 12-20
Moving Rules and the Importance of Rule Order, page 12-19

Understanding Access Rules

Access rules policies define the rules that allow or deny traffic to transit an interface. Typically, you
create access rules for traffic entering an interface, because if you are going to deny specific types of
packets, it is better to do it before the device spends a lot of time processing them.