16-15
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter16 Managing Firewall Access Rules
Configuring Access Rules
Advanced and Edit Options Dialog Boxes
Use the Advanced dialog box to configure additional settings for an access rule. These settings are
displayed in three different cells of the access-rule table: direction, options, and rule expiration. You can
then edit those settings directly by right-clicking the appropriate cell.
Note With the release of Security Manager 4.4 and versions 9.0 and higher of the ASA, the separate pages for
configuring IPv4 and IPv6 access rules were unified. However, for the earlier ASA versions, a separate
page for IPv6 access rules is still provided. The following descriptions apply to apply to all versions of
the page, except where noted.
Destinations Provide traffic destinations for this rule; can be networks or security
groups. As with Sources, you can enter values or object names, or
Select objects, for one or more destinations of Network and Security
Group (ASA 9.0+) type.
Services The services that define the type of traffic upon which to act. You can
enter or Select any combination of service objects and service types
(which are typically a protocol and port combination).
Enter more than one value by separating the items with commas.
For complete information on how to specify services, see
Understanding and Specifying Services and Service and Port List
Objects, page 6-86.
Interfaces
Global (ASA 8.3+)
Specify whether you are creating an interface-specific or global rule.
Global rules are available only for ASA 8.3+ devices, and are handled
according to special rules (for detailed information, see Understanding
Global Access Rules, page 16-3).
If you select Interfaces, enter or Select the name of the interface or the
interface role to which the rule is assigned, or click Select to select the
interface or role from a list. An interface must already be defined to
appear on the list.
Interface role objects are replaced with the actual interface names when
the configuration is generated for each device. See Understanding
Interface Role Objects, page 6-67. Global rules are created as a special
global ACL that is not attached to specific interfaces, but are processed
for all interfaces in the In direction after interface-specific rules.
Description An optional description of the rule (up to 1024 characters).
Category The category assigned to the rule. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.
Advanced button Click this button to configure other settings for the rule, including
logging configuration, traffic direction, time ranges, and rule expiration
dates. For more information, see Advanced and Edit Options Dialog
Boxes, page 16-15.
Table16-2 Add and Edit Access Rule Dialog Boxes (Continued)
Element Description