17-42
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
Add and Edit Country Network Codes Dialog Boxes
Use the Add and Edit Country Network Codes dialog boxes to add Mobile Country Code (mcc) and
Mobile Network Code (mnc) values to the GTP policy map. The codes can be 000 to 999.
Navigation Path
From the Add and Edit GTP Map dialog boxes, click the Add button in the Country and Network codes
table, or select a row and click the Edit button. See Configuring GTP Maps, page 17-40.
Add and Edit Permit Response Dialog Boxes
Use the Add and Edit Permit Response dialog boxes to permit GTP responses from a GSN that is
different from the one to which the response was sent.
Enter the name of a Network/Host policy object that defines the destination (To Object Group) and
source (From Object Group) of the traffic. You can click Select to select the object from a list, where
you can also create an new object by clicking the Create button in the Object Selector dialog box.
Permit Errors Whether to permit packets with errors or different GTP versions. By
default, all invalid packets or packets that failed during parsing are
dropped.
Edit Timeouts button Click this button to configure time out values for various operations.
For more information about the options, see GTP Map Timeouts Dialog
Box, page 17-43.
Match Condition and Action Tab
The Match All table lists the criteria included in the policy map. Each row indicates whether the
inspection is looking for traffic that matches or does not match each criterion, the criterion and value
that is inspected, and the action to be taken for traffic that satisfies the conditions.
To add a criterion, click the Add button and fill in the Match Condition and Action dialog box (see
GTP Policy Maps Add or Edit Match Condition and Action Dialog Boxes, page17-43).
To edit a criterion, select it and click the Edit button.
To delete a criterion, select it and click the Delete button.
Category The category assigned to the object. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.
Allow Value Override per
Device
Overrides
Edit button
Whether to allow the object definition to be changed at the device level.
For more information, see Allowing a Policy Object to Be Overridden,
page 6-18 and Understanding Policy Object Overrides for Individual
Devices, page 6-17.
If you allow device overrides, you can click the Edit button to create,
edit, and view the overrides. The Overrides field indicates the number
of devices that have overrides for this object.
Validate For
Validate button
The device platforms for which to validate the object. Select the
platform for which you intend to use this object and click Vali da te to
determine if the object is configured in a way that will prevent policy
deployment.
Table17-21 Add and Edit GTP Map Dialog Boxes (Continued)
Element Description