17-84
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
Configuring SNMP Maps
Use the Add and Edit SNMP Map dialog boxes to define maps for SNMP inspection. An SNMP policy
map lets you change the default configuration values used for SNMP application inspection.
SNMP application inspection lets you restrict SNMP traffic to a specific version of SNMP. Earlier
versions of SNMP are less secure; therefore, denying certain SNMP versions may be required by your
security policy. The security appliance can deny SNMP versions 1, 2, 2c, or 3. You control the versions
permitted by creating an SNMP map. You then apply the SNMP map when you enable SNMP inspection.
Navigation Path
Select Manage > Policy Objects, then select Maps > Policy Maps > Inspect > SNMP from the Object
Type selector. Right-click inside the work area, then select New Object, or right-click a row and select
Edit Object.
Related Topics
Understanding Map Objects, page 6-72
Configuring Protocols and Maps for Inspection, page 17-21
Field Reference
ID Type The hexadecimal value for the message ID to inspect:
Value—Matches a single hexadecimal value.
Range—Matches a range of values.
Action The action you want the device to take for traffic that matches the
defined criteria.
Table17-49 Skinny Policy Maps Add and Edit Match Condition and Action Dialog Boxes
Element Description
Table17-50 Add and Edit SNNP Map Dialog Boxes
Element Description
Name The name of the policy object. A maximum of 40 characters is allowed.
Description A description of the policy object. A maximum of 200 characters is
allowed.
Disallowed SNMP Versions The versions of SNMP you want to prohibit.
SNMP Version 1
SNMP Version 2c (Community Based)
SNMP Version 2 (Party Based)
SNMP Version 3
Category The category assigned to the object. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.