21-32
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 21 Managing Zone-based Firewall Rules
Configuring Inspection Maps for Zone-based Firewall Policies
Configuring Protocol Info Parameter Maps
Use the Add and Edit Protocol Info Parameter Map dialog boxes to define a parameter map for the
inspection of Instant Messaging (IM) applications or the Stun-ice protocol for zone-based firewall
policies on routers. If you configure the action of a zone-based firewall policy rule as Inspect, you must
select a protocol info parameter map when you configure any of these applications: AOL, ICQ, MSN
Messenger, Windows Messenger, Yahoo Messenger, Stun-ice. The protocol info parameter map defines
the DNS servers that interact with these applications, which helps the instant messenger application
engine to recognize the instant messenger traffic and to enforce the configured policy for that instant
messenger application.
Navigation Path
Select Manage > Policy Objects, then select Maps > Parameter Maps > Inspect > Protocol Info
Parameters in the table of contents. Right-click inside the work area and select New Object, or
right-click a row and select Edit Object.
Related Topics
Understanding Map Objects, page 6-72
Configuring Inspection Maps for Zone-based Firewall Policies, page21-15
Understanding the Zone-based Firewall Rules, page 21-3
Field Reference
Allow Value Override per
Device
Overrides
Edit button
Whether to allow the object definition to be changed at the device level.
For more information, see Allowing a Policy Object to Be Overridden,
page 6-18 and Understanding Policy Object Overrides for Individual
Devices, page 6-17.
If you allow device overrides, you can click the Edit button to create,
edit, and view the overrides. The Overrides field indicates the number
of devices that have overrides for this object.
Table21-9 Add or Edit Inspect Parameter Map Dialog Boxes (Continued)
Element Description
Table21-10 Add or Edit Protocol Info Parameter Map Dialog Boxes
Element Description
Name The name of the policy object. A maximum of 40 characters is allowed.
Description A description of the policy object. A maximum of 200 characters is
allowed.
DNS Server Table The DNS servers for which traffic will be permitted (and inspected) or
denied.
To add servers, click the Add button and fill in the Add Server
dialog box (see Add or Edit DNS Server for Protocol Info
Parameters Dialog Box, page 21-33).
To edit a server, select it and click the Edit button.
To delete a server, select it and click the Delete button.