21-38
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 21 Managing Zone-based Firewall Rules
Configuring Content Filtering Maps for Zone-based Firewall Policies
Configuring Content Filtering Maps for Zone-based Firewall Policies, page21-35
Understanding the Zone-based Firewall Rules, page 21-3
Field Reference
Configuring N2H2 or WebSense Parameter Maps
Use the Add and Edit N2H2 or Websense Parameter Map dialog boxes to define a parameter map for
Smartfilter (N2H2) or Websense web filtering for zone-based firewall policies on routers. If you
configure the action of a zone-based firewall policy rule as Content Filter, you can select a Web Filter
policy map that incorporates an N2H2 or Websense web filter parameter map (when you select N2H2 or
Websense for the parameter type on the Parameter tab). For more information about Web Filter policy
maps, see Configuring Web Filter Maps, page 21-46.
Navigation Path
Select Manage > Policy Objects, then select N2H2 or WebSense from the Maps > Parameter Maps >
Web Filter folder in the table of contents. Right-click inside the work area and select New Object, or
right-click a row and select Edit Object.
Table21-13 Add or Edit Local Web Filter Parameter Map Dialog Boxes
Element Description
Name The name of the policy object. A maximum of 40 characters is allowed.
Description A description of the policy object. A maximum of 200 characters is
allowed.
Enable Alert Whether to generate stateful packet inspection alert messages on the
console.
Enable Allow Mode Whether to allow or block URL requests when the URL filtering
process does not have connectivity to a URL filtering database. When
allow-mode is on, all unmatched URL requests are allowed; when off,
all unmatched URL requests are blocked.
Block Page The web page you want t o present to the user if the user attempts to
access a page that you block. You can select from the following:
None—The user is not presented with any information.
Message—The user is presented with the text message you enter in
the edit box.
Redirect URL—The user is redirected to the URL you enter in the
edit box.
Category The category assigned to the object. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.
Allow Value Override per
Device
Overrides
Edit button
Whether to allow the object definition to be changed at the device level.
For more information, see Allowing a Policy Object to Be Overridden,
page 6-18 and Understanding Policy Object Overrides for Individual
Devices, page 6-17.
If you allow device overrides, you can click the Edit button to create,
edit, and view the overrides. The Overrides field indicates the number
of devices that have overrides for this object.