21-57
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter21 Managing Zone-based Firewall Rules
Zone-based Firewall Rules Page
8. Finally, there is an automatic rule, which appears as the final class-default rule in the policy map (I).
This rule drops any traffic that does not match one of the class maps referenced in the policy map
(I). For example, ICMP traffic from the internal network to the Internet will not be allowed. For
information on configuring a different class-default rule, see Changing the Default Drop Behavior,
page 21-47.
Zone-based Firewall Rules Page
Zone-based firewall rules provide unidirectional application of firewall policies between groups of
interfaces known as “zones.” That is, interfaces are assigned to zones, and specific inspection policies
are applied to traffic moving between zones in one direction or the other.
A zone defines a boundary where traffic is subjected to specific restrictions as it crosses into another
region of your network. The default zone-based firewall policy between zones is deny all. Thus, if no
policy is explicitly configured, all traffic between zones is blocked.
Note Zone-based firewall policies can be configured only on Cisco IOS and ASR devices.
The Zone Based Firewall Rules page displays a list of currently configured zone-based firewall rules,
and lets you add, edit and delete rules.
Tip Disabled rules are shown with hash marks covering the table row. When you deploy the configuration,
disabled rules are removed from the device. For more information, see Enabling and Disabling Rules,
page 12-20.
Navigation Path
To access the Zone Based Firewall Rules page, do one of the following:
(Device view) Select a device, then select Firewall > Zone Based Firewall Rules from the Policy
selector.
(Policy view) Select Firewall > Zone Based Firewall Rules from the Policy Type selector. Create
a new policy or select an existing one.
(Map view) Right-click a device and select Edit Firewall Policies > Zone Based Firewall Rules.
Related Topics
Understanding the Zone-based Firewall Rules, page 21-3
Adding Zone-Based Firewall Rules, page 21-12
Filtering Tables, page1-45
Field Reference
Table21-22 Zone Based Firewall Rules Page
Element Description
No. This number indicates the rule’s position in the ordering of the list. You
can use the Up Row and Down Row buttons to change the position of
the selected rule.