Cisco Systems CL-28826-01 Zone-based Firewall Rule: Advanced Options Dialog Box

21-63

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter21 Managing Zone-based Firewall Rules

Zone-based Firewall Rules Page

Zone-based Firewall Rule: Advanced Options Dialog Box

Use the Zone-Based Firewall Rule Advanced Options dialog box to apply specific time-range

information to a zone-based firewall rule.

Navigation Path

In the Traffic section of the Add or Edit Zone based Firewall Rule dialog box, click the Advanced

button.

Related Topics

•Adding and Editing Zone-based Firewall Rules, page21-59

•Understanding the Zone-based Firewall Rules, page 21-3

Action: Content Filter Content Filter provides URL filtering based on a supplied parameter

or policy map. The router intercepts HTTP requests, performs

protocol-related inspection, and optionally contacts a third-party server

to determine whether the requests should be allowed or blocked. You

can provide a WebFilter parameter map, which defines filtering based

on local URL lists, as well as information from an external SmartFilter

(previously N2H2) or Websense server. Alternately, you can provide a

WebFilter policy map that accesses Local, N2H2, Websense, or Trend

Micro filtering data.

1. When Content Filter is the chosen Action, HTTP is the specified

Protocol. You can click Configure to open the Configure Protocol

Dialog Box, page 21-65, where you can edit the HTTP PAM

settings, and apply an HTTP DPI map.

2. Select WebFilter Parameter Map, or WebFilter Policy Map, and

supply the name of an appropriate map. You can click the

appropriate Select button to select the map from a list; you also can

create new maps from the selection-list dialog box. See

Configuring Content Filtering Maps for Zone-based Firewall

Policies, page 21-35 for information about configuring these maps.

3. Inspect Parameters – You can apply a customized set of

connection, timeout, and other settings by entering the name of an

Inspect Parameter map in this field, or you can click Select to select

one from a list. You also can create new Inspect Parameter maps

from the selection-list dialog box; see Configuring Inspect

Parameter Maps, page 21-29 for more information.

If you do not specify an Inspect Parameters map, the default

settings are used.

Description (Optional) You can enter a description of up to 1024 characters to help

you identify the rule when viewing the rules table.

Category (Optional) You can assign a category to the rule, to help you organize

and identify rules and objects. See Using Category Objects, page 6-12.

Table21-23 Add and Edit Zone based Firewall Rule Dialog Boxes (Continued)

Element Description