21-65
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter21 Managing Zone-based Firewall Rules
Zone-based Firewall Rules Page
Selecting Objects for Policies, page 6-2
Configure Protocol Dialog Box, page 21-65
Configure Protocol Dialog Box
Packet inspection can be configured in zone-based firewall rules by the selection of specific protocol
objects, which define Port Application Mapping (PAM) parameters (Layer 4 protocols and ports, and
optionally specific networks and hosts). A Layer 7 (HTTP, IMAP, Instant Messaging, and peer-to-peer)
protocol can also include a deep-packet inspection policy specific to that protocol. Refer to Adding and
Editing Zone-based Firewall Rules, page 21-59 for information about selecting protocols during
zone-based firewall rule definition.
The Configure Protocol dialog box is used to edit existing protocol definitions, and to create custom
definitions, for use with zone-based firewall rules. For example, if a protocol does not use its default
ports for some or all networks, you can configure different port mappings.
Navigation Path
The Configure Protocol dialog box is accessed from the Protocol Selector Dialog Box, page21-64, as
follows:
Click the Create (+) button below the Selected Protocols list to create a new protocol.
Select a protocol in the Selected Protocols list, and click the Edit (pencil) button to edit that protocol.
Related Topics
Understanding the Zone-based Firewall Rules, page 21-3
Adding Zone-Based Firewall Rules, page 21-12
Protocol Selector Dialog Box, page 21-64
Table21-25 Protocol Selector Dialog Box
Element Description
Available Protocols A list of protocols that can be selected for a zone-based firewall rule.
Tip You can create a custom protocol by clicking the Create button
below the Selected Protocols column, opening the Configure
Protocol Dialog Box, page 21-65.
Selected Protocols The list of protocols you have selected for this zone-based firewall rule.
Tip You can edit Port Application Mapping (PAM) settings for the
protocol highlighted in the Selected Protocols column: click the
Edit button below the Selected Protocols column to open the
Configure Protocol Dialog Box, page 21-65.
>> button Moves the highlighted protocols from the Available Protocols column
to the Selected Protocols column. You can select multiple protocols
using the standard Shift-click and Ctrl+click functions.
<< button Moves the highlighted protocols from the Selected Protocols column
back to the Available Protocols column. You can select multiple
protocols using the standard Shift-click and Ctrl+click functions.