Cisco Systems ISA550 Configuring Application Control Policy Mapping Rules

Security Services

Configuring Application Control

Cisco ISA500 Series Integrated Security Appliances Administration Guide 316

• Re-order the priorities of multiple application control policy mapping rules

within a given zone. To move the rule up one position, click the Move up icon.

To move the rule down one position, click the Move down icon. The default

application control policy mapping rule must be the last policy with the

lowest priority for a zone.

STEP 3 Click Save to apply your settings.

Configuring Application Control Policy Mapping Rules

An application control policy mapping rule applies a specific application control

policy to a given zone to control application traffic from and to the zone. You can

also apply a selected application control policy to a different set of users.

For example, you can control outgoing and incoming traffic to a given zone for a

specific host or for the hosts within a specific IP range.

NOTE Make sure that you have configured the application control policies before you

configure the policy mapping rules. See Configuring Application Control Policies,

page 310.

STEP 1 Click Add Mapping Rule to add a new application control policy mapping rule.

The Application Control Policy Mapping - Add/Edit window opens.

STEP 2 Enter the following information:

•Zone: Choose an existing zone to control application traffic from and to the

selected zone. This mapping rule will be listed under the selected zone.

•Policy: Choose an existing application control policy to apply the selected

policy to the zone.

•Matching Condition: You can apply the selected application control policy

to all users, a specific host, or the hosts within a specific IP range. Choose

one of the following options:

-All IP Addresses and Users: Applies the selected application control

policy to all users.

-Specific IP Address Object: Applies the selected application control

policy to a specific host or to the hosts within a specific IP range. Traffic

for the specific host or for the hosts within the IP range will be detected.

Traffic for other users will be bypassed. The IP address object can be a

host or a range of IP addresses. If the address object that you want is not