6-63
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
Creating Access Control List Objects
Related Topics
• Creating Unified Access Control List Objects, page 6-54
• Understanding Access Rule Address Requirements and How Rules Are Deployed, page 16-5
• Understanding Networks/Hosts Objects, page 6-74
• Understanding and Specifying Services and Service and Port List Objects, page 6-86
• Filtering Items in Selectors, page 1-42
Field Reference
Table 6-24 Add and Edit Unified Access Control Entry Dialog Boxes
Element Description
Type The type of entry; the fields in the dialog box change based on your
choice:
• Access Control Entry—You want to define an ACE.
• ACL Objects—You want to include one or more existing ACL
objects. You are presented with a list of available ACL objects.
Select the objects you want to include and click the >> button to
move them to the list of selected objects. You can remove an object
by selecting it and clicking <<. You can also edit an object in the
selected objects list.
Action The action to take on traffic defined in the entry:
• Permit—The Services associated with the ACE are applied to this
traffic. That is, the traffic defined by this entry is permitted to use
the Services.
• Deny—The Services associated with this ACE are not applied to
this traffic. If there are multiple ACLs configured for a service,
denied traffic is typically compared to the next ACE in the list; if it
matches no permit entry in any ACL for the service, the service is
not applied to the traffic. Whether the traffic is dropped from the
network depends on the service.
