User Guide for Cisco Security Manager 4.4
Chapter 16 Managing Firewall Access Rules
Importing Rules
Step 4 On the Import Rules Wizard—Enter Parameters Page, page 16-38:
• Enter the desired CLI information in the running-configuration format appropriate for the selected
device. For examples of importable CLI-based rules, see Examples of Imported Rules, page 16-41.
• Specify whether you are creating an interface-specific rule (and enter the interface or interface role
to which you want the rules to apply), or for ASA 8.3+ devices, a global rule (see Understanding
Global Access Rules, page 16-3).
• Specify the traffic direction with respect to the interface (the direction is always In for global rules).
Beside access control rules, you should also include the CLI information for the following items if they
are referred to by the rules. If you do not include these items, the named objects must already be defined
in Security Manager for the import to be successful.
• Time range objects (the time-range command with its subcommands), which can create time range
policy objects.
• Object groups for PIX, ASA, FWSM, and IOS 12.4(20)T+ devices (the object-group command
with its subcommands), which can create network/host policy objects.
For ASA 8.3+ devices, you can also include the object network and object service commands.
However, any object NAT configuration is not imported.
Step 5 Click Next to process the rules and open the Import Rules Wizard—Status Page, page 16-39.
You are notified if your CLI input contains errors when you click the Next button. For some detailed tips
about what commands you can enter, see Import Rules Wizard—Enter Parameters Page, page 16-38.
The CLI is evaluated and if importable, you are told the types of objects that were created from the CLI.
Step 6 Click Next to view the rules and objects on the Import Rules Wizard—Preview Page, page 16-40, or
click Finish to import the rules without previewing them.
The information on the Preview page is read-only. If the rules are acceptable, click Finish.
If you want to make changes, you can click the Back button to return to the Enter Parameters page of
the wizard, or you can click Finish and edit the rules on the Access Rules page.
Import Rules Wizard—Enter Parameters Page
Use the Import Rules wizard to import a set of access control entries from an ACL in device
running-configuration format to your access rules policy. The command syntax you can enter is
controlled by the type of device to which you are importing rules.
Beside access control rules, you should also include the CLI for the following items if they are referred
to by the rules. If you do not include these items, the named objects must already be defined in Security
Manager for the import to be successful.
• Time range objects (the time-range command with its subcommands).
• Object groups for PIX, ASA, FWSM, and IOS 12.4(20)T devices (the object-group command with
its subcommands).
For ASA 8.3+ devices, you can also include object network and object service commands.
However, any object NAT configuration is not imported.
Navigation Path
(Device view only) Right-click anywhere in the rules table on the Access Rules Page, page 16-9 and
choose Import Rules.