Object Manager

Previous page
Table of content
Next page

Cisco Security Manager enables a wide variety of objects to be created and configured for any supported platform. For example, a single network object can be used in the rule table for a Firewall Services Module (FWSM), ASA, and for the remote-access VPN configuration on an IOS router. The types of reusable objects that are supported in Cisco Security Manager include the following:

  • Networks/hosts Objects for source/destination fields

  • Service objects Objects for service fields

  • Service groups Combination of service objects (for example, IPSec)

  • Interface roles (groups) Combine interfaces from a device into a group

  • Authentication, authorization, and accounting (AAA) server groups List of AAA servers for failover, and so on

  • AAA server objects AAA server details including RADIUS/ TACACS+, and IP

  • Access control lists (ACLs) Reuse ACL between components including quality of service (QoS)

  • ASA group policy Define system policy/preferences for ASA

  • Certificate authority (CA) servers CA configuration

  • Dynamic Host Configuration Protocol (DHCP) servers DHCP parameters including IP address, timeout, and so on

  • FTP Map Deep packet protocol inspection of FTP parameters

  • HTTP Map Deep packet protocol inspection of HTTP parameters (for example, GET)

  • IPSec transform sets Define AES/3DES, SHA, and so on, for IPSec VPN

  • TCP Map Deep packet inspection of TCP, including Checksum

  • GPRS Tunneling Protocol (GTP) map Deep packet inspection of tunneled network packets over 3G phone networks

  • Time range objects Define ACLs for a specific time range

  • Domain name rules matching Configuration domain name matching for digital certificates

  • User group Group configuration for remote-access VPN

  • Traffic flow objects Define packet matching for deep packet inspection

  • User templates Templates for CLI tokens

  • Categories Apply colors to rules and objects to find/filter

Figure 9-23 provides an example of launching the object manager, and Figure 9-24 shows the resulting object management homepage it is displayed in. Note the object manager supports the ability to find and filter objects based upon fields including name, group, and description.

Figure 9-23. Manage Objects


Figure 9-24. Object Homepage


Network and service objects can be created directly from the access control list (ACLs) rule table, or they can be created directly from the Policy Object Manager. Objects can be nested and contain other objects. Network objects can be a single IP address, a single network, multiple IP addresses, multiple networks, or a collection of objects, or a combination of IP addresses, networks, and objects.


Previous page
Table of content
Next page
Setf-Defending Networks(c) The Next Generation of network Security
Self-Defending Networks: The Next Generation of Network Security
ISBN: 1587052539
EAN: 2147483647
Year: N/A
Pages: 112
Authors: Duane De Capite
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
Oracle Developer Forms Techniques
Documenting Software Architectures: Views and Beyond
The Complete Cisco VPN Configuration Guide
Data Structures and Algorithms in Java
InDesign Type: Professional Typography with Adobe InDesign CS2
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy