Cisco Cisco Firepower Management Center 2000
14-15
FireSIGHT System User Guide
Chapter 14 Understanding and Writing Access Control Rules
Working with Different Types of Conditions
•
URLs
For all but port conditions, you type the literal value in a configuration field below the list of selected
conditions.
conditions.
In the case of port conditions, you select a protocol from a drop-down list. When the protocol is
All
(for
destination ports) and, optionally, when the protocol is
TCP
or
UDP
, you type a port number in a
configuration field. When the protocol is
ICMP
or
IPv6-ICMP
, you select a type and, if appropriate, a
related code. When you add a source port, the protocol defaults to TCP. You must specify a protocol
when setting a literal port.
when setting a literal port.
Each relevant conditions page provides the controls needed to add literal values. Values you type in a
configuration field appear as red text if the value is invalid, or until it is recognized as valid. Typed values
change to black text as you type when they are recognized as valid. A grayed
configuration field appear as red text if the value is invalid, or until it is recognized as valid. Typed values
change to black text as you type when they are recognized as valid. A grayed
Add
button activates when
a valid value is recognized. Literal values you add appear immediately in the list of selected conditions.
See the following sections for specific details on adding each type of literal value:
•
•
•
•
Using Objects in Conditions
License:
Any
Application filters and objects that you create in the object manager (
Objects > Object Management
) are
immediately available for you to select from relevant lists of available access control rule conditions.
See
See
for information.
You can also create many objects on-the-fly from the access control policy. A control on relevant
conditions pages provides access to the same configuration controls that you use in the object manager.
conditions pages provides access to the same configuration controls that you use in the object manager.
Individual objects created on-the-fly appear immediately in the list of available objects, and you can add
them to the current rule, and to other existing and future rules. On the relevant conditions page, and also
on the policy Edit page, you can hover your pointer over an individual object to display the contents of
the object, and over a group object to display the number of individual objects in the group.
them to the current rule, and to other existing and future rules. On the relevant conditions page, and also
on the policy Edit page, you can hover your pointer over an individual object to display the contents of
the object, and over a group object to display the number of individual objects in the group.
Working with Different Types of Conditions
License:
Any
You can filter traffic by one or more of several types of rule conditions, in any combination. See the
following sections for more information:
following sections for more information:
•
explains how to filter traffic by security zones that you create
using the object manager.
•
explains how to filter traffic by IP address or address
block.
•
explains how to filter traffic by country or continent.
•
explains how to filter traffic by VLAN tag.