Cisco Cisco Security Manager 4.5 Guia De Especificação
Cisco Security Manager 4.4 API Specification (Version 1.1)
OL- 29074-01
Page 60
3.1.5 Policy Derived Classes
This section and the following sub-sections define supported Policy classes over this API
3.1.5.1 DeviceAccessRuleFirewallPolicy
A DeviceAccessRuleFirewallPolicy extends from the base BasePolicy class and inherits all its attributes. An
instance of a DeviceAccessRuleFirewallPolicy denotes a single access control entry. The orderId attribute from the
BasePolicy class defines the ordering of these rules.
instance of a DeviceAccessRuleFirewallPolicy denotes a single access control entry. The orderId attribute from the
BasePolicy class defines the ordering of these rules.
A DeviceAccessRuleFirewallPolicy may reference NetworkPolicyObject, ServicePolicyObject,
IdentityUserGroupPolicyObject or an InterfaceRolePolicy Object objects.
IdentityUserGroupPolicyObject or an InterfaceRolePolicy Object objects.
The sources and destination elements may contain a combination of any of the following:
networkObjectGIDs: This includes one or more GID references to a Network Policy Object
interfaceRoleObjectGIDs: This includes one or more GID references to a Interface Role Policy Object
ipv4Data: One or more literal IPv4 addresses
It is possible to specify a destination element referring two Network Policy Objects and also including a literal
address such as 1.1.1.1/32.
address such as 1.1.1.1/32.
The interfaceRoleObjectIDs specified outside the sources and destination sub-elements specifies the interface on
which the ACL is applied.
which the ACL is applied.
The following table defines the contents of a DeviceAccessRuleFirewallPolicy:
Element
Type
Comment
isEnabled
Boolean
True if the rule is enabled, false otherwise.
direction
String
In or out.
permit
boolean
True indicates a permit and false indicates a deny
interfaceRoleObjectIDs
ObjectIdentifierList
A list of ObjectIdentifier IDs that reference a set of InterfaceRole
Policy Objects. The ID links to the gid attribute of the
corresponding InterfaceRole object
Policy Objects. The ID links to the gid attribute of the
corresponding InterfaceRole object
users
ComplexType
Contain user and user groups for whom the rule is applicable (
applicable only for ASA device versions greater than or equal to
8.4(2))
applicable only for ASA device versions greater than or equal to
8.4(2))
users.
identityUserGrpObject
GIDs
identityUserGrpObject
GIDs
ObjectIdentifierList
Reference to list of IdentityUserGroupPolicyObject object GIDs.
users. userNameData
String
List of users.
users. userGroupData
String
List of user groups.
sources
ComplexType
Container for source network and interface roles.
sources.networkObject
GIDs
GIDs
ObjectIdentifierList
A list of ObjectIdentifier IDs that reference a set of Network
Policy Objects. The ID links to the gid attribute of the
corresponding Network object
Policy Objects. The ID links to the gid attribute of the
corresponding Network object