Руководство Пользователя для Cisco Cisco Security Manager 4.11
Cisco Security Manager 4.11 API Specification (Version 2.3)
Page 89
3.1.5.13
InterfaceNATTransExemptionsFirewallPolicy
An InterfaceNATTransExemptionsFirewallPolicy extends from the base BasePolicy class and inherits all its
attributes. An instance of an InterfaceNATTransExemptionsFirewallPolicy specifies rules that exempt traffic from
address translation. Rules are evaluated sequentially in the order listed.
attributes. An instance of an InterfaceNATTransExemptionsFirewallPolicy specifies rules that exempt traffic from
address translation. Rules are evaluated sequentially in the order listed.
This policy is applicable for PIX, FWSM and pre-ASA 8.3.
The following table defines the contents of an InterfaceNATTransExemptionsFirewallPolicy:
Element. Sub Element
Type
Comment
isRuleEnabled
boolean
If true, the rule is enabled and false indicates that the rule is
disabled.
disabled.
isExempt
boolean
If true, the rule identifies traffic that is exempt from NAT. If
false, the rule identifies traffic that is not exempt from NAT.
false, the rule identifies traffic that is not exempt from NAT.
realInterfaceGID
ObjectIdentifier
The device interface to which the rule is applied.
original
Complex Type
Complex type containing IP addresses for the source hosts and
network objects to which the rule applies. Can contain multiple
literal IP addresses and/or reference to network policy objects
network objects to which the rule applies. Can contain multiple
literal IP addresses and/or reference to network policy objects
original.ipv4Data
String
A literal IP Address.
original.
interfaceRoleObjectGIDs
interfaceRoleObjectGIDs
Object Identifier
List of Interface role Policy Object GIDs.
original.
networkObjectGIDs
networkObjectGIDs
Object identifier
An ObjectIdentifier ID that references a Network Policy Object.
outsideNAT
boolean
True indicates rule outside keyword is defined on the NAT rule.
destinations
Complex Type
Complex type containing IP addresses for the destination hosts
and network objects to which the rule applies. Can contain
multiple literal IP addresses and/or reference to network policy
objects
and network objects to which the rule applies. Can contain
multiple literal IP addresses and/or reference to network policy
objects
destinations.ipv4Data
String
A literal IP Address.
destinations.
interfaceRoleObjectGIDs
interfaceRoleObjectGIDs
Object Identifier
List of Interface role Policy Object GIDs.
destinations.
networkObjectGIDs
networkObjectGIDs
Object identifier
An ObjectIdentifier ID that references a Network Policy Object.
fwsmAdvancedOptions
Complex Type
Advanced options applicable only for FWSM
fwsmAdvancedOptions.is
TransDNSReplies
TransDNSReplies
boolean
If true, the security appliance rewrites DNS replies so an outside
client can resolve the name of an inside host using an inside DNS
server, and vice versa.
client can resolve the name of an inside host using an inside DNS
server, and vice versa.
fwsmAdvancedOptions.m
axTCPConnPerRule
axTCPConnPerRule
UnsignedInt
The maximum number of TCP connections allowed; valid values
are 0 through 65,535. If this value is set to zero, the number of
connections is unlimited.
are 0 through 65,535. If this value is set to zero, the number of
connections is unlimited.
fwsmAdvancedOptions.m
axUDPConnPerRule
axUDPConnPerRule
UnsignedInt
The maximum number of UDP connections allowed; valid values
are 0 through 65,535. If this value is set to zero, the number of
connections is unlimited.
are 0 through 65,535. If this value is set to zero, the number of
connections is unlimited.
fwsmAdvancedOptions.m
axEmbConnections
axEmbConnections
UnsignedInt
The maximum number of embryonic connections allowed to
form before the security appliance begins to deny these
connections. Valid values are 0 through 65,535. If this value is
form before the security appliance begins to deny these
connections. Valid values are 0 through 65,535. If this value is