Техническое Руководство для Cisco Cisco Security Manager 4.7
Cisco Security Manager 4.4 API Specification (Version 1.1)
OL- 29074-01
Page 85
3.1.5.13
InterfaceNATDynamicRulesFirewallPolicy
An InterfaceNATDynamicRulesFirewallPolicy extends from the base BasePolicy class and inherits all its attributes.
An instance of a InterfaceNATDynamicRulesFirewallPolicyspecifies dynamic NAT and PAT rules. Rules are
evaluated sequentially in the order listed.
An instance of a InterfaceNATDynamicRulesFirewallPolicyspecifies dynamic NAT and PAT rules. Rules are
evaluated sequentially in the order listed.
This policy is applicable for PIX, FWSM and pre-ASA 8.3.
The following table defines the contents of an InterfaceNATDynamicRulesFirewallPolicy:
Element. Sub Element
Type
Comment
isRuleEnabled
boolean
If true, the rule is enabled and false indicates that the rule is
disabled.
disabled.
realInterfaceGID
ObjectIdentifier
Maps to the the device interface role policy object to which the
rule applies.
rule applies.
poolId
Unsigned Int
The ID number of the pool of addresses used for translation. A
value of zero to specify this as an identity NAT rule.
value of zero to specify this as an identity NAT rule.
original
Complex Type
Complex type containing IP addresses for the source hosts and
network objects to which the rule applies. Can contain multiple
literal IP addresses and/or reference to network policy objects
network objects to which the rule applies. Can contain multiple
literal IP addresses and/or reference to network policy objects
original.ipv4Data
String
A literal IP Address.
original.
networkObjectGIDs
networkObjectGIDs
Object identifier
An ObjectIdentifier ID that references a Network Policy Object.
outsideNAT
Boolean
If true, indicates the “outside” keyword is present on this NAT
rule.
rule.
advancedOptions
Complex Type
Advanced options.
advancedOptions.isTran
sDNSReplies
sDNSReplies
boolean
If true, the security appliance rewrites DNS replies so an outside
client can resolve the name of an inside host using an inside DNS
server, and vice versa.
client can resolve the name of an inside host using an inside DNS
server, and vice versa.
advancedOptions.maxT
CPConnPerRule
CPConnPerRule
UnsignedInt
The maximum number of TCP connections allowed; valid values
are 0 through 65,535. If this value is set to zero, the number of
connections is unlimited.
are 0 through 65,535. If this value is set to zero, the number of
connections is unlimited.
advancedOptions.maxU
DPConnPerRule
DPConnPerRule
UnsignedInt
The maximum number of UDP connections allowed; valid values
are 0 through 65,535. If this value is set to zero, the number of
connections is unlimited.
are 0 through 65,535. If this value is set to zero, the number of
connections is unlimited.
advancedOptions.maxE
mbConnections
mbConnections
UnsignedInt
The maximum number of embryonic connections allowed to
form before the security appliance begins to deny these
connections. Valid values are 0 through 65,535. If this value is
set to zero, the number of connections is unlimited.
form before the security appliance begins to deny these
connections. Valid values are 0 through 65,535. If this value is
set to zero, the number of connections is unlimited.
advancedOptions.rando
mizeSeqNum
mizeSeqNum
boolean
If true, the security appliance randomizes the sequence numbers
of TCP packets
of TCP packets
Table 44: InterfaceNATDynamicRulesFirewallPolicy Class Definition