Chapter 9
Firewall Policy
Traffic Classification
2
Unmatched Traffic
Adding a New Rule to a Policy
Step 1
Step 2
Adding a New Zone Policy
Step 1
Step 2
OL-4015-12
The policy named clients-servers-policy contains two ACLs. The rule with the ID
1 permits TCP, UDP, and
rule with the ID 2 drops any unmatched traffic.
To add a new rule to a policy, complete the following steps:
Click anywhere in the display for that policy, and click the + Add button.
To insert a rule for new traffic in the order that you want it select an existing
•
rule, click the + Add button, and choose Insert or Insert After. The Insert
and Insert After options are also available from a context menu that you
display by right-clicking on an existing rule.
Choosing Rule for New Traffic automatically places the new rule at the top
•
of the list.
Choosing Rule for Existing Traffic allows you to select an existing class map
•
and modify it. It automatically places the new rule at the top of the list.
Complete the displayed dialog. Click
To add a new zone policy, complete the following steps:
Click Add and choose New Zone Policy.
In the Add a Rule screen, specify the source zone by clicking the button to the
right of the Source Zone field and selecting an existing zone or creating a new
zone.
Cisco Router and Security Device Manager 2.5 User's Guide
Action
udp
icmp
Drop
ICMP
traffic from any source to any destination. The
Add a New Rule
Edit Firewall Policy
Rule Options
for more information.
9-19