Table Of Contents

Devices User Interface Reference

Devices Page

Device Selector

Create Filter Dialog Box

Policies Selector

Contents Pane

Add Device from Network Wizard

Device Information Page—Network

Auto Update Server Properties Dialog Box

Available Auto Update Servers Dialog Box

Device Credentials Page

Rx-Boot Mode Credentials Dialog Box

SNMP Credentials Dialog Box

HTTP Credentials Dialog Box

FWSM Credentials and VPN SPA Slot Location Dialog Box

VPN SPA Slots Dialog Box

VPN SPA Slot Selector

Device Grouping Page

Add Device(s) from Config File Wizard

Device Information Page—Config File

Choose Files Dialog Box

Device Grouping Page

Add New Device Wizard

Device Information Page—New Device

Server Properties Dialog Box

Available Servers Dialog Box

CNS-Configuration Engine Properties Dialog Box

Available Configuration Engines Dialog Box

Device Credentials Page

Device Grouping Page

Add Device(s) from DCR Wizard

Device Information Page—DCR

Device Grouping Page

Device Delete Validation Page

Device Delete Validation Details Dialog Box

Create a Clone of <device name> Page

Device Properties Page

General Page

Credentials Page

Device Groups Page

Policy Object Override Pages

AAA Server Groups Override Page

Interface Roles Override Page

Networks/Hosts Override Page

PKI Enrollments Override Page

Port Lists Override Page

Services Override Page

Service Groups Override Page

Text Objects Override Page

Device Shortcut Menu Options

Device Policies Shortcut Menu Options

Device Group Shortcut Menu Options

Edit Device Groups Page

Add Devices to Group Page

Add Group Dialog Box

Devices User Interface Reference

---

The following topics describe the user interface information for the Devices page:

•Devices Page

•Add Device from Network Wizard

•Add Device(s) from Config File Wizard

•Add New Device Wizard

•Add Device(s) from DCR Wizard

•Device Delete Validation Page

•Create a Clone of <device name> Page

•Device Properties Page

•Device Shortcut Menu Options

•Device Policies Shortcut Menu Options

•Device Group Shortcut Menu Options

•Edit Device Groups Page

•Add Devices to Group Page

•Add Group Dialog Box

Devices Page

Use the Devices page to view device information, to add, edit, or delete devices, and to assign policies to specific devices.

Navigation Path

To open this page, click the Device View button in the toolbar.

Related Topics

•Device Selector

•Policies Selector

•Contents Pane

•Create Filter Dialog Box

•Understanding the Device View, page 1-23

The Devices page contains two panes (Figure 1-1). The left pane contains the following two elements:

•Device selector, located in the top left pane. For more information, see
Device Selector.

•Policies selector, located in the bottom left pane. For more information, see Policies Selector.

The right pane is the main content area. For more information, see Contents Pane.

Device Selector

Use the Device selector to filter, add, and delete devices from the Security Manager inventory.

Related Topics

•Understanding the Device View, page 1-23

•Policies Selector

•Contents Pane

•Create Filter Dialog Box

Field Reference

Table A-1 Device Selector 

Element	Description
Device selector
Filter	Enables you to filter and display a subset of devices based on the filtering criteria you define. For more information, see Create Filter Dialog Box.
Add button	Opens the New Device - Choose Method wizard page that provides options, which enable you to add devices to the Security Manager inventory.
Delete button	Removes the selected device from the Security Manager inventory.
Device Tree	Lists all device groups and devices added to or created in Security Manager. Each device type is represented by an icon. For information about the icons, see Figure 1-2.

Create Filter Dialog Box

Use the Create Filter dialog box to filter and display a subset of devices based on the filtering criteria you define.

Navigation Path

Select Create Filter from the Filter field in a selector tree.

Related Topics

•Filtering the Device Selector, page 1-27

•Device Selector

Field Reference

Table A-2 Create Filter Dialog Box 

Element	Description
Device selector
Match Any of the Following	When clicked, creates an "or" relationship between all filter controls that you created in the filter control area. For example, you add the following two controls in the filter control area: •Name contains a •Type is ASA If you click OK, the two filter controls are combined into one filter with an "or" in between them. Name contains a or Type is ASA This filter is then available from the arrow in the Filter field. If you select this filter option, the Device selector displays devices that contain an "a" in their name or all devices that are ASA devices. See Filter Control Relationship Example, page 1-28.
Match All of the Following	When clicked, creates an "and" relationship between all the filter controls that you created in the filter control area. For example, you add the following two controls in the filter control area: •Name contains a •Type is ASA After you click OK, the two filter controls are combined into one filter with an "and" in between them. Name contains a and Type is ASA This filter is then available from the arrow in the Filter field. If you select this filter option, the Device selector displays all devices that have an "a" in their names and that are ASA devices because only devices that match both criteria are displayed. So only ASA devices that contain "a" in their device name are displayed. See Filter Control Relationship Example, page 1-28.
First Field—Filter Type	Provides two options: •Name—Filters the devices by device name. You specify the device name or portion of the device name in the Filter Value field (third field). •Type—Filters the devices by device type. You specify the type of device in the Filter Value field (third field).
Second Field—Filter Relation	Enables you to narrow the filter results by defining additional parameters. This field establishes a relationship between the filter type and the filter value fields. •If you select Name in the Filter Type field (first field), the following options are displayed: –contains –doesn't contain –is –isn't –begins with –ends with •If you select Type in the Filter Type field (first field), the following options are displayed: –is –isn't
Third Field—Filter Value	•If you select Name in the Filter Type field (first field), the Filter Value field is blank. Enter a string value; either the device name or part of the device name. •If you select Type in the Filter Type field (first field), the following options are displayed: –ASA –ASA IPS –PIX –Catalyst 6500/7600 –FWSM –IPSSM –Router –Cisco IDS Network Module –Sensor
Filter Control Content Area	Displays all the filter controls that you created. Filter controls are the filter name, filter relation, and filter value that you selected in a row format.
Add button	Adds a row of filter controls in the Filter Control Content area based on the filter name, filter relation, and filter value that you selected.
Remove button	Removes the selected row of filter control from the Filter Control Content area.
OK button	Saves your changes and closes the dialog box.
Cancel button	Closes the dialog box without saving your changes.
Help button	Opens help for this dialog box.

Policies Selector

Use the Polices selector located in the bottom left pane of the Devices page to display policies for the device types you select in the Device selector.

Based on the device you select in the Device selector, policies appropriate to that device type are displayed in the Policies selector. For details, see Working with Device Policies, page 1-80.

Related Topics

•Understanding the Device View, page 1-23

•Working with Device Policies, page 1-80

•Device Selector

•Contents Pane

Contents Pane

Use the Contents pane to view information. The information displayed in the Contents pane depends on the device you selected from the Device selector and the option you selected from the Policies selector.

Related Topics

•Understanding the Device View, page 1-23

•Device Selector

•Policies Selector

Add Device from Network Wizard

To add a device from the network, click the Add button in the Device selector. The New Device - Choose Method wizard page appears with four options. Select Add Device from Network, then click Next.

The following topics describe the pages in the Add Device from Network wizard:

•Device Information Page—Network

•Device Credentials Page

•Device Grouping Page

Device Information Page—Network

Use the Device Information page of the Add Device from Network wizard to add device information.

Navigation Path

You can access the Device Information page from the Add Device from Network wizard. Click the Add button in the Device selector, select Add Device from Network, then click Next.

Related Topics

•Understanding the Device View, page 1-23

•Adding Devices from the Network, page 1-32

•Device Credentials Page

•Device Grouping Page

•Auto Update Server Properties Dialog Box

•Available Auto Update Servers Dialog Box

•Discovering Policies, page 1-5

Field Reference

Table A-3 Device Information Page in Add Device from Network Wizard

Element	Description
Identity—
IP Type	Provides two options: •Static—Select this option if the device has a static IP address. •Dynamic— Applies to Cisco IOS routers only. Select this option if the device has a dynamic IP address obtained from a CNS Gateway running on an Auto Update Server. The device information fields displayed differ, depending on whether you select static or dynamic.
Hostname	Displayed for static IP types only. The DNS hostname for the device. Enter the DNS hostname if the IP address is not known. The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following character: - Note You must enter either the DNS hostname or the IP address. Two devices cannot have the same DNS hostname and domain name combination. For more information, see Cannot Add a DNS Hostname and Domain Name Combination that Exists in DCR, page 1-74.
Domain Name	Displayed for static IP types only. The DNS domain name for the device. The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following characters: . -
IP Address	Displayed for static IP types only. The management IP address of the device. Valid characters are . and 0-9. The IP address must be in the dotted quad format, for example, 192.64.3.8. Note You must enter either the IP address or the DNS hostname.
Display Name	For static IP types—Displays the hostname, which you can change. When you enter the hostname, it is entered automatically in the Display Name field. For dynamic IP types—Enter the name that you want displayed for the device. The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following characters: _ - . : and space Note Two devices cannot have the same display name. If the display name you enter already exists in DCR, a dialog box appears. See Cannot Add a Display Name that Exists in DCR, page 1-73.
Device Identity	Displayed for dynamic IP types only. The string value that uniquely identifies the device in Auto Update Server.
CNS Gateway	Displayed for dynamic IP types only. Enables you to select or add an Auto Update Server that is running the CNS Gateway protocol. If the Auto Update Server does not appear in the list, select + Add Auto Update Server... to display the Auto Update Server Properties dialog box. For a description of the fields in the page, see Auto Update Server Properties Dialog Box. Security Manager communicates with the AUS server running the CNS Gateway protocol to retrieve the IP address of an IOS device, then discovers directly from the IOS device. Note Only Cisco IOS routers with dynamic IP addresses can be associated with an Auto Update Server running the CNS Gateway protocol. Note You cannot add PIX Firewall, ASA, FWSM, or Catalyst 6500/7600 devices with a dynamic IP address from the Add Device from Network page.
OS Type	The family of the operating system running on the device: For static IP types: IOS, Catalyst 6500/7600, ASA, FWSM, or PIX For dynamic IP types: IOS
System Context	Discovers the device as a system context instead of a security context. Select the system context check box if the device you are adding is a PIX Firewall 7.0, ASA, or FWSM device that meets the following criteria: •The device supports system contexts. •The device is running in multi-mode.
Discover Device Settings
Discover	Provides the following discovery options: •Policies and Inventory—When selected, discovers policies and interfaces. This is the default option. When policy discovery is initiated, the system analyzes the configuration on the device, then imports the configured service and platform policies into Security Manager to be managed. When inventory discovery is initiated, the system analyzes the interfaces on the device and then imports them into Security Manager to be managed. If the device is a composite device, all the service modules in that device are discovered. If you select this option, the following policies are displayed: –Platform Settings—Also called platform-specific policy domains. Platform-specific policy domains exist on firewall devices and Cisco IOS routers. These domains contain policies that configure features that are specific to the selected platform. For more information, see Service Policies vs. Platform-Specific Policies, page 1-3. This is the default option. –Firewall Policies—Also called firewall services. Firewall services contain policies such as access rules, inspection rules, AAA rules, web filter rules, and transparent rules. For details see, Firewall Services, page A-635. This is the default option. –Discover Policies for Security Context—When selected, discovers policies for security contexts. Security contexts apply to PIX Firewall, ASA, or FWSM devices. This field is active for static IP type only.
	•Inventory Only—When selected, discovers interfaces. If the device is a composite device, all the service modules in that device are discovered.
	•No Discovery—When selected, Security Manager does not initiate discovery.
Back button	Returns to the previous wizard page.
Next button	Advances to the next wizard page.
Cancel button	Closes the wizard without saving your changes.
Help button	Opens help for this page.

Auto Update Server Properties Dialog Box

Use the Auto Update Server Properties dialog box to provide the Auto Update Server properties information.

Navigation Path

Select + Add Auto Update Server... from the CNS Gateway field in the Device Information page of the Add Device from Network wizard.

Related Topics

•Device Information Page—Network

•Available Auto Update Servers Dialog Box

•Adding an Auto Update Server When Adding a Device from Network, page 1-66

Field Reference

Table A-4 Auto Update Server Properties Dialog Box

Element	Description
Server Name	The hostname of the Auto Update Server.
Domain Name	The domain name of the Auto Update Server.
IP Address	The IP address of the Auto Update Server.
Display Name	The name that is displayed for the Auto Update Server.
Username	The username of the Auto Update Server.
Password	The password for accessing the Auto Update Server. In the Confirm field, enter the password again.
Port	The port number that the AUS managed device uses to communicate with the Auto Update Server. Port number is typically 443.
URN	The uniform resource name of the Auto Update Server. URN is the name that identifies the resource on the Internet. URN is part of a URL, for example, /autoupdate/AutoUpdateServlet. The full URL could be: https://:<server ip>:443/autoupdate/AutoUpdateServlet where: •<server ip> is the IP address of the Auto Update Server. •443 is the port number of the Auto Update Server. •/autoupdate/AutoUpdateServlet is the URN of the Auto Update Server.
OK button	Saves your changes and closes the dialog box.
Cancel button	Closes the dialog box without saving your changes.
Help button	Opens help for this dialog box.

Available Auto Update Servers Dialog Box

Use the Available Auto Update Servers dialog box to select, edit, or add an Auto Update Server.

Navigation Path

Select Edit Auto Update Servers from the CNS Gateway field in the Device Information page of the Add Device from Network wizard.

Related Topics

•Device Information Page—Network

•Auto Update Server Properties Dialog Box

•Editing the Auto Update Server Information when Adding Device from Network, page 1-69

•Adding an Auto Update Server When Adding a Device from Network, page 1-66

Field Reference

Table A-5 Available Auto Update Servers Dialog Box 

Element	Description
Display Name	The name that is displayed for the Auto Update Server.
IP Address	The IP address of the Auto Update Server.
Server Name	The hostname of the Auto Update Server.
Domain Name	The domain name of the Auto Update Server.
Create button	Enables you to add a new Auto Update Server. When clicked, opens the Auto Update Server Properties dialog box. For a description of the elements, see Auto Update Server Properties Dialog Box.
Edit button	Enables you to edit the Auto Update Server information. When clicked, opens the Auto Update Server Properties dialog box. For a description of the elements, see Auto Update Server Properties Dialog Box.
OK button	Saves your changes and closes the dialog box.
Cancel button	Closes the dialog box without saving your changes.
Help button	Opens help for this dialog box.

Device Credentials Page

Use the Device Credentials page to add credentials for the device. For information about device credentials, see Understanding Device Credentials, page 1-70.

---

Note You can use a maximum of 70 characters to define device credentials. The only restriction is that you may not add a space in the password.

---

Navigation Path

You can access the Device Credentials page from the Add Device from Network and from the Add New Device wizards. To access the wizards, click the Add button in the Device selector, then select the appropriate add device method.

Related Topics

•Understanding Device Credentials, page 1-70

•Device Contact Credentials Naming Guidelines, page 1-72

•Add Device from Network Wizard

•Add New Device Wizard

•Rx-Boot Mode Credentials Dialog Box

•SNMP Credentials Dialog Box

•HTTP Credentials Dialog Box

Field Reference

Table A-6 Device Credentials Page 

Element	Description
Primary Credentials—Required for all device types.
Username	The username for logging into the device.
Password	The password for logging into the device. In the Confirm field, enter the password again.
Enable Password	The password that activates enable mode on a device if enable mode is configured on that device. In the Confirm field, enter the enable password again.
SDEE Credentials—Displayed for devices that support Intrusion Prevention Systems (IPS), such as Cisco IOS routers, ASA, and IDS.
Username	The SDEE username.
Password	The SDEE password. In the Confirm field, enter the SDEE password again.
HTTP Credentials—Displayed for devices that support IPS, such as Cisco IOS routers, ASA, and IDS. This information is required for devices that support SDEE.
HTTP Port	Port 80.
HTTPs Port	Port 443.
Certificate Common Name	The name assigned to the certificate. The common name can be the name of a person, system, or other entity that was assigned to the certificate. In the Confirm field, enter the common name again.
Mode	HTTP or HTTPS.
Rx-Boot Mode Credentials Tab
For more information, see Rx-Boot Mode Credentials Dialog Box
SNMP Credentials Tab
For more information, see SNMP Credentials Dialog Box
HTTP Credentials Tab—Displayed for PIX Firewall, FWSM, and Catalyst 6500/7600 devices.
For more information, see HTTP Credentials Dialog Box
Back button	Returns to the previous wizard page.
Next button	Advances to the next wizard page.
Finish button	Saves your wizard definitions and closes the wizard. After you click Finish, the system performs device validation tasks. If the data you entered is incorrect, the system generates error messages and displays the wizard page where the error occurs with a red error icon corresponding to it. Otherwise, the Task Status page appears, displaying the status of the device import and discovery.
Cancel button	Closes the wizard without saving your changes.
Help button	Opens help for this page.

Rx-Boot Mode Credentials Dialog Box

Use the RX-Boot Mode Credentials dialog box to add RX-Boot mode credentials.

Navigation Path

You can access the RX-Boot Mode Credentials dialog box from the Device Credentials page in the Add Device from Network and the Add New Device wizards. To access the wizards, click the Add button in the Device selector, then select the appropriate add device method.

Related Topics

•Add Device from Network Wizard

•Add New Device Wizard

•Device Credentials Page

Field Reference

Table A-7 Rx-Boot Mode Credentials Dialog Box 

Element	Description
Username	The Rx-Boot Mode username.
Password	The Rx-Boot Mode password. In the Confirm field, enter the Rx-Boot mode password again.
OK button	Saves your changes and closes the dialog box.
Cancel button	Closes the dialog box without saving your changes.
Help button	Opens help for this dialog box.

SNMP Credentials Dialog Box

Use the SNMP Credentials dialog box to add SNMP credentials.

Navigation Path

You can access the SNMP Credentials dialog box from the Device Credentials page in the Add Device from Network and the Add New Device wizards. To access the wizards, click the Add button in the Device selector, then select the appropriate add device method.

Related Topics

•Add Device from Network Wizard

•Add New Device Wizard

•Device Credentials Page

Field Reference

Table A-8 SNMP Credentials Dialog Box 

Element	Description
SNMP V2C
RO Community String	The read-only community string. In the Confirm field, enter the community string again.
RW Community String	The read-write community string. In the Confirm field, enter the community string again.
SNMP V3
Username	The SNMP V3 username.
Password	The SNMP V3 password. In the Confirm field, enter the password again.
Auth Algorithm	The authorization algorithm for encrypting the password. Valid selections are MD5 or SHA-1.
OK button	Saves your changes and closes the dialog box.
Cancel button	Closes the dialog box without saving your changes.
Help button	Opens help for this dialog box.

HTTP Credentials Dialog Box

Use the HTTP Credentials dialog box to add HTTP credentials.

Navigation Path

You can access the HTTP Credentials dialog box from the Device Credentials page in the Add Device from Network and the Add New Device wizards. To access the wizards, click the Add button in the Device selector, then select the appropriate add device method.

Related Topics

•Add Device from Network Wizard

•Adding a New Device, page 1-49

•Device Credentials Page

Field Reference

Table A-9 HTTP Credentials Dialog Box 

Element	Description
Username	The HTTP username.
Password	The HTTP password.
HTTP Port	Port 80.
HTTPS Port	Port 443.
Certificate Common Name	The common name assigned to the certificate. The common name can be the name of a person, system, or other entity that was assigned to the certificate. In the Confirm field, enter the password again.
Mode	HTTP or HTTPS.
OK button	Saves your changes and closes the dialog box.
Cancel button	Closes the dialog box without saving your changes.
Help button	Opens help for this dialog box.

FWSM Credentials and VPN SPA Slot Location Dialog Box

Use the Firewall Service Module Credentials and VPN SPA Slot Location dialog box to add FWSM credentials and Catalyst VPN Shared Port Adapter (VPN SPA) subslot locations.

Navigation Path

After you have successfully added a Catalyst 6500/7600 device as described in Adding Devices from the Network, you are asked if you want to proceed with FWSM inventory and policy discovery. If you click Yes, the Firewall Service Module Credentials and VPN SPA Slot Location window appears.

Related Topics

•Add Device from Network Wizard

•Adding Catalyst 6500/7600 Devices from the Network, page 1-42

•Configuring Security Contexts on Firewall Devices, page 1-103

Field Reference

Table A-10 Firewall Service Module Credentials and VPN SPA Slot Location Dialog Box 

Element	Description
Slot <number> Credentials
Management IP	The management IP address for the FWSM. Although this is optional, we recommend that you enter the management IP address because: •If you do not enter the management IP address, Security Manager connects to the Catalyst 6500/7600 device through SSH and then to the FWSM through the session command. The number of concurrent SSH sessions is limited on a Catalyst 6500/7600 device, with a default of 5. Policy discovery uses one SSH session for each security context. If there are a large number of security contexts, even with the retry mechanism in place, Security Manager might fail to connect. •If you do enter the management IP address, Security Manager connects to the FWSM through SSL, which has a greater concurrent session limit. For FWSM failover management, the management IP address serves as a logical address to connect to an active FWSM. Without the management IP address, Security Manager might connect to a standby FWSM after a failover switch.
Username	The username for the FWSM. If the device you are adding is a multi-mode FWSM, and you entered the management IP address, you must configure the same username, password, and enable password for both System Space and Admin Context in the Catalyst 6500/7600 device and enter those credentials in this field. For details, see Adding Catalyst 6500/7600 Devices from the Network, page 1-42.
Password	The password for the FWSM. In the Confirm field, enter the password again. If the device you are adding is a multi-mode FWSM, and you entered the management IP address, you must configure the same username, password, and enable password for both System Space and Admin Context in the Catalyst 6500/7600 device and enter those credentials in this field. For details, see Adding Catalyst 6500/7600 Devices from the Network, page 1-42.
Enable Password	The enable password for the FWSM. In the Confirm field, enter the password again. If the device you are adding is a multi-mode FWSM, and you entered the management IP address, you must configure the same username, password, and enable password for both System Space and Admin Context in the Catalyst 6500/7600 device and enter those credentials in this field. For details, see Adding Catalyst 6500/7600 Devices from the Network, page 1-42.
Discover Policies check box	Discovers policies for the FWSM. This check box is selected by default. If you deselect the check box, only inventory data, such as VLAN configuration, security contexts, and interfaces are discovered. You can discover the policy configuration later by right-clicking an FWSM, then selecting Discover Policies on Device.
VPN SPA Slots	The location of any Cisco IPSec VPN SPA installed on the device. Each slot is divided into two subslots that can hold one to two VPN SPAs. Enter the slot and subslot location of each installed VPN SPA, separated by a comma. You can also click Select to open the VPN SPA Slot Selector from which you can select the slot and subslot locations from a list. For more information about configuring a VPN SPA blade, see Configuring a Catalyst VPN Shared Port Adapter (VPN SPA) Blade, page 1-32.
OK button	Saves your changes and closes the dialog box.
Cancel button	Closes the dialog box without saving your changes.
Help button	Opens help for this dialog box.

VPN SPA Slots Dialog Box

Use the VPN SPA Slots dialog box to add the locations of any VPN SPAs installed on Catalyst 6500/7600 devices.

Navigation Path

After you have successfully added a Catalyst 6500/7600 device as described in Adding Devices from the Network, you are asked if you want to proceed with FWSM inventory and policy discovery. If you decide not to discover service modules and policies at this time by clicking No, the VPN SPA Slots Dialog Box appears.

Related Topics

•Add Device from Network Wizard

•Adding Catalyst 6500/7600 Devices from the Network, page 1-42

•Adding VPN SPA Slot Locations, page 1-44

•Configuring a Catalyst VPN Shared Port Adapter (VPN SPA) Blade, page 1-32

Field Reference

Table A-11 VPN SPA Slots Dialog Box 

Element	Description
VPN SPA Slots	The location of any VPN SPAs installed on the device. Each slot is divided into two subslots that can hold one to two VPN SPAs. Enter the slot and subslot location of each VPN SPA installed, separated by a comma. You can also click Select to open the VPN SPA Slot Selector in which you can choose the slot and subslot locations from a list. For more information about configuring a VPN SPA blade, see Configuring a Catalyst VPN Shared Port Adapter (VPN SPA) Blade, page 1-32.
Select button	Opens the VPN SPA Slot selector. For details see VPN SPA Slot Selector.
OK button	Saves your changes and closes the dialog box.
Cancel button	Closes the dialog box without saving your changes.
Help button	Opens help for this dialog box.

VPN SPA Slot Selector

Use the VPN SPA Slot selector to add the locations of any Cisco VPN SPAs (VPN SPAs) installed on Catalyst 6500/7600 devices. A slot can hold two separate VPN SPAs, therefore you must enter a subslot number. The subslot number for the first subslot is 0, and for the second one is 1.

Navigation Path

You can access the VPN SPA Slot selector in one of two ways:

•Click Select next to the VPN SPA Slots field in the Firewall Service Module Credentials and VPN SPA Slot Location Dialog Box.

•Click Select next to the VPN SPA Slots field in the VPN SPA Slots dialog box that appears when you decline policy discovery for service modules on a Catalyst 6500/7600 device(s).

For the procedure, see Adding VPN SPA Slot Locations, page 1-44.

Related Topics

•Add Device from Network Wizard

•Adding Catalyst 6500/7600 Devices from the Network, page 1-42

•Configuring a Catalyst VPN Shared Port Adapter (VPN SPA) Blade, page 1-32

Field Reference

Table A-12 VPN SPA Slot Selector 

Element	Description
Available Slots/Subslots	Contains two elements: •Filter field—Filters and displays a subset of devices based on the filtering criteria you define. For more information, see Create Filter Dialog Box. •Available Slot/Subslots List—Displays list of available slots, numbered according to the number of slots on the device chassis on the left of the "/", and two subslots numbered 0 and 1 to the right of the "/". A VPN SPA card resides in one half of a slot, called a subslot, so each slot can contain one or two VPN SPA cards.
>> button << button	Moves the selected slots from one pane to the other pane.
Selected Slots/Subslots	Displays all the Slot/Subslots that you selected.
OK button	Saves your changes and closes the dialog box.
Cancel button	Closes the dialog box without saving your changes.
Help button	Opens help for this dialog box.

Device Grouping Page

Use the Device Grouping page to assign devices to groups.

Navigation Path

You can access the Device Grouping page from all of the add device wizards. For the procedures, see:

•Adding Devices from the Network, page 1-32

•Adding Devices from a Configuration File, page 1-44

•Adding a New Device, page 1-49

•Adding Devices from DCR, page 1-58

Related Topics

•Understanding Device Grouping, page 1-83

•Edit Device Groups Page

•Adding Devices from the Network, page 1-32

•Adding Devices from a Configuration File, page 1-44

•Adding a New Device, page 1-49

•Adding Devices from DCR, page 1-58

Field Reference

Table A-13 Device Grouping Page 

Element	Description
Group Types, such as Department and Location	The group type, for example, Department or Location, into which the device will be grouped. Enables you to select an existing group or to create a new group under a group type. To create a new group, click the arrow, then select Edit Groups. The Edit Device Groups page appears. For a description of the fields in this page, see Edit Device Groups Page.
Set values as default	When selected, sets the current values as defaults. These values are defaults for adding and editing device groups later.
Back button	Returns to the previous wizard page.
Finish button	Saves your wizard definitions and closes the wizard. After you click Finish, the system performs device validation tasks. If the data you entered is incorrect, the system generates error messages and displays the wizard page where the error occurs with a red error icon corresponding to it. Otherwise, the Task Status page appears, displaying the status of the device import and discovery.
Cancel button	Closes the wizard without saving your changes.
Help button	Opens help for this page.

Add Device(s) from Config File Wizard

To add a device from a config file, click Add in the Device selector. The New Device - Choose Method wizard page appears with four options. Select Add Devices from Config File, then click Next.

The following topics describe the pages in the Add Device from Config File wizard:

•Device Information Page—Config File

•Device Grouping Page

Device Information Page—Config File

Use the Device Information page of the Add Device from Config File wizard to add device information.

Navigation Path

You can access the Device Information page from the Add Device from Config File wizard. Click the Add button in the Device selector, select Add Device from Config File, then click Next.

Related Topics

•Understanding the Device View, page 1-23

•Adding Devices from a Configuration File, page 1-44

•Device Grouping Page

•Discovering Policies, page 1-5

Field Reference

Table A-14 Device Information Page in Add Device from Config File Wizard 

Element	Description
Device Type
Device Type selector	Organizes the devices by device-type and device-family. Select the device type for the new device. Note If you do not know the device type, select the device-family folder. Security Manager automatically selects the first available device type under that family. System object IDs for that device type are displayed in the SysObjectId field.
SysObjectId	The system object IDs for the device type you selected from the Device Type selector. When you click the device type from the Device Type selector, the system object IDs for that particular device are displayed in this field. When you specify the device type, the first available system object ID of the first device type is selected by default. You can select another one if needed.
Configuration Files	Enter the full path to the directory containing the device configuration files, or click Browse to navigate to the directory.
Browse button	Opens the Choose Files dialog box, which enables you to navigate and locate the device configuration files. For elements in this page, see Choose Files Dialog Box.
Discover Device Settings
Discover	Provides the following discovery options: •Policies and Inventory—When selected, discovers policies and interfaces. This is the default option. When policy discovery is initiated, the system analyzes the configuration on the device, then imports the configured service and platform policies into Security Manager to be managed. When inventory discovery is initiated, the system analyzes the interfaces on the device and then imports them into Security Manager to be managed. If the device is a composite device, all the service modules in that device are discovered. If you select this option, the following policies are displayed: –Platform Settings—Also called platform-specific policy domains. Platform-specific policy domains exist on firewall devices and Cisco IOS routers. These domains contain policies that configure features that are specific to the selected platform. For more information, see Service Policies vs. Platform-Specific Policies, page 1-3. This is the default option. –Firewall Policies—Also called firewall services. Firewall services include policies such as access rules, inspection rules, AAA rules, web filter rules, and transparent rules. For details see, Firewall Services, page A-635. This is the default option.
	•Inventory Only—When selected, discovers interfaces. If the device is a composite device, all the service modules in that device are discovered.
	•No Discovery—When selected, Security Manager does not initiate discovery.
Back button	Returns to the previous wizard page.
Next button	Advances to the next wizard page.
Finish button	Saves your wizard definitions and closes the wizard. After you click Finish, the system performs device validation tasks. If the data you entered is incorrect, the system generates error messages and displays the wizard page where the error occurs with a red error icon corresponding to it. Otherwise, the Task Status page appears, displaying the status of the device import and discovery.
Cancel button	Closes the wizard without saving your changes.
Help button	Opens help for this page.

Choose Files Dialog Box

Use the Choose Files dialog box to navigate and locate the device configuration file.

Navigation Path

Click the Browse button in the Device Information page of the Add Device from Config File wizard.

Related Topics

•Device Information Page—Config File

Field Reference

Table A-15 Choose Files Dialog Box

Element	Description
Left pane	Displays all the folders on the server.
Right pane	The contents of the folder that you selected in the left pane. Enables you to navigate and select the appropriate configuration files.
File Selected	Displays the configuration files that you selected from the right pane.
File of Type	Determines the type of files you want displayed in the right pane. When you select or enter a file type, corresponding files are displayed in the right pane.
OK button	Saves your changes and closes the dialog box.
Cancel button	Closes the dialog box without saving your changes.
Help button	Opens help for this dialog box.

Device Grouping Page

For elements in the Device Grouping page, see Device Grouping Page.

Add New Device Wizard

To add a single device, click Add in the Device selector. The New Device - Choose Method wizard page appears with four options. Select Add New Device, then click Next.

The following topics describe the pages in the Add New Device wizard:

•Device Information Page—New Device

•Device Credentials Page

•Device Grouping Page

Device Information Page—New Device

Use the Device Information page of the Add New Device wizard to add device information.

Navigation Path

You can access the Device Information page from the Add New Device wizard. Click the Add button in the Device selector, select Add New Device, then click Next.

Related Topics

•Understanding the Device View, page 1-23

•Adding a New Device, page 1-49

•Device Credentials Page

•Device Grouping Page

•Server Properties Dialog Box

•Available Servers Dialog Box

•CNS-Configuration Engine Properties Dialog Box

•Available Configuration Engines Dialog Box

Field Reference

Table A-16 Device Information Page in Add New Device Wizard 

Element	Description
Device Type
Device Type selector	Organizes the devices by device-type and device-family. Select the device type for the new device. System object IDs for that device type are displayed in the SysObjectId field.
Selected Device Type	Displays the device type you selected in the Device Type selector.
SysObjectId	The system object IDs for the device type you selected from the Device Type selector. The first system object ID is selected by default. You can select another one if needed.
Identity
IP Type	Provides two options: Static or Dynamic. Depending on the IP type you select, the displayed fields differ.
Hostname	Displayed for static IP types only. The DNS hostname for the device. Enter the DNS hostname if the IP address is not known. The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following character: - Note You must enter either the DNS hostname or the IP address. Two devices cannot have the same DNS hostname and domain name combination. For more information, see Cannot Add a DNS Hostname and Domain Name Combination that Exists in DCR, page 1-74.
Domain Name	Displayed for static IP types only. The DNS domain name for the device. The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following characters: . -
IP Address	Displayed for static IP types only. The management IP address of the device. Valid characters are. and 0-9. The IP address must be in the dotted quad format, for example 192.64.3.8. Note This field is active only if the IP type is static. Note You must enter either the IP address or the DNS hostname.
Display Name	Displays the hostname, which you can change. When you enter the hostname, the same name is entered automatically in the Display Name field. The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following characters: _ - . : and space Note Two devices cannot have the same display name. Note If the display name you enter already exists in DCR, a dialog box appears. See Cannot Add a Display Name that Exists in DCR, page 1-73.
Operating System
OS Type	Based on the device type, the OS type is selected automatically.
Image Name	The name of the image.
Target OS Version	The target OS version for which you want to apply the configuration.
Contexts	This field is displayed only if the OS type is an FWSM, ASA, or PIX Firewall 7.0. The two options available are: Single or Multi.
Operational Mode	This field is displayed only if the OS type is an FWSM, ASA, or PIX Firewall 7.0. The two options available are: Transparent, Routed, or Mixed (Mixed applies only to FWSM 3.1 when the Contexts is Multi).
Auto Update—Displayed for PIX Firewall and ASA devices. Note For Catalyst 6500/7600 and FWSM devices, this field is not active.
Server	Enables you to select or add an Auto Update Server or a Configuration Engine. If the server does not appear in the list, select + Add Server... to display the Server Properties dialog box. For a description of the fields in the page, see Server Properties Dialog Box.
Device Identity	The string value that uniquely identifies the device in Auto Update Server or the Configuration Engine.
CNS-Configuration Engine—Displayed for Cisco IOS routers. Note This field is not active for Catalyst 6500/7600 and FWSM devices.
Server	Depending on the IP type selected, Static or Dynamic, different information is displayed: •Cisco IOS routers with static IP addresses—Enables you to select or add a Configuration Engine. If the Configuration Engine does not appear in the list, select + Add Configuration Engine... to display the CNS-Configuration Engine Properties dialog box. For a description of the fields in the page, see CNS-Configuration Engine Properties Dialog Box. •Cisco IOS routers with dynamic IP addresses—Enables you to select or add an Auto Update Server or a Configuration Engine. If the server does not appear in the list, select + Add Server... to display the Server Properties dialog box. For a description of the fields in the page, see Server Properties Dialog Box.
Device Identity	The string value that uniquely identifies the device in Auto Update Server or the Configuration Engine.
Additional Fields
Manage in Cisco Security Manager	When selected, Security Manager manages the device. This check box is selected by default. If the only function of the device you are adding is to serve as a VPN end point, this check box should be deselected. Security Manager will not manage configurations nor will it upload or download configurations on this device.
Security Context of Unmanaged Device	This field is active only if the device you selected in the Device selector is a firewall device, such as PIX Firewall, ASA, or FWSM and that firewall device supports security context. When selected, manages a security context, whose parent (PIX Firewall, ASA, or FWSM) is not managed by Security Manager. You can partition a PIX Firewall, ASA, or FWSM into multiple security firewalls, also known as security contexts. Each context is an independent system, with its own configuration and policies. You can manage these standalone contexts in Security Manager, even though the parent (PIX Firewall, ASA, or FWSM) is not managed by Security Manager. For more information, see Configuring Security Contexts on Firewall Devices, page 1-103. Note If you select this check box, the available target OS version for the security module is displayed in the Target OS Version field.
Manage in IPS Manager	This field is active only if the device you selected in the Device selector is a Cisco IOS router. When selected, manages the Cisco IOS router in IPS Manager. Note If you select this check box, you must select the Manage in Cisco Security Manager check box also. If the selected device is IDS, this field is not active, but the check box is selected because IPS Manager manages IDS sensors. If the selected device is PIX Firewall, ASA, or FWSM, this field is not active because IPS Manager does not manage these device types. Note If you selected the Manage in IPS Manager check box to manage a Cisco IOS router or an IDS sensor, you must start the IPS Manager application to perform configuration and deployment tasks on that device. See Managing Devices with IPS Manager, page 1-82.
Back button	Returns to the previous wizard page.
Next button	Advances to the next wizard page.
Finish button	Saves your wizard definitions and closes the wizard. When you click Finish, the system performs device validation tasks. If all looks okay, the wizard definitions are saved and the wizard closes. The device is added to the inventory and it appears in the Device selector. If errors are found, the system generates error messages and displays the wizard page where the error occurs.
Cancel button	Closes the wizard without saving your changes.
Help button	Opens help for this page.

Server Properties Dialog Box

Use the Server Properties dialog box to provide the Auto Update Server or Configuration Engine properties information.

Navigation Path

Click the + Add Server... from the Server field in the Device Information page of the Add New Device wizard. For detailed procedure, see Adding an Auto Update Server or Configuration Engine When Adding a New Device, page 1-65.

Related Topics

•Available Servers Dialog Box

•Device Information Page—New Device

•Adding an Auto Update Server or Configuration Engine When Adding a New Device, page 1-65

Field Reference

Table A-17 Server Properties Dialog Box

Element	Description
Type	The type of server managing the device. Click the arrow to select one of the following options: •Auto Update Server—Select this option if the device you are adding is managed by an Auto Update Server. •Configuration Engine—Select this option if the device you are adding is managed by a Configuration Engine.
Server Name	The hostname of the server.
Domain Name	The domain name of the server.
IP Address	The IP address of the server.
Display Name	The name that is displayed for the server.
Username	The username for the server.
Password	The password for accessing the server. In the Confirm field, enter the password again.
Port	The port number that the Auto Update Server or Configuration Engine managed device uses to communicate with the server. Port number is typically 443.
URN	This field is displayed when you select Auto Update Server from the Type field only. It is not displayed when you select CNS-Configuration Engine. The uniform resource name for the Auto Update Server. URN is the name that identifies the resource on the Internet. URN is part of a URL, for example, /autoupdate/AutoUpdateServlet. The full URL could be: https://:<server ip>:443/autoupdate/AutoUpdateServlet where: •<server ip> is the IP address of the Auto Update Server. •443 is the port number of the Auto Update Server. •/autoupdate/AutoUpdateServlet is the URN of the Auto Update Server.
OK button	Saves your changes and closes the dialog box.
Cancel button	Closes the dialog box without saving your changes.
Help button	Opens help for this dialog box.

Available Servers Dialog Box

Use the Available Servers dialog box to select, edit, or add an Auto Update Server or Configuration Engine.

Navigation Path

Select Edit Servers from the Server field in the Device Information page of the Add New Device wizard. For detailed procedure, see Editing an Auto Update Server or Configuration Engine When Adding a New Device, page 1-68.

Related Topics

•Server Properties Dialog Box

•Device Information Page—New Device

•Editing an Auto Update Server or Configuration Engine When Adding a New Device, page 1-68

•Adding an Auto Update Server or Configuration Engine When Adding a New Device, page 1-65

Field Reference

Table A-18 Available Servers Dialog Box 

Element	Description
Display Name	The name that is displayed for the server.
Type	The type of server: AUS or CNS.
IP Address	The IP address of the server.
Server Name	The hostname of the server.
Domain Name	The domain name of the server.
Create button	Enables you to add a new server. When clicked, the Server Properties dialog box appears. For a description of the elements, see Server Properties Dialog Box.
Edit button	Enables you to edit the server information. When clicked, the Server Properties dialog box appears. For a description of the elements, see Server Properties Dialog Box.
OK button	Saves your changes and closes the dialog box.
Cancel button	Closes the dialog box without saving your changes.
Help button	Opens help for this dialog box.

CNS-Configuration Engine Properties Dialog Box

Use the CNS-Configuration Engine Properties dialog box to provide the Configuration Engine properties information.

Navigation Path

Click the + Add Configuration Engine... from the Server field in the Device Information page of the Add New Device wizard.

Related Topics

•Available Configuration Engines Dialog Box

•Device Information Page—New Device

Field Reference

Table A-19 CNS-Configuration Engine Properties Dialog Box

Element	Description
Server Name	The hostname of the Configuration Engine.
Domain Name	The domain name of the Configuration Engine.
IP Address	The IP address of the Configuration Engine.
Display Name	The name that is displayed for the Configuration Engine.
Username	The username for the Configuration Engine.
Password	The password for accessing the Configuration Engine. In the Confirm field, enter the password again.
Port	The port number that the CNS managed device uses to communicate with the Configuration Engine. Port number is typically 443.
OK button	Saves your changes and closes the dialog box.
Cancel button	Closes the dialog box without saving your changes.
Help button	Opens help for this dialog box.

Available Configuration Engines Dialog Box

Use the Available Configuration Engines dialog box to select, edit, or add a Configuration Engine.

Navigation Path

Select Edit Configuration Engines...from the Server field in the Device Information page of the Add New Device wizard.

Related Topics

•CNS-Configuration Engine Properties Dialog Box

•Device Information Page—New Device

Field Reference

Table A-20 Available Configuration Engines Dialog Box 

Element	Description
Display Name	The name that is displayed for the Configuration Engine.
IP Address	The IP address of the Configuration Engine.
Server Name	The hostname of the Configuration Engine.
Domain Name	The domain name of Configuration Engine.
Create button	Enables you to add a new Configuration Engine. When clicked, the CNS-Configuration Engine Properties dialog box appears. For a description of the elements, see CNS-Configuration Engine Properties Dialog Box.
Edit button	Enables you to edit the Configuration Engine information. When clicked, the CNS-Configuration Engine Properties dialog box appears. For a description of the elements, see CNS-Configuration Engine Properties Dialog Box.
OK button	Saves your changes and closes the dialog box.
Cancel button	Closes the dialog box without saving your changes.
Help button	Opens help for this dialog box.

Device Credentials Page

For elements in the Device Credentials page, see Device Credentials Page.

Device Grouping Page

For elements in the Device Grouping page, see Device Grouping Page.

Add Device(s) from DCR Wizard

To add a device from DCR into Security Manager, click Add in the Device selector. The New Device - Choose Method wizard page appears with four options. Select Add Devices from DCR, then click Next.

The following topics describe the pages in the Add Device from DCR wizard:

•Device Information Page—DCR

•Device Grouping Page

Device Information Page—DCR

Use the Device Information page of the Add Device from DCR wizard to add devices from DCR to Security Manager.

The Device Information page displays two panes: the left pane is called DCR List of Devices and the right pane is called Selected Devices. These panes have arrows between them that enable you to move devices from one pane to the other.

Navigation Path

You can access the Device Information page from the Add Device from DCR wizard. Click the Add button in the Device selector, select Add Device from DCR, then click Next.

Related Topics

•Understanding the Device View, page 1-23

•Adding Devices from DCR, page 1-58

•Device Grouping Page

•Create Filter Dialog Box

•Discovering Policies, page 1-5

Field Reference

Table A-21 Device Information Page in Add Device(s) from DCR Wizard 

Element	Description
DCR List of Devices pane	Contains two elements: •Filter field—Filters and displays a subset of devices based on the filtering criteria you define. For more information, see Create Filter Dialog Box. •System Defined Groups—Displays device groups and devices that are available in the Device and Credential Repository (DCR) but not in Security Manager. DCR resides in the CiscoWorks Server. DCR is a common repository of devices that stores device attributes and device credential information.
>> button << button	Moves the selected devices from one pane to the other pane.
Selected Devices pane	Displays all the devices that you selected to add from DCR into Security Manager.
Discover Device Settings
Discover	Provides the following discovery options: •Policies and Inventory—When selected, discovers policies and interfaces. This is the default option. When policy discovery is initiated, the system analyzes the configuration on the device, then imports the configured service and platform policies into Security Manager to be managed. When inventory discovery is initiated, the system analyzes the interfaces on the device and then imports them into Security Manager to be managed. If the device is a composite device, all the service modules in that device are discovered. If you select this option, the following policies are displayed: –Platform Settings—Also called platform-specific policy domains. Platform-specific policy domains exist on firewall devices and Cisco IOS routers. These domains contain policies that configure features that are specific to the selected platform. For more information, see Service Policies vs. Platform-Specific Policies, page 1-3. This is the default option. If you do not want these discovered, deselect this check box. –Firewall Policies—Also called firewall services. Firewall services include policies such as access rules, inspection rules, AAA rules, web filter rules, and transparent rules. For details see, Firewall Services, page A-635. This is the default option. If you do not want these discovered, deselect this check box.
	•Inventory Only—When selected, discovers interfaces. If the device is a composite device, all the service modules in that device are discovered.
	•No Discovery—When selected, Security Manager does not initiate discovery.
Manage in IOS-IPS Device in IPS Manager	Select this check box to manage Cisco IOS-IPC devices, such as Cisco IOS routers and IDS sensors in IPS Manager. If the devices you selected from the DCR List of Devices pane contain Cisco IOS routers and IDS sensors, you can choose to manage them in IPS-MC by selecting this check box.
Back button	Returns to the previous wizard page.
Next button	Advances to the next wizard page.
Finish button	Saves your wizard definitions and closes the wizard. After you click Finish, the system performs device validation tasks. If the data you entered is incorrect, the system generates error messages and displays the wizard page where the error occurs with a red error icon corresponding to it. Otherwise, the Task Status page appears, displaying the status of the device import and discovery.
Cancel button	Closes the wizard without saving your changes.
Help button	Opens help for this page.

Device Grouping Page

For elements in the Device Grouping page, see Device Grouping Page.

Device Delete Validation Page

Use the Device Delete Validation page to view error and warning messages during device deletion.

Navigation Path

Select a device from the Device selector, then click the Delete button.

Related Topics

•Deleting Devices from the Security Manager Inventory, page 1-82

•Devices Page

•Device Delete Validation Details Dialog Box

Field Reference

Table A-22 Device Delete Validation Page

Element	Description
Severity	Displays one or all of the following: •Error icon—A problem was detected. See the Results column for details. •Warning icon—Proceed with caution. See the Results column for details. •Information icon—Information about the problem. See the Results column for details. Note This column is not displayed if the status is Passed and there are no errors, warnings, or informational messages to report.
Device	Displays the name of the device that you are trying to delete. Note This column is not displayed if the status is Passed and there are no errors, warnings, or informational messages to report.
Result	Provides detailed information about the severity. Double click a row to open the Device Delete Validation Details. See Device Delete Validation Details Dialog Box. Note This column is not displayed if the status is Passed and there are no errors, warnings, or informational messages to report.
OK button	Proceeds with deletion. The OK button appears only if the system has not experienced errors. You might see warning messages though. Read the warning message details in the Results column to determine whether to continue the deletion. If you want to continue, click OK to proceed with the deletion.
Cancel button	Closes the dialog box without saving your changes.
Help button	Opens help for this page.

Device Delete Validation Details Dialog Box

Use the Device Delete Validation Details dialog box to view details about the device deletion.

Navigation Path

You can access the Device Delete Validation Details dialog box from the Device Delete Validation page. To open this dialog box, double-click a row from the Result column in the Device Delete Validation page.

Related Topics

•Deleting Devices from the Security Manager Inventory, page 1-82

•Devices Page

•Device Delete Validation Page

Field Reference

Table A-23 Device Delete Validation Details

Element	Description
Severity	Displays one or all of the following: •Error—A problem was detected. See the Results column for details. •Warning—Proceed with caution. See the Results column for details. •Information—Provides information about the problem. See the Results column for details.
Device	Displays the name of the device that you are trying to delete.
Result	Provides detailed information about the severity.
OK button	Closes the dialog box.

Create a Clone of <device name> Page

Use the Create a Clone of <device name> page to duplicate a device.

Navigation Path

Right-click the device in the Device selector, then select Clone.

Related Topics

•Cloning a Device, page 1-81

•Device Contact Credentials Naming Guidelines, page 1-72

•Copying Policies Between Devices, page 1-19

Field Reference

Table A-24 Create a Clone Device Page

Element	Description
IP Type	The device IP type of the cloned device: Static or Dynamic.
Hostname	The DNS hostname for the cloned device. The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following characters: - Note This field is not displayed if the device you select for cloning has a dynamic IP address.
Domain Name	The DNS domain name for the cloned device. If you do not provide the domain name, Security Manager will use the default DNS suffix configured on the server. The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following characters: . - Note This field is not displayed if the device you select for cloning has a dynamic IP address.
IP Address	The management IP address of the cloned device. Valid characters are . and 0-9. The IP address must be in the dotted quad format, for example, 192.64.3.8. Note If you do not know the IP address, enter the DNS hostname in the appropriate field. You must enter either the IP address or the DNS hostname. Note This field is not displayed if the device you select for cloning has a dynamic IP address.
Display Name	The unique name for the cloned device. The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following characters: _ - . : and space
Device Identity	The string value that uniquely identifies the device in Auto Update Server or Configuration Engine. This field is only displayed if the device is managed by Auto Update Server or Configuration Engine.
OK button	Saves your changes and closes the dialog box.
Cancel button	Closes the dialog box without saving your changes.
Help button	Opens help for this dialog box.

Device Properties Page

You can open the Device Properties page in three ways:

•From the Device selector, right-click a device, then select Device Properties.

•From the Device selector, double-click a device.

•Select Tools > Device Properties.

The following topics describe the options in the Device Properties page:

•General Page

•Credentials Page

•Device Groups Page

•Policy Object Override Pages

General Page

Use the General page to add or edit information for the following four elements:

•Identity

•Operating System

•DCS Settings

•Auto Update or CNS-Configuration Engine

---

Note•Security Manager does not assume that the DNS hostname that appears on the Device Properties page is the same as the hostname that you configured on the device.

•When you add a device to Security Manager, you must enter either the management IP address or the DNS hostname. Because it is not possible to determine the management interface and, therefore, the management IP address when you discover from a configuration file, the hostname in the configuration file is used as the DNS hostname. If the hostname is missing in the CLI of the configuration file, the configuration filename is used as the DNS hostname.

•During live device discovery, the DNS hostname in the Device Properties page is not updated with the hostname configured on the device. Therefore, if you want to specify the DNS hostname for the device, you must specify it manually when you add the device to Security Manager or on the Device Properties page.

•If the DNS hostname or display name of the security context you are discovering exists in DCR, Security Manager appends it with a _01, _02, and so on to give it a unique name.

---

Navigation Path

Double-click a device in the Device selector, then click General from the Device Properties page.

Related Topics

•Understanding Device Properties, page 1-74

•Credentials Page

•Device Groups Page

•Policy Object Override Pages

Field Reference

Table A-25 General Page 

Element	Description
Identity
Device Type	The type of device. For example, if the device is a Firewall device, the type of Firewall, such as PIX or ASA is displayed.
IP Type	Provides two options: Static or Dynamic. Depending on the IP type you select, the displayed fields differ.
Hostname	Displayed for static IP types only. The DNS hostname for the device. The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following character: -
Domain Name	Displayed for static IP types only. The DNS domain name for the device. The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following characters: . -
IP Address	Displayed for static IP types only. The management IP address of the device. Valid characters are 0-9. The IP address must be in the dotted quad format, for example 192.64.3.8.
Display Name	The display name of the device. The maximum length is 70 characters. Valid characters are: 0-9; uppercase A-Z; lowercase a-z; and the following characters: _ - . : and space
Operating System
OS Type	The family of the operating system running on the device.
Image Name	The name of the image.
Running OS Version	The version of the operating system running on the device.
Target OS Version	The target OS version for which you want to apply the configuration.
Contexts	Displayed if the OS type is an FWSM, ASA, or PIX Firewall version 7.0. The two options are: Single or Multi.
Operational Mode	Displayed if the OS type is an FWSM, ASA, or PIX Firewall 7.0. The options are: Transparent or Routed, or Mixed. (Mixed applies only to FWSM 3.1 when the Contexts is Multi).
DCS Settings
Transport Protocol	The transport protocol set on the device, such as SSL, SSH, AUS, CNS, or TMS. Security Manager deploys the configuration to the device according to the transport mechanism or protocols you set on the device. For Cisco IOS routers, note the following: •You can override the global default settings by selecting SSL or SSH. •If you select Use Default, the transport protocol set in the Device Communication page (Tools > Security Manager Administration > Device Communication) is used.
Auto Update or CNS-Configuration Engine—Depending on device type, this field will be either called Auto Update or CNS-Configuration Engine. •For PIX Firewall, FWSM, or ASA devices, this field is called Auto Update. •For Cisco IOS routers, this field is called CNS-Configuration Engine.
Server	If you selected a server, that server name is displayed in the field. If you want to select another server but it does not appear in the list, you could add it. To do so, select + Add Server... to display the Server Properties dialog box. For a description of the fields in the page, see Server Properties Dialog Box.
Device Identity	The string value that uniquely identifies the device in Auto Update Server or Configuration Engine.
Manage in Cisco Security Manager	If selected when you added the device, this check box remains selected. If you do not want to manage this device in Security Manager, deselect the check box.
Manage in IPS Manager	If selected when you added the device, this check box remains selected. If you do not want to manage this device in IPS Manager, deselect the check box. When you deselect it, IPS Manager stops managing the device and all its policies. This field is active only if the device you selected in the Device selector is a Cisco IOS router. IPS Manager can manage only the IPS features on a Cisco IOS router that has IPS capabilities. For more information see the IPS documentation. Note If you select the Manage in IPS Manager check box, you must select the Manage in Cisco Security Manager check box also. If the selected device is IDS, this field is not active, but the check box is selected because IPS Manager manages IDS sensors. If the selected device is PIX Firewall, ASA, or FWSM, this field is not active because IPS Manager does not manage these device types. Note If you selected the Manage in IPS Manager check box to manage a Cisco IOS router or an IDS sensor, you must start the IPS Manager application to perform configuration and deployment tasks on that device. See Managing Devices with IPS Manager, page 1-82.
Save button	Saves your changes.
Close button	Closes the page.
Help button	Opens help for this page.

Credentials Page

Use the Credentials page to add or edit device credential information. For information about device credentials, see Understanding Device Credentials, page 1-70.

---

Note You can use a maximum of 70 characters to define device credentials. Security Manager does not restrict in the types of characters you can use to define them. The only restriction is that you may not add a space in the password.

---

Navigation Path

Double-click a device in the Device selector, then click Credentials from the Device Properties page.

Related Topics

•Understanding Device Properties, page 1-74

•General Page

•Device Groups Page

•Policy Object Override Pages

•Rx-Boot Mode Credentials Dialog Box

•SNMP Credentials Dialog Box

•HTTP Credentials Dialog Box

Field Reference

Table A-26 Credentials Page 

Element	Description
Primary Credentials—Required for all device types.
Username	The username for logging into the device.
Password	The password for logging into the device. In the Confirm field, enter the password again.
Enable Password	The password that activates enable mode on a Cisco IOS device if enable mode is configured on that device. In the Confirm field, enter the enable password again.
Authentication Certificate Thumbprint	Certificate thumbprint available in the certificate data store for the given device.
SDEE Credentials—Displayed for devices that support Intrusion Prevention Systems (IPS), such as Cisco IOS routers, ASA, and IDS.
Username	The SDEE username.
Password	The SDEE password. In the Confirm field, enter the SDEE password again.
HTTP Credentials—Displayed for devices that support IPS, such as Cisco IOS routers, ASA, and IDS. This information is required for devices that support SDEE.
HTTP Port	Port 80.
HTTPs Port	Port 443.
Certificate Common Name	The name assigned to the certificate. The common name can be the name of a person, system, or other entity that was assigned to the certificate. In the Confirm field, enter the common name again.
Mode	HTTP or HTTPS.
Rx-Boot Mode Credentials Tab
For more information, see Rx-Boot Mode Credentials Dialog Box.
SNMP Credentials Tab
For more information, see SNMP Credentials Dialog Box.
HTTP Credentials Tab—Displayed for PIX Firewall, FWSM, and Catalyst 6500/7600 devices.
For more information, see HTTP Credentials Dialog Box.
Save button	Saves your changes.
Close button	Closes the window.
Help button	Opens help for this page.

Device Groups Page

Use the Device Groups page to assign, edit, or delete groups.

Navigation Path

Double-click a device in the Device selector, then click Device Groups from the Device Properties page.

Related Topics

•Understanding Device Properties, page 1-74

•General Page

•Credentials Page

•Policy Object Override Pages

Field Reference

Table A-27 Device Groups Page 

Element	Description
Group Types, such as Department and Location	The group type, for example, Department or Location, into which the device is grouped or will be grouped. Enables you to select an existing group or to create a new group under a group type. To create a new group, click the arrow, then select Edit Groups... The Edit Device Groups page appears. For a description of the fields in this page, see Edit Device Groups Page.
Set values as default	When selected, sets the current values as defaults for adding and editing device groups later.
Save button	Saves your changes.
Close button	Closes the window.
Help button	Opens help for this page.

Policy Object Override Pages

You can override the global settings for certain types of policy objects from the Device Properties window of a selected device. Overrides are managed using the following pages:

•AAA Server Groups Override Page

•Interface Roles Override Page

•Networks/Hosts Override Page

•PKI Enrollments Override Page

•Port Lists Override Page

•Services Override Page

•Service Groups Override Page

•Text Objects Override Page

AAA Server Groups Override Page

Use the AAA Server Groups Override page to view, create, edit, or delete AAA server group override objects. These are objects whose global definition has been customized for the selected device. For more information, see Overriding Global Objects for Individual Devices, page 1-250.

Navigation Path

Open the Device Properties Page. From the selector, select Policy Object Overrides > AAA Server Groups.

Related Topics

•Policy Object Override Pages

•Working with AAA Server Group Objects, page 1-6

Field Reference

Table A-28 AAA Server Groups Override Page 

Column	Description
Filter	Click the arrow to display the filtering bar, which enables you to filter the information displayed in the table. For more information, see Filtering Tables, page 1-19.
Name	The name of the object.
Protocol	The protocol defined for the AAA servers contained in the AAA server group.
Category	The category that is assigned to the object. See Working with Category Objects, page 1-68.
Value Overridden?	Indicates whether the global object definition has been overridden by values defined for the selected device. See Allowing a Global Object to Be Overridden, page 1-251.
Description	Displays an icon if a description is defined for the object. Point at the icon to display a tooltip with the text of the description. Tip Double-click the icon to display the text of the description in a popup window.
Create Override button	Opens the AAA Server Group Dialog Box, page A-36. From here you can create a AAA server group override object.
Edit Override button	Opens the AAA Server Group Dialog Box, page A-36. From here you can edit the selected AAA server group override object.
Delete Override button	Deletes the selected AAA server group override and restores the global object definition.

Interface Roles Override Page

Use the Interface Roles Override page to view, create, edit, or delete interface role override objects. These are objects whose global definition has been customized for the selected device. For more information, see Overriding Global Objects for Individual Devices, page 1-250.

Navigation Path

Open the Device Properties Page. From the selector, select Policy Object Overrides > Interface Roles.

Related Topics

•Policy Object Override Pages

•Working with Interface Role Objects, page 1-120

Field Reference

Table A-29 Interface Roles Override Page 

Element	Description
Filter	Click the arrow to display the filtering bar, which enables you to filter the information displayed in the table. For more information, see Filtering Tables, page 1-19.
Name	The name of the object.
Interface Name Patterns	The naming patterns of interfaces that are included in the interface role object.
Category	The category that is assigned to the object. See Working with Category Objects, page 1-68.
Value Overridden?	Indicates whether the global object definition has been overridden by values defined for the selected device. See Allowing a Global Object to Be Overridden, page 1-251.
Description	Displays an icon if a description is defined for the object. Point at the icon to display a tooltip with the text of the description. Tip Double-click the icon to display the text of the description in a popup window.
Create Override button	Opens the Interface Role Dialog Box, page A-127. From here you can create an interface role override object.
Edit Override button	Opens the Interface Role Dialog Box, page A-127. From here you can edit the selected interface role override object.
Delete Override button	Deletes the selected interface role override and restores the global object definition.

Networks/Hosts Override Page

Use the Networks/Hosts Override page to view, create, edit, or delete network override objects. These are objects whose global definition has been customized for the selected device. For more information, see Overriding Global Objects for Individual Devices, page 1-250.

Navigation Path

Open the Device Properties Page. From the selector, select Policy Object Overrides > Networks/Hosts.

Related Topics

•Policy Object Override Pages

•Working with Network/Host Objects, page 1-142

Field Reference

Table A-30 Networks/Hosts Override Page 

Element	Description
Filter	Click the arrow to display the filtering bar, which enables you to filter the information displayed in the table. For more information, see Filtering Tables, page 1-19.
Name	The name of the object.
Content	The network addresses and network/host objects contained in the selected object.
Category	The category that is assigned to the object. See Working with Category Objects, page 1-68.
Value Overridden?	Indicates whether the global object definition has been overridden by values defined for the selected device. See Allowing a Global Object to Be Overridden, page 1-251.
Description	Displays an icon if a description is defined for the object. Point at the icon to display a tooltip with the text of the description. Tip Double-click the icon to display the text of the description in a popup window.
Create Override button	Opens the Network/Host Dialog Box, page A-136. From here you can create a network override object.
Edit Override button	Opens the Network/Host Dialog Box, page A-136. From here you can edit the selected network override object.
Delete Override button	Deletes the selected network override and restores the global object definition.

PKI Enrollments Override Page

Use the PKI Enrollments Override page to view, create, edit, or delete PKI enrollment override objects. These are objects whose global definition has been customized for the selected device. For more information, see Overriding Global Objects for Individual Devices, page 1-250.

Navigation Path

Open the Device Properties Page. From the selector, select Policy Object Overrides > PKI Enrollments.

Related Topics

•Policy Object Override Pages

•Working with PKI Enrollment Objects, page 1-153

Field Reference

Table A-31 PKI Enrollments Override Page 

Column	Description
Filter	Click the arrow to display the filtering bar, which enables you to filter the information displayed in the table. For more information, see Filtering Tables, page 1-19.
Name	The name of the object.
CA Name	The name of the certification authority (CA) server used for enrollment.
URL	The URL of the CA server (or the TFTP server, in cases of indirect access) used for enrollment.
Certificate	The text of the CA server's certificate, if available.
CRL Support	The method for handling Certificate Revocation Lists (CRLs) on this CA server.
LDAP Server	The URL of the LDAP server from which the CRL is downloaded.
OCSP Server	The URL of the OCSP server that checks the revocation status of certificates.
Category	The category that is assigned to the object. See Working with Category Objects, page 1-68.
Value Overridden?	Indicates whether the global object definition has been overridden by values defined for the selected device. See Allowing a Global Object to Be Overridden, page 1-251.
Description	Displays an icon if a description is defined for the object. Point at the icon to display a tooltip with the text of the description. Tip Double-click the icon to display the text of the description in a popup window.
Create Override button	Opens the PKI Enrollment Dialog Box, page A-140. From here you can create a PKI enrollment override object.
Edit Override button	Opens the PKI Enrollment Dialog Box, page A-140. From here you can edit the selected PKI enrollment override object.
Delete Override button	Deletes the selected PKI enrollment override and restores the global object definition.

Port Lists Override Page

Use the Port Lists Override page to view, create, edit, or delete port list override objects. These are objects whose global definition has been customized for the selected device. For more information, see Overriding Global Objects for Individual Devices, page 1-250.

Navigation Path

Open the Device Properties Page. From the selector, select Policy Object Overrides > Port Lists.

Related Topics

•Policy Object Override Pages

•Services Override Page

•Working with Port List Objects, page 1-171

Field Reference

Table A-32 Port Lists Override Page 

Element	Description
Filter	Click the arrow to display the filtering bar, which enables you to filter the information displayed in the table. For more information, see Filtering Tables, page 1-19.
Name	The name of the object.
Content	The port ranges included in the port list object.
Category	The category that is assigned to the object. See Working with Category Objects, page 1-68.
Value Overridden?	Indicates whether the global object definition has been overridden by values defined for the selected device. See Allowing a Global Object to Be Overridden, page 1-251.
Description	Displays an icon if a description is defined for the object. Point at the icon to display a tooltip with the text of the description. Tip Double-click the icon to display the text of the description in a popup window.
Create Override button	Opens the Port List Dialog Box, page A-153. From here you can create a port list override object.
Edit Override button	Opens the Port List Dialog Box, page A-153. From here you can edit the selected port list override object.
Delete Override button	Deletes the selected port list override and restores the global object definition.

Services Override Page

Use the Services Override page to view, create, edit, or delete service override objects. These are objects whose global definition has been customized for the selected device. For more information, see Overriding Global Objects for Individual Devices, page 1-250.

Navigation Path

Open the Device Properties Page. From the selector, select Policy Object Overrides > Services.

Related Topics

•Policy Object Override Pages

•Service Groups Override Page

•Working with Service Objects, page 1-181

Field Reference

Table A-33 Services Override Page 

Element	Description
Filter	Click the arrow to display the filtering bar, which enables you to filter the information displayed in the table. For more information, see Filtering Tables, page 1-19.
Name	The name of the object.
Protocol	The protocol selected for the service.
Source Ports	The source port, or range of ports, specified for the service.
Destination Ports	The destination port, or range of ports, specified for the service.
ICMP Message Type	If ICMP is the selected protocol, this column displays the ICMP qualifier message.
Category	The category that is assigned to the object. See Working with Category Objects, page 1-68.
Value Overridden?	Indicates whether the global object definition has been overridden by values defined for the selected device. See Allowing a Global Object to Be Overridden, page 1-251.
Description	Displays an icon if a description is defined for the object. Point at the icon to display a tooltip with the text of the description. Tip Double-click the icon to display the text of the description in a popup window.
Create Override button	Opens the Service Dialog Box, page A-156. From here you can create a service override object.
Edit Override button	Opens the Service Dialog Box, page A-156. From here you can edit the selected service override object.
Delete Override button	Deletes the selected service override and restores the global object definition.

Service Groups Override Page

Use the Service Groups Override page to view, create, edit, or delete service override objects. These are objects whose global definition has been customized for the selected device. For more information, see Overriding Global Objects for Individual Devices, page 1-250.

Navigation Path

Open the Device Properties Page. From the selector, select Policy Object Overrides > Service Groups.

Related Topics

•Policy Object Override Pages

•Services Override Page

•Working with Service Group Objects, page 1-191

Field Reference

Table A-34 Service Groups Override Page 

Element	Description
Filter	Click the arrow to display the filtering bar, which enables you to filter the information displayed in the table. For more information, see Filtering Tables, page 1-19.
Name	The name of the object.
Content	The service objects contained in the service group.
Category	The category that is assigned to the object. See Working with Category Objects, page 1-68.
Value Overridden?	Indicates whether the global object definition has been overridden by values defined for the selected device. See Allowing a Global Object to Be Overridden, page 1-251.
Description	Displays an icon if a description is defined for the object. Point at the icon to display a tooltip with the text of the description. Tip Double-click the icon to display the text of the description in a popup window.
Create Override button	Opens the Service Group Dialog Box, page A-162. From here you can create a service group override object.
Edit Override button	Opens the Service Group Dialog Box, page A-162. From here you can edit the selected service group override object.
Delete Override button	Deletes the selected service group override and restores the global object definition.

Text Objects Override Page

Use the Text Objects Override page to view, create, edit, or delete text override objects. These are objects whose global definition has been customized for the selected device. For more information, see Overriding Global Objects for Individual Devices, page 1-250.

Navigation Path

Open the Device Properties Page. From the selector, select Policy Object Overrides > Free-Form Text Objects.

Related Topics

•Policy Object Override Pages

•Working with Text Objects, page 1-208

Field Reference

Table A-35 Text Objects Override Page 

Column	Description
Filter	Click the arrow to display the filtering bar, which enables you to filter the information displayed in the table. For more information, see Filtering Tables, page 1-19.
Name	The name of the object.
Category	The category that is assigned to the object. See Working with Category Objects, page 1-68.
Value Overridden?	Indicates whether the global object definition has been overridden by values defined for the selected device. See Allowing a Global Object to Be Overridden, page 1-251.
Description	Displays an icon if a description is defined for the object. Point at the icon to display a tooltip with the text of the description. Tip Double-click the icon to display the text of the description in a popup window.
Create Override button	Opens the Text Object Editor Dialog Box, page A-169. From here you can create a text override object.
Edit Override button	Opens the Text Object Editor Dialog Box, page A-169. From here you can edit the selected text override object.
Delete Override button	Deletes the selected text override and restores the global object definition.

Device Shortcut Menu Options

Use the device shortcut menu options to access several tasks, such as device properties, containment, cloning device, showing devices in a map, discovering policies on a device, and so on.

Navigation Path

Select a device in the Device selector, then right-click the device to display a list of menu options.

Related Topics

•Understanding the Device View, page 1-23

Field Reference

Table A-36 Devices Shortcut Menu Options 

Element	Description
Device Properties	Displays device properties for the selected device. Valid properties are: General, Credentials, Device Groups, and Policy Object Overrides. See Device Properties Page.
IPS Manager	Launches IPS Manager. See Managing Devices with IPS Manager, page 1-82. Note This option is available only for devices managed by IPS Manager.
Show Containment	Displays information about composite devices. Note This option is available only for Catalyst 6500/7600 devices, FWSM, PIX Firewall 7.0, and ASA devices. If you select this option, the containment of a device, that is service modules and security contexts supported on the selected device, is displayed: •For Catalyst 6500/7600 devices, displays the IDSM and FWSM service modules, and the security contexts supported by the FWSM. •For FWSMs, displays security contexts supported by the FWSM. •For PIX Firewalls, displays security contexts supported by the PIX Firewall. •For ASA devices, displays security contexts supported by the ASA device. For information about security contexts, see Configuring Security Contexts on Firewall Devices, page 1-103.
Health and Status	Enables you to view the health and status of FWSM and PIX Firewall devices. Note This option is available only for FWSM and PIX Firewall devices.
Show in Map View	Displays your network topology on a map. See Displaying Your Network on the Map, page 1-16.
Clone Device	Clones (duplicates) a device. The cloned device shares the configurations and properties of the source device. See Cloning a Device, page 1-81. Note This option is not available for Catalyst 6500/7600 devices.
Copy Policies Between Devices	Copies polices from one device to another or to a group of devices of the same type. See Copying Policies Between Devices, page 1-19. Note This option is not available for Catalyst 6500/7600 devices.
Share Policies Between Devices	Makes a private policy assigned to a single device available for assignment to multiple devices. See Sharing a Local Policy, page 1-23. Note This option is not available for Catalyst 6500/7600 devices.
Preview Configuration	Enables you to preview the complete proposed configuration that will be on the device after deployment, including the configuration changes you made using Security Manager and the existing configuration. See Preview Config Dialog Box, page A-8.
Delete Device	Deletes a selected device. See Deleting Devices from the Security Manager Inventory, page 1-82.
Discover Policies on Device	Initiates policy discovery for a selected device or a device group. See Discovering Policies, page 1-5.

Device Policies Shortcut Menu Options

Use the device policies shortcut menu options to access several tasks, such as assign shared policy, share policy, unassign policy, rename policy, and so on. The available options depend on whether the policy you selected is local, shared, or unassigned.

Navigation Path

Right-click a policy in the Policy selector to display a list of menu options.

Related Topics

•Understanding the Device View, page 1-23

Field Reference

.

Table A-37 Policies Right-Click Menu Options 

Menu Command	Description
Unassigned Policy commands
Assign Shared Policy	Assigns an existing shared policy of the selected type to the device. See Assigning a Shared Policy to a Selected Device, page 1-28.
Local Policy commands
Share Policy	Converts the local policy into a shared policy that you can assign to other devices. See Sharing a Local Policy, page 1-23.
Assign Shared Policy	Replaces the local policy assigned to the device with a shared policy of the same type. See Assigning a Shared Policy to a Selected Device, page 1-28.
Unassign Policy	Removes the local policy from the device, effectively removing it from the device configuration. See Unassigning a Policy, page 1-21.
Edit Policy Inheritance	Causes a rule-based policy to inherit the properties of a different shared policy of the same type. See Inheriting Rules, page 1-47.
Shared Policy commands
Unshare Policy	Converts the shared policy into a local policy on the device you selected. Any changes made to the policy affect only the selected device. See Unsharing a Policy, page 1-27.
Assign Shared Policy	Replaces the shared policy assigned to the device with another shared policy of the same type. See Assigning a Shared Policy to a Selected Device, page 1-28.
Unassign Policy	Removes the shared policy from the device, effectively removing it from the device configuration. See Unassigning a Policy, page 1-21.
Edit Policy Assignments	Enables you to edit the list of devices to which you assigned the selected policy. See Modifying Shared Policy Assignments in Device View, page 1-34.
Save Policy As	Saves a new instance of the selected shared policy under a different name. Use this option to create a new policy with the same definition as the policy from which it was created. See Copying a Shared Policy, page 1-30.
Rename Policy	Renames the selected policy. See Renaming a Shared Policy, page 1-32.
Edit Policy Inheritance	Causes a rule-based policy to inherit the properties of a different shared policy of the same type. See Inheriting Rules, page 1-47.

Device Group Shortcut Menu Options

Use the device group shortcut menu options to access several grouping tasks, such as add group, edit group information, add devices to group, and add a device to Security Manager.

Navigation Path

Right-click a group in the Device selector to display a list of menu options.

Related Topics

•Understanding the Device View, page 1-23

Field Reference

Table A-38 Device Grouping Shortcut Menu Options 

Element	Description
New Device	Opens the New Device - Choose Method wizard page from which you can select the method for adding a device to the Security Manager inventory.
Edit Device Groups	Enables you to edit groups, such as add a group type, add a group, modify the group name, and delete a group.
New Device Group	Enables you to add a new group.
Add Devices to Group	Enables you to add devices to a a selected group.

Edit Device Groups Page

Use the Edit Device Groups page to edit groups, create new group types and groups, create subgroups under existing groups, and delete groups or subgroups.

Navigation Path

Do one of the following:

•Right-click a group type or a group in the Device selector, then select Edit Device Groups...

•Select Edit Groups... from the Device Grouping page in any of the add device wizard options.

•Select Device Groups option from the Device Properties page, then select Edit Groups...

Related Topics

•Understanding Device Grouping, page 1-83

•Working With Groups, page 1-85

Field Reference

Table A-39 Edit Device Groups Page

Element	Description
Groups	Displays group types, groups, and subgroups.
Add Type button	Creates a new group type.
Add button	Creates a group or subgroup.
Delete button	Deletes a group type, subgroup, or group.
OK button	Saves your changes and closes the page.
Cancel button	Closes the page without saving your changes.
Help	Opens help for this page.

Add Devices to Group Page

Use the Add Devices to Group page to add devices to the selected group.

Navigation Path

Right-click a group in the Device selector, then select Add Devices to Group.

Related Topics

•Understanding Device Grouping, page 1-83

•Device Group Shortcut Menu Options

Field Reference

Table A-40 Add Devices to Groups Page 

Element	Description
Available Devices pane	Contains two elements: •Filter field—Filters and displays a subset of devices and groups based on the filtering criteria you define. For more information, see Create Filter Dialog Box. •Device Groups—Displays group types, groups, and devices that are available in Security Manager.
>> button << button	Moves the selected devices from one pane to the other pane. To add a single device or multiple devices, select the devices or a group from the Available Devices pane, then click >>. The selected devices or all of the devices in the selected group move to the Selected Devices pane. To remove a device from the Selected Devices pane, select the device from the Selected Devices pane, then click <<. The selected device moves to the Available Devices pane.
Selected Devices pane	Displays all the devices that you selected to add to a group.
OK button	Saves your changes and closes the page.
Cancel button	Closes the page without saving your changes.
Help button	Opens help for this page.

Add Group Dialog Box

Use the Add Group dialog box to create a group.

Navigation Path

Right-click a group or group type in the Device selector, then select Add Group.

Related Topics

•Understanding Device Grouping, page 1-83

•Device Group Shortcut Menu Options

Field Reference

Table A-41 Add Devices to Groups Page 

Element	Description
Group Name	A unique name for the group.
OK button	Saves your changes and closes the dialog box.
Cancel button	Closes the dialog box without saving your changes.
Help button	Opens help for this dialog box.