Table Of Contents

Policy User Interface Reference

Policy Menu General Reference

Share Policy Dialog Box

Assign Shared Policy Dialog Box

Local Policy Will Be Replaced Dialog Box

Copy Policies Wizard

Copy Policies Wizard—Copy Policies from this Device Page

Copy Policies Wizard—Copy Policies to these Devices Page

Copy Policies Wizard—Select Policies to Copy Page

Share Policies Wizard

Share Policies Wizard—Share Policies from this Device Page

Share Policies Wizard—Select Policies to Share Page

Shared Policy Assignments Dialog Box

Save Policy As Dialog Box

Rename Policy Dialog Box

Inherit Rules Dialog Box

Create Discovery Task Dialog Box

Discovery Status Dialog Box

Policy View General Reference

Policy View—Policy Type Selector

Policy View—Policy Type Selector Options

Policy View—Shared Policy Selector Options

Create Filter Dialog Box—Policy View

Policy View—Assignments Tab

Create a Policy Dialog Box

Policy User Interface Reference

---

These topics describe the pages that are accessed from the Policy menu and within the Policy view. The Policy view is used to globally manage all the shared policies configured with Cisco Security Manager:

•Policy Menu General Reference

•Policy View General Reference

Policy Menu General Reference

Use the options in the Policy menu to manage local and shared policies in Device view. The options in the Policy menu display the dialog boxes and wizards described in the following topics:

•Share Policy Dialog Box

•Assign Shared Policy Dialog Box

•Copy Policies Wizard

•Share Policies Wizard

•Shared Policy Assignments Dialog Box

•Save Policy As Dialog Box

•Rename Policy Dialog Box

•Inherit Rules Dialog Box

•Create Discovery Task Dialog Box

Share Policy Dialog Box

Use the Share Policy dialog box to convert a local policy to a shared policy that you can assign to multiple devices or VPNs. For more information, see Sharing a Local Policy, page 6-28.

Navigation Path

In Device view, select a policy from the Device Policies selector, then do one of the following:

•Select Policy > Share Policy.

•Right-click the policy, then select Share Policy.

Related Topics

•Assign Shared Policy Dialog Box

•Shared Policy Assignments Dialog Box

•Inherit Rules Dialog Box

•Policy Menu General Reference

Field Reference

Table D-1 Share Policy Dialog Box 

Element	Description
Policy Name	The name that identifies the shared policy. Unlike local policies, shared policies require a name so that they can be identified when you assign the policy to devices or VPN topologies. Names can contain up to 255 characters, including spaces and special characters.
OK button	Saves your changes locally on the client and closes the dialog box. Note To save your changes to the server so that they are not lost when you log out or close your client, click Save on the source page.

Assign Shared Policy Dialog Box

Use the Assign Shared Policy dialog box to assign an existing shared policy to a selected device. For more information, see Assigning a Shared Policy to a Selected Device, page 6-33.

---

Note If you use this option to replace a local, rule-based policy, a warning message is displayed that gives you the option to inherit the rules of the shared policy instead of replacing the local policy through assignment. See Local Policy Will Be Replaced Dialog Box.

---

Navigation Path

In Device view, select a policy from the Device Policies selector, then do one of the following:

•Select Policy > Assign Shared Policy.

•Right-click the policy in the Device Policies selector, then select Assign Shared Policy.

•Click the Shared Policy in use link in the header above the work area.

Related Topics

•Save Policy As Dialog Box

•Shared Policy Assignments Dialog Box

•Inherit Rules Dialog Box

•Policy Menu General Reference

Field Reference

Table D-2 Assign Shared Policy Dialog Box 

Element	Description
Policy selector	Lists all shared policies defined for the selected policy type. Select the shared policy to assign to the selected device.
OK button	Saves your changes locally on the client and closes the dialog box. Note To save your changes to the server so that they are not lost when you log out or close your client, click Save on the source page.

---

Note You cannot change the policy assigned to the device if the device is locked by another user. Click Close to close the dialog box.

---

Local Policy Will Be Replaced Dialog Box

When working with a rule-based policy such as access rules or AAA rules, use the Local Policy Will Be Replaced dialog box to choose between:

•Assigning a shared policy in place of the existing local policy. If you choose to assign, all local rules are removed and cannot be retrieved.

•Inheriting the rules of the shared policy. If you choose to inherit, the inherited rules are added to the local rules that are already defined.

Navigation Path

The Local Policy Will Be Replaced dialog box is displayed automatically when you do the following:

1. Select a local, rule-based policy (such as Access Rules).

2. Right-click the policy in the Device Policies selector, then select Assign Shared Policy.

3. Select a shared policy from the displayed list, then click OK.

Related Topics

•Inheritance vs. Assignment, page 6-53

•Assign Shared Policy Dialog Box

•Policy Menu General Reference

Field Reference

Table D-3 Local Rules Will Be Replaced Dialog Box 

Element	Description
Assign Policy [name of policy]	Select this option to confirm that you want to replace the local policy defined for the device with the selected shared policy. If you choose this option, the shared policy replaces the local policy, and all rules defined in the local policy are removed.
Inherit from Policy [name of policy]	Select this option to have the local policy inherit the rules defined in the shared policy. If you choose this option, the inherited rules are added to the local rules. Use inheritance instead of assignment when the device needs to maintain the set of local rules already defined for it.
Do not show this again	When selected, Security Manager implements your choice (assignment or inheritance) automatically whenever this situation arises in the future. When deselected, Security Manager displays this dialog box so that you can choose between assignment and inheritance. This is the default. Tip To reset hidden warning messages, select Tools > Security Manager Administration > Customize Desktop, then click Reset `Do Not Ask' on Warnings.
OK button	Saves your changes locally on the client and closes the dialog box. Note To save your changes to the server so that they are not lost when you log out or close your client, click Save on the source page.

Copy Policies Wizard

Use the Copy Policies wizard to copy selected policies (both local and shared) to one or more devices of the same type. For example, you can use the Copy Policies wizard to copy a set of firewall service policies and routing policies from one firewall device to fifty other firewall devices with a single operation.

For more information, see Copying Policies Between Devices, page 6-23.

The pages of the Copy Policies wizard are described in the following topics:

•Copy Policies Wizard—Copy Policies from this Device Page

•Copy Policies Wizard—Copy Policies to these Devices Page

•Copy Policies Wizard—Select Policies to Copy Page

Navigation Path

In Device view, select a device from the Device selector, then do one of the following:

•Select Policy > Copy Policies Between Devices.

•Right-click the device in the Device selector, then select Copy Policies Between Devices.

Related Topics

•Share Policies Wizard

•Policy Menu General Reference

Copy Policies Wizard—Copy Policies from this Device Page

Use the Copy Policies from this Device page of the Copy Policies wizard to select the device whose policies will be copied to other devices of the same type.

---

Note When you access the Copy Policies wizard by right-clicking a specific device, the device you right-clicked is automatically selected as the source device and you are brought directly to the Copy Policies Wizard—Copy Policies to these Devices Page. You can return to the Copy Policies from this Device page by clicking Back.

---

Navigation Path

In Device view, select a device from the Device selector, then select Policy > Copy Policies Between Devices.

Related Topics

•Copy Policies Wizard

•Copying Policies Between Devices, page 6-23

Field Reference

Table D-4 Copy Policies Wizard—Copy Policies from this Device Page 

Element	Description
Filter	Selects a filter to apply to the device selector, or enables you to create a new filter. By default, the active filter in Device view is applied to the filter displayed in the wizard. For more information, see Filtering Items in Selectors, page 3-21. Note If you create a filter while working inside the wizard, it is added to the list of filters available in Device view. The active filter in Device view, however, does not change.
Device selector	Selects the device containing the policies to be copied.
Next button	Advances to the next wizard page.

Copy Policies Wizard—Copy Policies to these Devices Page

Use the Copy Policies to these Devices page of the Copy Policies wizard to select the devices to which policies from the source device will be copied.

Navigation Path

Go to the Copy Policies Wizard, then click Next on the Copy Policies from this Device page.

Related Topics

•Copy Policies Wizard

•Copying Policies Between Devices, page 6-23

Field Reference

Table D-5 Copy Configuration Wizard—Copy Policies to these Devices Page 

Element	Description
Filter	Selects a filter to apply to the device selector, or enables you to create a new filter. By default, the active filter in Device view is applied to the filter displayed in the wizard. For more information, see Filtering Items in Selectors, page 3-21. Note If you create a filter while working inside the wizard, it is added to the list of filters available in Device view. The active filter in Device view, however, does not change.
Device selector	Selects the devices to which policies from the source device should be copied. Selecting the check box for a device group selects all of the devices in that group. The device selector displays only those devices that are the same type as the source device. For example, if the source device is a Cisco IOS router, only routers are displayed, not firewall devices.
Back button	Returns to the previous wizard page.
Next button	Advances to the next wizard page.

Copy Policies Wizard—Select Policies to Copy Page

Use the Select Policies to Copy page of the Copy Policies wizard to select which policies to copy from the source device to the target devices.

Navigation Path

Go to the Copy Policies Wizard, then click Next on the Copy Policies to these Devices page.

Related Topics

•Copy Policies Wizard

•Copying Policies Between Devices, page 6-23

Field Reference

Table D-6 Copy Policies Wizard—Select Policies to Copy Page 

Element	Description
Policy selector	Selects the policies to copy from the source device to the target devices. Selecting the check box for a policy group selects all of the policies in that group. Note When copying policies between PIX/ASA/FWSM devices, copying the failover policy automatically copies the interfaces policy and vice-versa.
Back button	Returns to the previous wizard page.
Next button	Advances to the next wizard page.
Finish button	Saves your definitions and closes the wizard.

Share Policies Wizard

Use the Share Policies wizard to take the policies configured on a particular device and make them shared policies that you can assign to other devices. For more information, see Sharing Multiple Policies of a Selected Device, page 6-30.

The pages of the Share Policies wizard are described in the following topics:

•Share Policies Wizard—Share Policies from this Device Page

•Share Policies Wizard—Select Policies to Share Page

Navigation Path

In Device view, select a device from the Device selector, then do one of the following:

•Select Policy > Share Device Policies.

•Right-click the device in the Device selector, then select Share Device Policies.

Related Topics

•Copy Policies Wizard

•Policy Menu General Reference

Share Policies Wizard—Share Policies from this Device Page

Use the Share Policies from this Device page of the Share Policies wizard to select the device whose policies you want to share.

---

Note When you access the Share Policies wizard by right-clicking a specific device, the device you right-clicked is automatically selected as the source device and you are brought directly to the Share Policies Wizard—Select Policies to Share Page. You can return to the Select Source Device page by clicking Back.

---

Navigation Path

In Device view, select a device from the Device selector, then select Policy > Share Device Policies.

Related Topics

•Share Policies Wizard

•Sharing Multiple Policies of a Selected Device, page 6-30

Field Reference

Table D-7 Share Configuration Wizard—Share Policies from this Device Page 

Element	Description
Filter	Selects a filter to apply to the device selector, or enables you to create a new filter. By default, the active filter in Device view is applied to the filter displayed in the wizard. For more information, see Filtering Items in Selectors, page 3-21. Note If you create a filter while working inside the wizard, it is added to the list of filters available in Device view. The active filter, however, does not change.
Device selector	Selects the device containing the policies to be shared.
Next button	Advances to the next wizard page.

Share Policies Wizard—Select Policies to Share Page

Use the Select Policies to Share page of the Share Policies wizard to select which policies you want to share.

Navigation Path

Go to the Share Policies Wizard, then click Next on the Share Policies from this Device page.

Related Topics

•Share Policies Wizard

•Sharing Multiple Policies of a Selected Device, page 6-30

Field Reference

Table D-8 Share Policies Wizard—Select Policies to Share Page 

Element	Description
Policy selector	Selects the policies to share. Selecting the check box for a policy group selects all of the devices in that group. By default, all configured policies (local and shared) are selected. Note If you select a policy that is already shared, Security Manager creates a copy of that policy using the name that you define in the wizard.
Save policies as	The name to give to the policies you are sharing.
Back button	Returns to the previous wizard page.
Next button	Advances to the next wizard page.
Finish button	Saves your definitions and close the wizard.

Shared Policy Assignments Dialog Box

Use the Shared Policy Assignments dialog box to modify the list of devices or VPN topologies to which you have assigned a selected shared policy. For more information, see Modifying Shared Policy Assignments in Device View, page 6-39.

---

Tip You can also modify policy assignments from Policy view. See Policy View—Assignments Tab.

---

Navigation Path

In Device view, select a shared policy from the Device Policies selector, then do one of the following:

•Select Policy > Edit Policy Assignments.

•Right-click the policy in the Device Policies selector, then select Edit Policy Assignments.

•Click the Assigned to link in the header above the work area.

Related Topics

•Share Policy Dialog Box

•Shared Policy Assignments Dialog Box

•Inherit Rules Dialog Box

•Policy Menu General Reference

Field Reference

Table D-9 Shared Policy Assignments Dialog Box 

Element	Description
Available Devices/VPNs	Lists all existing devices or VPN topologies. To assign the selected policy to additional devices or VPNs, select one or more items from this list, then click >> to add them to the Selected Devices/VPNs list.
Assigned Devices/VPNs	Lists all devices or VPNs to which the selected policy has been assigned. To remove items from this list, select the item, then click <<. If you unassign a shared, mandatory policy from a VPN (for example, IKE), a default policy is configured automatically in its place. Unassigning a VPN policy that is not mandatory removes the policy completely from the VPN. If you unassign a shared policy from a remote access VPN, an empty policy is configured in its place, even if it is a mandatory policy, such as IKE. In such cases, you must configure a new policy in order to avoid validation errors during deployment. If you unassign a shared policy from a device, the policy type is effectively removed from that device configuration.
OK button	Saves your changes locally on the client and closes the dialog box. Note To save your changes to the server so that they are not lost when you log out or close your client, click Save on the source page.

Save Policy As Dialog Box

Use the Save Policy As dialog box to duplicate an existing shared policy under a new name. For more information, see Copying a Shared Policy, page 6-36.

Navigation Path

Select a shared policy in either Device view or Policy view, then do one of the following:

•Select Policy > Save Policy As.

•Right-click the shared policy, then select Save Policy As.

Related Topics

•Assign Shared Policy Dialog Box

•Shared Policy Assignments Dialog Box

•Inherit Rules Dialog Box

•Policy Menu General Reference

Field Reference

Table D-10 Save Policy As Dialog Box 

Element	Description
Policy Name	The name that identifies the shared policy. Unlike local policies, shared policies require a name so that they can be identified when you assign the policy to devices or VPN topologies. Names can contain up to 255 characters, including spaces and special characters.
OK button	Saves your changes locally on the client and closes the dialog box. Note To save your changes to the server so that they are not lost when you log out or close your client, click Save on the source page.

Rename Policy Dialog Box

Use the Rename Policy dialog box to assign a different name to a selected shared policy. For more information, see Renaming a Shared Policy, page 6-37.

Navigation Path

Select a shared policy in either Device view or Policy view, then do one of the following:

•Select Policy > Rename Policy.

•Right-click the policy, then select Rename Policy.

Related Topics

•Create a Policy Dialog Box

•Policy View General Reference

Field Reference

Table D-11 Rename Policy Dialog Box 

Element	Description
Policy Name	The new name to assign to the selected shared policy. Names can contain up to 255 characters, including spaces and special characters.
OK button	Saves your changes locally on the client and closes the dialog box. Note To save your changes to the server so that they are not lost when you log out or close your client, click Save on the source page.

Inherit Rules Dialog Box

Use the Inherit Rules dialog box to have a rule-based policy (such as access rules) inherit the rules of a shared policy of the same type. For more information, see Inheriting Rules, page 6-54.

Navigation Path

Select a shared rule-based policy in either Device view or Policy view, then do one of the following:

•Select Policy > Inherit Rules.

•Right-click the policy, then select Inherit Rules.

Related Topics

•Inheritance vs. Assignment, page 6-53

•Save Policy As Dialog Box

•Assign Shared Policy Dialog Box

•Shared Policy Assignments Dialog Box

•Policy Menu General Reference

Field Reference

Table D-12 Inherit Rules Dialog Box 

Element	Description
Policy selector	Selects the parent policy, that is, the policy whose rules should be inherited. Policies can inherit only from shared policies of the same type. The name of the selected parent policy is displayed below the selector.
OK button	Saves your changes locally on the client and closes the dialog box. Note To save your changes to the server so that they are not lost when you log out or close your client, click Save on the source page.

Create Discovery Task Dialog Box

Use the Create Discovery Task dialog box to have Security Manager discover the policies that already exist on a device.

Navigation Path

In Device view, select a device from the Device selector, then do one of the following:

•Select Policy > Discover Policies on Device.

•Right-click the device in the Device selector, then select Discover Policies on Device.

Related Topics

•Discovering Policies on Devices Already in Security Manager, page 6-10

•Discovering Policies, page 6-7

•Policy Menu General Reference

Field Reference

Table D-13 Create Discovery Task Dialog Box 

Element	Description
Discovery Task Name	The name assigned to the discovery task. This name can be used to identify the task in the Discovery Manager. Security Manager automatically generates a name for the task based on the current date and time, but you can modify this name as required.
Discover From	The source of information to be discovered: •Live Device—Performs discovery on a live device. •Config File—Performs discovery based on the contents of a configuration file. When you select this option, you must specify the location of the file. Note Security Manager supports only device-generated configuration files. For more information, see Adding Devices to the Security Manager Inventory, page 5-30. •Factory Default Configuration—Performs discovery on a firewall device using a file containing the factory-default settings for that device. Security Manager automatically chooses the appropriate file for the selected device. For more information, see Understanding Factory-Default Configurations, page 15-2.
Config. File	Applies only when performing discovery on a configuration file. The location of the configuration file on which discovery will be performed. You can manually enter the path and file name, or click Browse to display a file selector. For more information, see Selecting a File or Directory on the Server File System, page 3-31.
Discover Policies for Security Contexts	Applies only to ASA/PIX/FWSM devices. When selected, Security Manager attempts to discover policies on each virtual firewall (security context) that is configured on a firewall device running in multiple mode. When deselected, Security Manager treats the entire device as having a single set of policies configured in single mode. For more information about security contexts, see Configuring Security Contexts on Firewall Devices, page 15-105.
Policies to Discover	The policy types to discover on the selected device. Select one or more of the following options: •Inventory—Includes device information such as the hostname and domain name, interfaces, and security contexts (for firewall devices running in multiple mode). On Cisco IOS routers, this option also discovers all interface-related policies, such as DSL, PPP, and PVC policies. •Platform Settings—Includes all platform-specific policies that can be configured on the selected device. For example, if you are performing policy discovery on a PIX firewall device, this option includes such policies as device admin policies, multicast policies, and routing policies. •Firewall Services—Includes all firewall service policies. For more information, see Managing Firewall Services, page 12-1. •RA VPN Policies—Includes all remote access VPN policies are configured on the selected device. For more information, see Managing Remote Access VPNs, page 10-1. •IPS—Includes all IPS policies that are configured on the selected device. For more information, see Managing IPS Devices, page 17-1 and Managing IPS Services, page 13-1.
OK button	Initiates the discovery task. The Create Discovery dialog box closes and is replaced by the Discovery Status dialog box. For more information, see Discovery Status Dialog Box.

Discovery Status Dialog Box

Use the Discovery Status dialog box to view detailed information about the current policy discovery task. The dialog box includes general information about the status of the task, as well as detailed information about any warnings or errors generated by the device being discovered.

The Discovery Status dialog box opens automatically when you initiate a discovery task on existing devices and when you add devices from a configuration file or the DCR. For more information about initiating a discovery task, see Create Discovery Task Dialog Box.

Related Topics

•Viewing Policy Discovery Task Status, page 6-12

•Discovering Policies, page 6-7

•Policy Menu General Reference

•Adding Devices to the Security Manager Inventory, page 5-30

Field Reference

Table D-14 Discovery Status Dialog Box

Element	Description
Progress bar	Indicates what percentage of the discovery task on the current device has been completed. After discovery on all devices is complete, the bar is colored green if discovery was successful and red if one or more devices failed.
Status	The current state of the discovery task.
Devices to be discovered	The total number of devices being discovered during this task. Note When discovering security contexts on a firewall device running in multiple mode, this value represents the parent device plus all the security contexts configured on the device. For more information, see Create Discovery Task Dialog Box.
Devices discovered successfully	The number of devices discovered without errors.
Devices discovered with errors	The number of devices that generated errors during discovery.
Discovery Details table
Device	The name of the device being discovered.
Severity	The overall severity level of the discovery task performed on each device (Info, Warning, Error). For example, if the discovery task completed successfully, an Info icon is displayed. If the task failed, an Error icon is displayed.
State	The current state of the policy discovery task for the selected device: •Device Added—The device has been added to Security Manager, but policy discovery has not yet started. •Discovery Started—Policy discovery has started. •Reading and Parsing Device Config—The policy discovery task is parsing the device configuration. •Importing Objects—The policy discovery task is importing objects from the configuration. •Importing Policies—The policy discovery task is importing policies from the configuration. •Discovery Complete—Policy discovery has been completed successfully. •Discovery Failed—Policy discovery failed due to errors.
Discovered From	The source of policy information. For example, when discovering from a configuration file, this field displays the name and path of the file.
Messages	The text of each message.
Severity	The severity level of each message related to the discovery task (Info, Warning, Error).
Description	Additional information about the warning or error.
Action	The steps you should take to resolve the problem.
Discovery Status buttons
Abort button	Aborts the discovery task. If you abort the task when performing policy discovery on a single device, the result is partial discovery of that device. In such cases, we recommend deleting the information (for example, by discarding the activity) and starting again. If you abort the task when performing policy discovery on multiple devices, Security Manager automatically discards the information for any partially discovered device. Devices for which discovery was completed before you aborted the operation are fully discovered.
Close button	Closes the dialog box.
Help button	Opens help for this dialog box.

Policy View General Reference

Use Policy view to globally manage all the shared policies configured with Cisco Security Manager. Unlike Device view, which you use to manage all the policies configured on a selected device, Policy view enables you to manage all shared policies of a particular type regardless of device.

Policy view enables you to:

•Create new shared policies.

•Edit any policy configuration.

•Modify the list of devices or VPNs to which shared policies are assigned.

•Delete shared policies that are not assigned to any devices or VPNs.

Navigation Path

Click the Policy View button on the toolbar or select View > Policy View.

Related Topics

•Policy Menu General Reference

Field Reference

Table D-15 Policy View  

Element	Description
Policy Type selector	Lists the policy types available in Security Manager, divided by category. Clicking a policy type in the selector displays all the shared policies defined for that type in the Shared Policy selector. See Policy View—Policy Type Selector.
Shared Policy selector	Lists the shared policies that are defined for the selected type. Clicking a policy in the selector displays the definition of that policy on the Details tab of the work area. You can modify the definition as required. Changes affect all devices or VPN topologies to which the policy is assigned. Use the Filter list to filter the list of policies displayed in the selector. For more information about creating filters, see Create Filter Dialog Box—Policy View. The list of devices or VPN topologies to which the policy is assigned is displayed on the Assignments tab. For more information, see Policy View—Assignments Tab.
Work area	Contains two tabs: •Details—Use this tab to view and edit the definition of the selected policy. Any changes you make to a policy affect every device or VPN to which the policy is assigned. See Policy View—Policy Type Selector. •Assignments—Use this tab to view and edit the list of devices or VPNs to which a shared policy is assigned. See Policy View—Assignments Tab. The banner at the top of the work area displays the name of the shared policy, the policy type, and the number of devices or VPNs to which the policy is assigned.

Policy View—Policy Type Selector

The Policy Type selector displayed on the upper-left side of Policy view lists each policy type available in Security Manager, divided by domain. Select a policy type to display a list of shared policies that are defined for that type in the Shared Policy selector.

For more information, see Policy View Selectors, page 6-42.

Related Topics

•Policy View—Policy Type Selector Options

•Policy View—Shared Policy Selector Options

•Policy View General Reference

Field Reference

Table D-16 Policy View—Policy Type Selector 

Element	Description
Firewall	Lists all policy types for configuring firewall services. See Managing Firewall Services, page 12-1.
NAT (PIX/ASA/FWSM)	Lists all NAT policies configured on PIX/ASA/FWSM devices. See Configuring NAT Policies on Firewall Devices, page 15-20.
NAT (Router)	Lists all NAT policies configured on Cisco IOS routers. See NAT on Cisco IOS Routers, page 14-5.
Site-to-Site VPN	Lists all policy types for configuring site-to-site VPNs. See Managing Site-to-Site VPNs, page 9-1.
Remote Access VPN	Lists all policy types for configuring remote-access VPNs. See Managing Remote Access VPNs, page 10-1.
SSL VPN	Lists all policy types for configuring SSL VPNs. See Managing SSL VPNs, page 11-1.
Catalyst Platform	Lists all policy types for configuring Catalyst 6500/7600 devices. See Managing Catalyst Devices, page 16-1.
IPS	Lists all policy types for configuring IPS devices. See Managing IPS Services, page 13-1 and Managing IPS Devices, page 17-1.
IPS (Router)	Lists all policy types for configuring IPS policies on IOS routers. See Managing IPS Services, page 13-1 and Managing IPS Devices, page 17-1.
PIX/ASA/FWSM Platform	Lists all policy types for configuring PIX/ASA/FWSM platform-specific policies. See Managing Firewall Devices, page 15-1.
Router Interfaces	Lists all policy types for configuring interface-related policies on Cisco IOS Routers. See Managing Routers, page 14-1.
Router Platform	Lists all policy types for configuring platform-specific Cisco IOS router policies. See Managing Routers, page 14-1.
FlexConfigs	Lists all FlexConfig policies. See Managing FlexConfigs, page 19-1.

Policy View—Policy Type Selector Options

Right-click a policy type in the Policy Type selector (see Policy View—Policy Type Selector) to display a shortcut menu for performing functions on the selected policy type.

For more information, see Policy View Selectors, page 6-42.

Related Topics

•Policy View—Shared Policy Selector Options

•Policy View General Reference

Field Reference

Table D-17 Policy Type Selector Options 

Menu Command	Description
New [policy type] Policy	Opens the Create a Policy Dialog Box. Use this dialog box to create a shared policy of the selected type.

Policy View—Shared Policy Selector Options

Right-click a policy in the Shared Policy selector of Policy view to display a shortcut menu for performing functions on the selected policy.

For more information, see Policy View Selectors, page 6-42.

Related Topics

•Policy View—Policy Type Selector Options

•Create Filter Dialog Box—Policy View

•Policy View General Reference

Field Reference

Table D-18 Shared Policy Selector Options 

Menu Command	Description
Save Policy As	Saves a new instance of the selected shared policy under a different name. Use this option to create a new policy with the same definition as the policy from which it was created. See Save Policy As Dialog Box.
Rename Policy	Renames the selected policy. See Rename Policy Dialog Box.
Inherit Rules	Applies only to rule-based policies such as access rules. Causes a rule-based policy to inherit the rules of a different shared policy of the same type. See Inherit Rules Dialog Box.
New [policy type] Policy	Opens the Create a Policy Dialog Box. Use this dialog box to create a shared policy of the selected type.
Delete Policy	Deletes a shared policy from Security Manager. Note You can delete only those policies that are not assigned to any devices or VPNs.

Create Filter Dialog Box—Policy View

Use the Create Filter dialog box to filter the shared policies displayed in Policy view, based on the filtering criteria you define. For more information, see Filtering the Shared Policy Selector, page 6-43.

Navigation Path

In Policy view, select Create Filter from the Filter list displayed above the Shared Policy selector.

Related Topics

•Policy View—Shared Policy Selector Options

•Policy View General Reference

Field Reference

Table D-19 Create Filter Dialog Box—Policy View 

Element	Description
Match Any of the Following	When you select this option an OR relationship is created among the filtering criteria you define. For example, if you define the following criteria: •Name contains OSPF •Name contains RIP When you click OK, the filter is defined as: Name contains OSPF or Name contains RIP If you select this filter from the Filter list, the Shared Policy selector displays all shared policies whose name contains either OSPF or RIP.
Match All of the Following	When you select this option an AND relationship is created among the filtering criteria you define. For example, if you define the following criteria: •Name contains OSPF •Name contains West When you click OK, the filter is defined as: Name contains OSPF and Name contains RIP If you select this filter from the Filter list, the Shared Policy selector displays all shared policies whose name contains both OSPF and West.
Filter type	Filters the policies by name. You specify the policy name, or a portion of the name, in the filter value field.
Filter operator	The relationship between the filter type and the filter value: •contains •doesn't contain •is •isn't •begins with •ends with
Filter value	The full or partial policy name to include in the filter. Enter a string in this field.
Filter content area	The filter type, operator, and value that you have selected for each criterion.
Add button	Adds a criterion to the filter control content area.
Remove button	Removes the selected criterion from the filter control content area.
OK button	Saves your changes and closes the dialog box. The filter is added to the Filter list.

Policy View—Assignments Tab

Use the Assignments tab in Policy view to modify the list of devices or VPNs to which the selected shared policy is assigned. For more information, see Modifying Policy Assignments in Policy View, page 6-46.

Navigation Path

In Policy view, select a policy from the Shared Policy selector, then click the Assignments tab in the work area.

Related Topics

•Shared Policy Assignments Dialog Box

Field Reference

Table D-20 Policy View—Assignments Tab 

Element	Description
Available Devices/VPNs	Lists all existing devices or VPN topologies. To assign the selected policy to additional devices or VPNs, select one or more items from this list, then click >> to add them to the Selected Devices list.
Assigned Devices/VPNs	Lists all devices or VPNs to which the selected policy has been assigned. To remove items from this list, select the item, then click <<. If you unassign a shared, mandatory policy from a VPN (for example, IKE), a default policy is configured automatically in its place. Unassigning a VPN policy that is not mandatory removes the policy completely from the VPN. If you unassign a shared policy from a remote access VPN, an empty policy (that is, a policy instance with no values) is configured in its place, even if it is a mandatory policy, such as IKE. In such cases, you must configure a new policy in order to avoid validation errors during deployment. If you unassign a shared policy from a device, an empty policy is assigned in its place.
Save button	Saves your changes to the server but keeps them private. Note To publish your changes, click the Submit button on the toolbar.

Create a Policy Dialog Box

When working in Policy view, use the Create a Policy dialog box to create a new shared policy of a selected type. The new policy is initially not assigned to any devices or VPN topologies. For more information, see Creating a New Shared Policy, page 6-45.

---

Note See Policy View—Assignments Tab for information about assigning the new policy.

---

Navigation Path

In Policy view, do one of the following:

•Right-click a policy type in the Policy Types selector, then select New [name of policy] Policy.

•Right-click a policy in the Shared Policy selector, then select New [name of policy] Policy.

Related Topics

•Policy View General Reference

•Policy View—Assignments Tab

Field Reference

Table D-21 Create a Policy Dialog Box 

Element	Description
Policy Name	The name to assign to the new shared policy. Names can contain up to 255 characters, including spaces and special characters.
OK button	Saves your changes locally on the client and closes the dialog box. Note To save your changes to the server so that they are not lost when you log out or close your client, click Save on the source page.