User Guide for Cisco Security Manager 3.2.1
FlexConfig User Interface Reference
Download this chapter
FlexConfig User Interface ReferenceFlexConfig User Interface Reference
Download the complete book
User Guide for Cisco Security Manager 3.2.1 - Whole Book PDFUser Guide for Cisco Security Manager 3.2.1 - Whole Book PDF (PDF - 36 MB)
give_us_feedback

Table Of Contents

FlexConfig User Interface Reference

FlexConfig Policy Page

FlexConfigs Policy Page—Device View

FlexConfigs Policy Page—Policy View

FlexConfigs Selector Dialog Box

Values Assignment Dialog Box

FlexConfig Policy Preview Dialog Box

FlexConfigs Objects Page

FlexConfig Editor Dialog Box

Create Text Object Dialog Box

FlexConfig Undefined Variables Dialog Box

Property Selector Dialog Box


FlexConfig User Interface Reference

FlexConfig policy objects are reusable, named components that can be referenced by other policy objects and policies. You create FlexConfig policy objects by entering configuration commands, either with or without additional scripting language instructions, in the FlexConfig Editor.

Use the FlexConfig page to create and modify additions to configurations for parameters that are not supported. Using this tool allows you to combine FlexConfig policy objects to create FlexConfig policies. For more information, see Chapter 19, "Managing FlexConfigs".

The following topics describe the fields on the FlexConfig object pages and dialog boxes:

FlexConfig Policy Page

FlexConfigs Selector Dialog Box

Values Assignment Dialog Box

FlexConfig Policy Preview Dialog Box

FlexConfigs Objects Page

FlexConfig Policy Page

Use the FlexConfig Policy page to create FlexConfig policies. The FlexConfig Policy Page displayed depends on whether you are in Device or Policy view.

See the appropriate field reference table:

Device view—Table O-1

Policy view—Table O-2

Navigation Path

(Device view) Click the Device View button on the main toolbar. Select a device and click FlexConfigs.

(Policy view) Click the Policy View button on the main toolbar. The FlexConfig Policy page appears if FlexConfig policies have been created. If no FlexConfig policies have been created, create a policy (click the Create a Policy button, name the policy, and click OK).

Related Topics

FlexConfigs Selector Dialog Box

Values Assignment Dialog Box

FlexConfig Policy Preview Dialog Box

Chapter 19, "Managing FlexConfigs"

FlexConfigs Policy Page—Device View

Table O-1 FlexConfigs Policy Page—Device View 

Element
Description

Pre-pended FlexConfigs

FlexConfig policy objects that are added to the beginning of the configuration. The following information is provided for each FlexConfig object:

No.—Order in which the commands are added to the configuration. You can change the order of FlexConfig policies by selecting a policy and clicking the Move Up or Move Down button until the policy is in the desired sequence.

Name—Name of the FlexConfig object (up to 128 characters). Object names are not case sensitive.

Description—A word or phrase that reflects the contents of the object (up to 1024 characters).

Appended FlexConfigs

FlexConfig policy objects that are added to the end of the configuration. The following information is provided for each FlexConfig object:

No.—Order in which the commands are added to the configuration. You can change the order of FlexConfig policies by selecting a policy and clicking the Move Up or Move Down button until the policy is in the desired sequence.

Name—Name of the FlexConfig object (up to 128 characters). Object names are not case sensitive.

Description—A word or phrase that reflects the contents of the object (up to 1024 characters).

Values button

Displays the Values Assignment window that allows you to validate, preview, or modify an object's values.

Preview button

Displays the generated CLI commands based on the selected objects defined in the FlexConfig policy. This button is only visible from the Devices view.

Move Up button

Moves an object up in order in the policy.

Move Down button

Moves an object down in order in the policy.

Add button

Opens the Object Selector dialog box, from which you can select or create FlexConfig policy objects to include in the policy.

Edit button

Opens the Edit FlexConfig dialog box, from which you can make changes to the selected FlexConfig policy object.

Note If you selected a predefined FlexConfig policy object packaged with Security Manager, or an object for which you do not have edit permission, the Edit FlexConfig dialog box comes up in read-only mode.

Remove button

Removes the object from the policy.

Note The object is not deleted from Security Manager; it is simply removed from the FlexConfig object.


FlexConfigs Policy Page—Policy View

Table O-2 FlexConfigs Policy Page—Policy View 

Element
Description
Details tab

Pre-pended FlexConfigs

FlexConfig policy objects that are added to the beginning of the configuration. The following information is provided for each FlexConfig object:

No.—Order in which the commands are added to the configuration. You can change the order of FlexConfig policies by selecting a policy and clicking the Move Up or Move Down button until the policy is in the desired sequence.

Name—Name of the FlexConfig object (up to 128 characters). Object names are not case sensitive.

Description—A word or phrase that reflects the contents of the object (up to 1024 characters).

Appended FlexConfigs

FlexConfig policy objects that are added to the end of the configuration. The following information is provided for each FlexConfig object:

No.—Order in which the commands are added to the configuration. You can change the order of FlexConfig policies by selecting a policy and clicking the Move Up or Move Down button until the policy is in the desired sequence.

Name—Name of the FlexConfig object (up to 128 characters). Object names are not case sensitive.

Description—A word or phrase that reflects the contents of the object (up to 1024 characters).

Values button

To validate, preview, or modify an object's values, select the object and click Values.

Preview button

Displays the generated CLI commands based on the selected objects defined in the FlexConfig policy. This button is only visible from the Devices view.

Move Up button

Moves an object up in order in the policy.

Move Down button

Moves an object down in order in the policy.

Add button

Opens the Object Selector dialog box, from which you can select or create FlexConfig policy objects to include in the policy.

Edit button

Opens the Edit FlexConfig dialog box, from which you can make changes to the selected FlexConfig policy object.

Note If you selected a predefined FlexConfig policy object packaged with Security Manager, or an object for which you do not have edit permission, the Edit FlexConfig dialog box comes up in read-only mode.

Remove button

Removes the object from the policy.

Note The object is not deleted from Security Manager; it is simply removed from the FlexConfig object.

Save button

Saves any changes made on the active page, but does not submit them to the Security Manager database.

Assignments tab

Available Devices

Displays the following information:

Filter—Enables you to filter and display a subset of devices based on the filtering criteria you define.

Device selector tree—Lists all device groups and devices in Security Manager. Select the device to which you want to add the selected FlexConfig policy and click the>> button. The device appears in the Assigned Devices field.

Assigned Devices

Lists all devices to which the selected FlexConfig policy will be assigned. To remove a device from the list, select the device and click the << button.

Save button

Saves any changes made on the active page, but does not submit them to the Security Manager database.


FlexConfigs Selector Dialog Box

Use the FlexConfig selector dialog box to select from a list of FlexConfig policy objects and add or remove them to or from your devices or FlexConfig policies.

Navigation Paths

From Device view, select a device and click FlexConfig > Add. The FlexConfig Selector appears.

Or, from Policy view, select FlexConfigs, select a policy, and click Add. The FlexConfig Selector appears.

Related Topics

FlexConfig Policy Page

Chapter 19, "Managing FlexConfigs"

Field Reference

Table O-3 FlexConfigs Selector Dialog Box 

Element
Description

Available FlexConfigs

List of sample and user-created FlexConfigs. You can perform the following actions using these fields and buttons:

Filter—Filter the object information displayed in the table based on conditions set. For more information, see Filtering Tables, page 3-17.

Create button—Click to add additional FlexConfigs. The new FlexConfigs are added to the list.

Edit button—Select a FlexConfig and click the Edit button to modify a FlexConfig.

>> button—Select a FlexConfig and click the >> button to add the FlexConfig to the Selected FlexConfigs field.

Selected FlexConfigs

List of selected FlexConfigs. You can perform the following actions using these fields and buttons:

Edit button—Select a FlexConfig and click the Edit button to modify a FlexConfig.

<< button—Select a FlexConfig and click the << button to remove the FlexConfig from the Selected FlexConfigs field.

OK button

Saves your changes to the server and closes the dialog box.


Values Assignment Dialog Box

Use the Values Assignment dialog box to view the attributes of a FlexConfig object, validate the object, or preview the CLI generated from the object.

Navigation Path

To open the Values Assignment dialog box, select an object and click Values from the FlexConfig Policy page.

Related Topics

FlexConfig Policy Page

Chapter 19, "Managing FlexConfigs"

Field Reference

Table O-4 Values Assignment Dialog Box 

Element
Description

Assigned Devices

(Policy view only) Device selector tree. Select the device for which you want to display variable values.

Device

Name of device.

FlexConfig

Name of FlexConfig object.

Name

Name of variable (up to 128 characters).

Object Property

Property of the object. The object property name is in the following format:

type.name.data.property

where

Type—Type of object, for example Text, Network, AAA Server, and so on.

Name—Name of object.

Data—Property of the object (optional).

Property—Property of the data.

Dimension

When specified, denotes a list of variables. When absent, denotes a single variable.

Description

A word or phrase that reflects the contents of the object (up to 1024 characters).

Override

Indicates whether the global object definition can be overridden by object values defined at device level. See Allowing a Global Object to Be Overridden, page 9-164.

Optional

Indicates whether the variable value can be empty or not. In some CLI commands, parameters might not need to be specified. In such cases, the variable can be specified as optional.

Value

Value to use when one is not provided. When a default value is not provided, the user must provide the value for this variable.

OK button

Saves your changes locally on the client and closes the dialog box.

To save your changes to the server so that they are not lost when you log out or close your client, click Save on the source page.

Validate button

Validates the Velocity Template Language syntax and makes sure all required variable have values, variables do not start with SYS_, and referenced policy objects exist.

Preview button

Displays the generated CLI commands based on the selected objects defined in the FlexConfig policy.


FlexConfig Policy Preview Dialog Box

Use the FlexConfig Policy Preview dialog box to view the generated CLI commands based on the variables of the selected object defined in the FlexConfig policy.

Navigation Path

To open the FlexConfig Policy Preview dialog box, do one of the following:

From Device view, select an object and click Preview from the Values Assignment dialog box.

From Device view, select a device and click FlexConfig. Select an object in the FlexConfig policy and click Preview.

Related Topics

FlexConfig Policy Page

Chapter 19, "Managing FlexConfigs"

FlexConfigs Objects Page

Use the FlexConfig Objects page to create, edit, delete, duplicate, find usages of, and view FlexConfig objects. Sample FlexConfig objects are configured as read only; you must duplicate a sample FlexConfig object before you can edit it.

Navigation Paths

Select Tools > Policy Object Manager > FlexConfigs.

Related Topics

Understanding FlexConfig Policy Objects, page 19-1

Filtering Tables, page 3-17

Chapter 19, "Managing FlexConfigs"

Policy Object Manager Window, page F-3

Object Usage Window, page F-457

Field Reference

Table O-5 FlexConfigs Objects Page 

Element
Description

Filter

Click the arrow to display the filtering bar, which enables you to filter the information displayed in the table. See Filtering Tables, page 3-17.

Name

Name of the object (up to 128 characters). Object names are not case sensitive.

When creating a duplicate of a FlexConfig object, the name of the object is copy-of- and the name of the FlexConfig. For example, a duplicate of the no_router_Id FlexConfig object is named copy-of-no_router_Id. You can keep this name or enter a new one.

For more information, see Guidelines for Managing Objects, page 9-3.

Group

Group assigned to the object.

Type

Location of the commands in configurations files—either prepended (put at the beginning) or appended (put at the end).

Negate For

Name of the FlexConfig object whose commands are undone in the current FlexConfig object.

For example, FlexConfig A has the command banner loginmybanner. FlexConfig B has the command no banner loginmybanner. Therefore, FlexConfig B negates the configuration for FlexConfig A, and FlexConfig A is listed in the Negate for field.

Description

A word or phrase that reflects the contents of the object (up to 1024 characters).

New Object button

Opens a dialog box for creating a new FlexConfig object. See FlexConfig Editor Dialog Box.

Edit Object button

Select the row of an object from the table, then click to open the dialog box for editing the selected object. For details, see FlexConfig Editor Dialog Box.

Delete Object button

Select the rows of one or more objects, then click to delete.

You cannot delete an object that is referenced by policies or other objects.


FlexConfig Editor Dialog Box

FlexConfig policy objects are reusable, named components that can be referenced by other policy objects and policies. You create FlexConfig policy objects by entering configuration commands, either with or without additional scripting language instructions, in the FlexConfig Editor.

Use the FlexConfig Editor dialog box to create or edit FlexConfig objects. Before you can edit a sample FlexConfig object (one that came with Security Manager) you must duplicate it. The sample FlexConfig objects are read only.

Navigation Path

From the FlexConfigs Objects page, do one of the following:

To create a new FlexConfig object, click the New Object button.

To edit an existing FlexConfig object, select the desired object and click the Edit Object button.

Related Topics

FlexConfigs Objects Page

Chapter 19, "Managing FlexConfigs"

Field Reference

Table O-6 FlexConfigs Editor Dialog Box 

Element
Description

Name

Name of the object (up to 128 characters). Object names are not case sensitive. For more information, see Guidelines for Managing Objects, page 9-3.

Description

A word or phrase that reflects the contents of the object (up to 1024 characters).

Group

Displays the category that is assigned to the object. See Understanding Category Objects, page 9-39.

Type

Indicates whether the commands in the object are prepended (put at the beginning) or appended (put at the end) of configurations.

Negate For

Name of the FlexConfig object whose commands are undone in the current FlexConfig object.

For example, FlexConfig A has the command banner loginmybanner. FlexConfig B has the command no banner loginmybanner. Therefore, FlexConfig B negates the configuration for FlexConfig A, and FlexConfig A is listed in the Negate for field.

FlexConfig Object Body

Object Body

Commands and instructions to produce the desired configuration file output.

Right-click in the object body field to display a pop-up menu to do one of the following:

Create Text Object—Allows you to create a variable definition for the FlexConfig object you are creating. For a description of the dialog box that appears, see Create Text Object Dialog Box.

Insert Policy Object—Allows you to choose a policy object type, then select from a list of previously created policy objects.

Insert System Variable—Allows you to choose a system variable type (Firewall, Remote Access VPN, Router, VPN), then select from a list of predefined variables.

Undo button

Deletes the previous action.

Redo button

Performs the previously undone action.

Cut button

Deletes highlighted text.

Copy button

Copies highlighted text.

Paste button

Pastes previously cut or copied text.

Find button

Locates the specified text string in the object body.

Validate FlexConfig button

Checks the integrity and deployability of the FlexConfig object.

FlexConfig Object Variables

Name

Name of the variable.

Default Value

Value to use when one is not provided.

Note Except for optional variables, if a default value is not provided, you must provide a value for the variable.

Object Property

Property of the object. The object property name is in the following format:

type.name.data.property

where

Type—Type of object, for example Text, Network, AAA Server, and so on.

Name—Name of object.

Data—Property of the object (Optional).

Property—Property of the data.

Dimension

Structure of the data in the variable. Valid values are as follows:

0—scaler (a single string)

1—one-dimensional array (a list of strings)

2—two-dimensional table (a table of strings)

Optional

Indicates whether the variable is required to have a value.

Description

A word or phrase that reflects the contents of the object.

OK button

Saves your changes locally on the client and closes the page.

To save your changes to the server so that they are not lost when you log out or close your client, click Save on the source page.


Create Text Object Dialog Box

Text objects are a type of policy object variable. They are a name and value pair, and the value can be a single string, a list of strings, or a table of strings. Their flexibility allows you to enter any type of textual data to be referenced and acted upon by any policy object.

Use the Text Objects dialog box to create text objects.

Navigation Path

From the FlexConfig Editor dialog box, right-click in the object body field and selectCreate Text Object.

Related Topics

FlexConfig Editor Dialog Box

Chapter 19, "Managing FlexConfigs"

Field Reference

Table O-7 Create Text Object Dialog Box 

Element
Description

Name

Name of the object (up to 128 characters). Object names are not case sensitive. For more information, see Guidelines for Managing Objects, page 9-3.

Value

Value to use when one is not provided. When a default value is not provided, the user must provide the value for this variable.

Dimension

Structure of the data in the variable. Valid values are as follows:

0—scaler (a single string)

1—one-dimensional array (a list of strings)

2—two-dimensional table (a table of strings)

OK button

Saves your changes locally on the client and closes the dialog box.

To save your changes to the server so that they are not lost when you log out or close your client, click Save on the source page.


FlexConfig Undefined Variables Dialog Box

Use the FlexConfig Undefined Variables dialog box to define policy object variables that have not yet been defined. You can choose from a list of policy object types or add a new policy object to use.

Note A local variable need not be defined. For more information about variables, see Object Variables, page 19-4.

Navigation Path

From the FlexConfig Editor dialog box, if you enter a variable name but do not define its values and you attempt to save the FlexConfig object, Security Manager displays a warning. Click Yes to define the undefined variables.

Related Topics

Chapter 19, "Managing FlexConfigs"

Field Reference

Table O-8 FlexConfig Undefined Variables Dialog Box 

Element
Description

Variable Name

Name of the object (up to 128 characters). Object names are not case sensitive. For more information, see Guidelines for Managing Objects, page 9-3.

Object Type

Type of policy object.

Select the desired policy object from the list, and the Single Selection Objects Selector dialog box appears. Select an object and click OK. Depending on the object type that you selected, the Property Selector dialog box appears. Selections are based on the object type selected. For more information about these related dialog boxes, see the following topics:

Object Selectors, page F-455

Property Selector Dialog Box

Object Property

Property of the object. The list displayed depends on the object type.

Optional

Indicates whether the variable is required to have a value.

OK button

Saves your changes locally on the client and closes the dialog box.

To save your changes to the server so that they are not lost when you log out or close your client, click Save on the source page.


Property Selector Dialog Box

Use the Property Selector dialog box to create text objects.

Navigation Path

To open the Property Selector dialog box from the FlexConfig Undefined Variables dialog box, select the desired policy object from the Object Type list. The Single Selection Objects Selector dialog box appears. Select an object and click OK. The Property Selector dialog box appears. For more information about the Single Selection Objects Selector dialog box, see Object Type Selector, page F-3.

Related Topics

Chapter 19, "Managing FlexConfigs"

Field Reference

Table O-9 Property Selector Dialog Box 

Element
Description

Object Property

Property of the object. Choose an object property from the list box. The name of the object property is provided below the list box in the following format:

type.name.data.property

where

Type—Type of object, for example Text, Network, AAA Server, and so on.

Name—Name of object.

Data—Property of the object (always data).

Property—Property of the data.

Name

Name of variable.

Description

Word or phrase that reflects the contents of the object.

OK button

Saves your changes locally on the client and closes the dialog box.

To save your changes to the server so that they are not lost when you log out or close your client, click Save on the source page.