Contents

• Configuring Security Policies
• Security Policies
• Security Profile
• Policies
• Configuring Security Profiles
• Adding a Security Profile
• Editing a Security Profile
• Deleting a Security Profile
• Deleting a Security Profile Attribute
• Assigning a Policy
• Unassigning a Policy
• Configuring Security Policy Attributes
• Configuring Object Groups
• Adding an Object Group
• Adding an Object Group Expression
• Editing an Object Group
• Editing an Object Group Expression
• Deleting an Object Group
• Deleting an Object Group Expression
• Configuring a Policy
• Adding a Policy
• Editing a Policy
• Deleting a Rule-Based Policy
• Adding a Rule
• Editing a Rule
• Deleting a Rule
• Deleting a Source or a Destination Condition
• Configuring a Policy Set
• Adding a Policy Set
• Editing a Policy Set
• Deleting a Policy Set
• Configuring Zones
• Adding a vZone
• Editing a vZone
• Deleting a vZone
• Deleting a vZone Condition
• Configuring Security Profile Dictionary
• Adding a Security Profile Dictionary
• Adding a Security Profile Dictionary Attribute
• Editing a Security Profile Dictionary
• Editing a Security Profile Dictionary Attribute
• Deleting a Security Profile Dictionary
• Deleting a Security Profile Dictionary Attribute

Configuring Security Policies

---

This chapter includes the following sections:

• Security Policies
• Configuring Security Profiles
• Configuring Security Policy Attributes

Security Policies

Cisco VNMC security policies provide options to create security profiles and policies. A security profile and policies can be configured at any organizational level.

• Security Profile
• Policies

Security Profile

A Cisco VNMC security profile is a set of custom security attributes and one assigned policy set. The security profile is added to the port profile for the Nexus 1000V VSM. The port profile is assigned to the Nexus 1000V VSM vNic, making the security profile part of the virtual machine (VM). Adding a security profile to the VM allows the addition of custom attributes to the VM. Firewall rules can be written using custom attributes such that traffic between VMs can be allowed to pass or be dropped. You can also add security policies in the same GUI pane where you are adding security profiles.

There is a pre-configured default security profile at root level. The default security profile points to the default policy set. The default security profile can be edited but cannot be deleted.

Policies

A Cisco VNMC supports a number of policies. The policies are as follows:

1. Policy set—The policy set contains the policy, the rule, the zone, and the object group. Once the policy set is created, it can be assigned to a security profile. An existing default policy set is automatically assigned at system boot up.
2. Policy—A policy contains rules. A policy can contain rules that can be ordered. An existing default policy is automatically assigned at system boot up. The default policy has a default rule that has an action as drop.
3. Rule—A rule contains the conditions for regulating traffic. The default policy has a default rule that has an action as drop. Conditions for a rule can be set using the network, custom, and virtual machine attributes.
4. Object group—An object group object can be created under an organization node. It defines a collection of condition expressions on a specific system defined or on a custom attribute. An object group can be referred in a policy rule condition when a member or not-member operator is selected. The rule condition referring to the object group evaluates to true if any of the expressions in the object group evaluate to true.
5. Security Profile Dictionary—A Cisco VNMC security profile dictionary is a logical collection of security attributes. You define dictionary attributes for use in a security profile. A security profile dictionary is created at the root or tenant node. You can only create one dictionary for a tenant and only one dictionary for the root. The security profile dictionary allows the user to define names of custom attributes. Custom attribute values are specified on security profile objects. Custom attributes can be used to define policy rule conditions. Attributes configured in a root level dictionary can be used by any tenant. Creation of a dictionary below tenant level is not supported.
6. Zone—A zone defines a set of virtual machines based on conditions. The zone name is used in the authoring rules.

Security policies are created and then pushed to the Cisco VSG.

Configuring Security Profiles

Adding a Security Profile

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Security Profiles
Step 4	In the Work pane, click the Add Security Profile link. Note    You can add the component at any organizational level.
Step 5	In the Add Security Profile dialog box, General tab area, complete the following fields: Name Description Name field The name of the security profile. This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved. Description field A description of the security profile. This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved. Policy Set drop-down list A selectable drop-down list of policy sets. Add Policy Set link A link to add a policy set. Resolved Policy Set field A link to edit the resolved policy set. Table 1 Resolved Policies Area Name Description (Un)assign Policy link The link to unassign a policy. Name column The name of the rule. Source Condition column Contains the source condition specified. Destination Condition column Contains the destination condition specified. Protocol column Contains the protocol specified. Ethertype column Contains the Ethertype specified. Action column Contains the action specified for the rule. Description column Contains a description for the rule.
Step 6	In the Add Security Profile dialog box, Attributes tab area, complete the following fields: Name Description Add link The link opens a dialog box where you can add an attribute. Name column The name of the attribute. Value column The attribute value.
Step 7	Click OK.

---

Editing a Security Profile

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Security Profiles .
Step 4	In the Work pane, click the security profile you want to edit.
Step 5	Click the Edit link.
Step 6	In the Edit Security Profile dialog box, General tab area, modify the following fields as appropriate: Name Description Name field The name of the security profile. Description field A user-defined description of the object. Policy Set drop-down list A selectable drop-down list of policy sets. Resolved Policy Set field A link to edit the resolved policy set. Table 2 Resolved Policies Area Name Description (Un)assigned Policy column The link to a dialog box where you can assign or unassign policies. Source Condition column Contains the source condition specified. Destination Condition column Contains the destination condition specified. Protocol column Contains the protocol specified. Ethertype column Contains the Ethertype specified. Action column Contains the action specified for the rule. Description column A description of the component.
Step 7	In the Edit Security Profile dialog box, Attributes tab area, modify the following fields as appropriate: Name Description Add link Allows you to add a Security Profile attribute. Name column The name of the Security Profile attribute. Value column A value for the attribute.
Step 8	Click OK.

---

Deleting a Security Profile

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Security Profiles.
Step 4	In the Work pane, click the security profile you want to delete.
Step 5	Click the Delete link.
Step 6	In the Confirm dialog box, click OK.

---

Deleting a Security Profile Attribute

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Security Profiles.
Step 4	In the Navigation pane, click the security profile that contains the attribute you want to delete.
Step 5	In the Work pane, click the Attributes tab.
Step 6	Click the attribute you want to delete.
Step 7	Click the Delete link.
Step 8	In the Confirm dialog box, click OK.

---

Assigning a Policy

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Security Profiles.
Step 4	In the Navigation pane, click the profile where you want to assign the policy.
Step 5	In the Work pane, click the (Un)assign Policy link.
Step 6	In the (Un)assign Policy dialog box, move the policy you want assigned to the Assigned list.
Step 7	Click OK.

---

Unassigning a Policy

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Security Profiles.
Step 4	In the Navigation pane, click the profile where you want to unassign the policy.
Step 5	In the Work pane, click the (Un)assign Policy link.
Step 6	In the (Un)assign Policy dialog box, move the policy you want unassigned to the Available list.
Step 7	Click OK.

---

Configuring Security Policy Attributes

Configuring Object Groups

Adding an Object Group

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Object Groups.
Step 4	In the Work pane, click the Add Object Group link. Note    You can add the component at any organizational level.
Step 5	In the Add Object Group dialog box, complete the following fields: Name Description Name field The name of the object group. This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved. Description field A description of the object group. This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved. Attribute Type drop-down list The attribute types available to select. Attribute Name drop-down list The attribute names available to select. Add Attribute link The link opens a dialog box where you can add an attribute. Resolved Attribute field The resolved attribute link.
Step 6	Click OK.

---

Adding an Object Group Expression

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Object Groups.
Step 4	In the Work pane, click the Add Object Group link. Note    You can add the component at any organizational level.
Step 5	In the Add Object Group dialog box, click the Add link:
Step 6	In the Add Object Group Expression dialog box, complete the following fields: Name Description Attribute Name field The name of the attribute. Operator drop-down list The list of selectable operators. Attribute Value field The value of the attribute.
Step 7	Click OK.

---

Editing an Object Group

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expandroot > Advanced > Advanced > Object Groups.
Step 4	In the Work pane, click the object group you want to edit.
Step 5	Click the Edit link.
Step 6	In the Edit Object Group dialog box General tab area, edit the appropriate fields: Name Description Name field The name of the object group. This field cannot be edited on this tab. Description field The description of the object group. This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved. Attribute Type drop-down list A list that contains attribute types. Attribute Name drop-down list A list that contains attribute names Table 3 Expression Area Name Description Operator column The operator used. Value column The attribute value.
Step 7	Click OK.

---

Editing an Object Group Expression

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Object Groups and click the object group where you want to edit an expression.
Step 4	In the Work pane, click the Edit link in the Expression area.
Step 5	In the Expressions area, click the expression you want to edit.
Step 6	In the Edit Expression dialog box modify the appropriate fields: Name Description Attribute Name field The name of the attribute. Operator drop-down list The list of selectable operators. Attribute Value field The value of the attribute.
Step 7	Click OK.

---

Deleting an Object Group

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Object Groups.
Step 4	In the Navigation pane, click the Object Groups node.
Step 5	In the Work pane, click the object group you want to delete.
Step 6	Click the Delete link.
Step 7	In the Confirm dialog box, click Yes.

---

Deleting an Object Group Expression

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Object Groups.
Step 4	In the Navigation pane, click the object group that contains the expression you want to delete.
Step 5	In the Expression area, click the expression you want to delete.
Step 6	Click the Delete link.
Step 7	In the Confirm dialog box, click Yes.

---

Configuring a Policy

Adding a Policy

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Policies.
Step 4	In the Work pane, click the Add Policy link.
Step 5	In the Add Policy dialog box, complete the following fields: Name Description Name The name of the policy. This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved. Description The description of the policy. This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved. Table 4 Rules Area Name Description Add Rule link Opens a dialog box that allows you to add a rule. Up and Down arrows Changes the priority of the selected policies. Name column Contains the rule names. Source Condition column Contains the source condition specified Destination Condition column Contains the destination condition specified Protocol column Contains the protocol specified Ethertype column Contains the EtherType specified Action column Contains the action specified for the rule. Description column Contains a description for the rule.
Step 6	Click OK.

---

Editing a Policy

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Policies.
Step 4	In the Work pane, click the policy you want to edit.
Step 5	Click the Edit link.
Step 6	In the Edit Policy dialog box, General tab area, modify the following fields as appropriate: Name Description Name field A component name. Description field A component description. Table 5 Rules Area Name Description Add Rule link Opens a dialog box that allows you to add a rule. Up and Down arrows Changes the priority of the selected policies. Name column Contains the rule names. Source Condition column Contains the source condition specified Destination Condition column Contains the destination condition specified Protocol column Contains the protocol specified Ethertype column Contains the EtherType specified Action column Contains the action specified for the rule. Description column Contains a description for the rule.
Step 7	Click Apply, and then click OK.

---

Deleting a Rule-Based Policy

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Policies.
Step 4	In the Work pane, click the policy you want to delete.
Step 5	Click the Delete link.
Step 6	In the Confirm dialog box, click Yes.

---

Adding a Rule

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Policies.
Step 4	In the Work pane, click the Add Policy link. Note    You can add the component at any organizational level.
Step 5	In the Add Policy dialog box, click the Add Rule link.
Step 6	In the Add Rule dialog box, complete the following fields: Name Description Name field The name of the rule. This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved. Description field The description of the rule. This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved. Action to Take area The area in which you manage actions. drop radio button—Click to set the action to drop. permit radio button—Click to set the action to permit. reset radio button—Click to set the action to reset. You can also check the log check box to enable logging. Protocol area The area in which you set the protocol. Any check box—Check to use any protocol, and uncheck to choose a protocol. Operator drop-down list—Choose an operator from the drop-down list. Value drop-down list—Choose a protocol from the drop-down list. Ether Type area The area in which you set the Ethernet type. Any check box—Check to use any value, and uncheck to enter a value. Operator drop-down list—Choose an operator from the drop-down list. Value field—Enter a hex number in the field.
Step 7	In the Source Conditions area, click the Add link to open the Add Source Condition dialog box, and choose the fields as appropriate: Table 6 Source Conditions Area Name Description Add link Clicking the Add link opens the Add Source Condition dialog box. Attribute Name column The name of the attribute. Operator column The operator value specified. Attribute Value column The attribute value specified.
Step 8	In the Destination Conditions area, click the Add link to open the Add Destination Condition dialog box, and choose the fields as appropriate: Table 7 Destination Conditions Area Name Description Add link Clicking the Add link opens the Add Destination Condition dialog box. Attribute Name column The name of the attribute. Operator column The operator value specified. Attribute Value column The attribute value specified.
Step 9	Click OK.

---

Editing a Rule

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Policies > Policy_name where you want to edit a rule.
Step 4	In the Work pane, click the Rule_name you want to edit.
Step 5	Click the Edit link.
Step 6	In the Edit Rule dialog box General tab area, modify the fields: Modify the following fields as appropriate: Name Description Name field The name of the rule. Description field A description of the rule. This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved. Action to Take area The area in which you manage actions. drop radio button—Click to set the action to drop. permit radio button—Click to set the action to permit. reset radio button—Click to set the action to reset. You can also check the log check box to enable logging. Protocol area The area in which you set the protocol. Any check box—Check to use any protocol, and uncheck to choose a protocol. Operator drop-down list—Choose an operator from the drop-down list. Value drop-down list—Choose a protocol from the drop-down list. Ether Type area The area in which you set the Ethernet type. Any check box—Check to use any value, and uncheck to enter a value. Operator drop-down list—Choose an operator from the drop-down list. Value field—Enter a hex number in the field. In the Source Conditions area, modify the appropriate fields: Table 8 Source Conditions Area Name Description Add link Clicking the Add link opens the Add Source Condition dialog box. Attribute Name column The name of the attribute. Operator column The operator value specified. Attribute Value column The attribute value specified. In the Destination Conditions area, modify the appropriate fields: Table 9 Destination Conditions Area Name Description Add link Clicking the Add link opens the Add Destination Condition dialog box. Attribute Name column The name of the attribute. Operator column The operator value specified. Attribute Value column The attribute value specified.
Step 7	Click OK.
Step 8	In the Policy_name dialog box, click Save.

---

Deleting a Rule

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Policies.
Step 4	In the Work pane, click the Policy where you want to delete a rule.
Step 5	Click the Edit link.
Step 6	In the Edit Policy dialog box, click the rule you want to delete.
Step 7	Click the Delete link.
Step 8	In the Confirm dialog box, click Yes.

---

Deleting a Source or a Destination Condition

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Policies. In the Navigation pane, click the policy that contains the source or destination condition you want to delete.
Step 4	In the Navigation pane, click the policy that contains the source or destination condition you want to delete.
Step 5	In the Work pane, click the Edit Rule link.
Step 6	In the Edit Rule dialog box, click the source or a destination condition you want to delete.
Step 7	Click the Delete link in the associated area.
Step 8	In the Confirm dialog box, click Yes.

---

Configuring a Policy Set

Adding a Policy Set

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Policy Sets. Note    You can add the component at any organizational level.
Step 4	In the Work pane, click the Add Policy Set link.
Step 5	In the Add Policy Set dialog box, General tab area, complete the following fields, and optionally, move policies between the Available and Assigned areas: Name Description Name field A name for the component. This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved. Description field A user-defined description of the component. This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved. Table 10 Policies Area Name Description Add Policy link Opens a dialog box that allows you to add a policy. Up and Down arrows Changes the priority of the selected policies. Available column Lists the policies created and available. Use arrows between the columns to move policies to the Assigned column. Assigned column Lists the policies assigned to the policy set. Use arrows between the columns to move policies to the Available column.
Step 6	In the Add Policy Set dialog box, click OK.

---

Editing a Policy Set

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Policy Sets.
Step 4	In the Work pane, click the policy set you want to edit.
Step 5	Click the Edit link.
Step 6	In the Edit Policy Set dialog box, General tab area, modify the following fields as appropriate: Name Description Name field A name for the component. Description field A user-defined description of the component. Table 11 Policies Area Name Description Add Policy link Opens a dialog box that allows you to add a policy. Up and Down arrows Changes the priority of the selected policies. Available column Lists the policies created and available. Use arrows between the columns to move policies to the Assigned column. Assigned column Lists the policies assigned to the policy set. Use arrows between the columns to move policies to the Available column.
Step 7	Click OK.

---

Deleting a Policy Set

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Policy Sets.
Step 4	In the Work pane, click the policy set you want to delete.
Step 5	Click the Delete link.
Step 6	In the Confirm dialog box, click Yes.

---

Configuring Zones

Adding a vZone

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced.
Step 4	In the Navigation pane, click the vZones node. Note    You can add the component at any organizational level.
Step 5	In the Work pane, click the Add vZone link.
Step 6	In the Add vZone dialog box, complete the following fields: Name Description Name field The name of the vZone. This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved. Description field The description of the vZone. This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved.
Step 7	Click the Add link in the vZone Condition area and complete the following tasks: In the Add vZone Condition dialog box, complete the following areas: Name Description Attribute Type drop-down list A list of attribute types. It can be one of the following attributes: Network VM User Defined Table 12 Expression Area Name Description Attribute Name The attribute name. Depending upon the attribute type selected, a different set of choices are available. Operator The operator used. Depending upon the attribute type selected, a different set of choices are available. Attribute Value The attribute value. Depending upon the attribute type selected, a different set of choices is available. Click OK.
Step 8	In the Add vZone dialog box, click OK.

---

Editing a vZone

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > vZones node.
Step 4	In the Navigation pane, click the vZones node.
Step 5	In the Work pane, click the vzone you want to edit.
Step 6	Click the Edit link.
Step 7	In the Edit Zone dialog box General tab area, change the appropriate fields: Name Description Name column A list of components. Description column A list of component descriptions.
Step 8	In the Edit Zone dialog box vZone Conditions area, do the following: Click an attribute you want to edit. Click the Edit link to open the Edit Condition dialog box, and make the appropriate changes in the following fields: Name Description Attribute Type drop-down list The list you use to manage attribute types. Table 13 Expression area Name Description Attribute Name drop-down list Contains attribute names. Operator drop-down list Contains operators. Attribute Value field Contains attribute values. Click OK.
Step 9	In the Edit vZone dialog box, click OK.

---

Deleting a vZone

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced.
Step 4	In the Navigation pane, click the vZones node.
Step 5	In the Work pane, click the vZone you want to delete.
Step 6	Click the Delete link.
Step 7	In the Confirm dialog box, click Yes.

---

Deleting a vZone Condition

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > vZones .
Step 4	In the Navigation pane, click the vZone that contains the condition you want to delete.
Step 5	In the Work pane, click the Edit link.
Step 6	In the Edit vZone dialog box, vZone Condition area, click the condition you want to delete.
Step 7	Click the Delete link.
Step 8	In the Confirm dialog box, click Yes.
Step 9	In the Edit vZone dialog box, click Apply.

---

Configuring Security Profile Dictionary

Adding a Security Profile Dictionary

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Security Profile Dictionary node.
Step 4	In the Work pane, click the Add Security Profile Dictionary link. Note    You can create a security profile dictionary at the root or Tenant level.
Step 5	In the Add Security Profile Dictionary dialog box, complete the following fields as appropriate: Name Description Name field The name of the security profile. This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved. Description field A description of the security profile. This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved. Policy Set drop-down list A selectable drop-down list of policy sets. Add Policy Set link A link to add a policy set. Resolved Policy Set field A link to edit the resolved policy set.
Step 6	Click OK.

---

Adding a Security Profile Dictionary Attribute

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expandroot > Advanced > Security Profile Dictionary to view and select the appropriate Security Profile Dictionary_name.
Step 4	In the Work pane, click the Edit link to open the Edit Security Profile Dictionary dialog box.
Step 5	In the Edit Security Profile Dictionary dialog box, click the Add Attribute link.
Step 6	In the Add Attribute dialog box, complete the following fields: Name Description Name field The name of the Security Profile Dictionary attribute. This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved. Description field A description of the Security Profile Dictionary attribute. This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved.
Step 7	Click OK.

---

Editing a Security Profile Dictionary

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Security Profile Dictionary.
Step 4	In the Work pane, click the security profile dictionary you want to edit.
Step 5	Click the Edit link.
Step 6	In the Edit Security Profile Dictionary dialog box, modify the fields as appropriate: Name Description Name field The name of the security profile dictionary. You cannot edit this field. Description field A description of the security profile dictionary.
Step 7	Click OK.

---

Editing a Security Profile Dictionary Attribute

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Security Profile Dictionary node.
Step 4	In the Work pane, click the security profile dictionary that contains the attribute you want to edit.
Step 5	Click the Edit link.
Step 6	In the Edit Security Profile Dictionary dialog box, Attributes area, click the attribute you want to edit.
Step 7	Click the Edit link.
Step 8	In the Edit Attribute dialog box, modify the following fields as appropriate: Name Description Name field The name of the security profile dictionary attribute. Description field A description of the security profile dictionary attribute.
Step 9	Click OK.
Step 10	In the Edit Security Profile Dictionary dialog box, click OK.

---

Deleting a Security Profile Dictionary

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expandroot > Advanced > Security Profile Dictionary node.
Step 4	In the Work pane, click the security profile dictionary you want to delete.
Step 5	Click the Delete link.
Step 6	In the Confirm dialog box, click OK.

---

Deleting a Security Profile Dictionary Attribute

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand root > Advanced > Security Profile Dictionary. In the Navigation pane, click the dictionary that contains the attribute you want to delete.
Step 4	In the Work pane, click the Edit link.
Step 5	In the Edit Security Profile Dictionary dialog box, Attributes area, click the attribute you want to delete.
Step 6	Click the Delete link.
Step 7	In the Confirm dialog box, click OK.

---