Contents

• Configuring Security Policies
• Security Policies
• Firewall Policies
• Security Profiles
• VNMC Security Profile Dictionary
• Configuring Firewall Policies
• Configuring Object Groups
• Adding an Object Group
• Adding an Object Group Expression
• Editing an Object Group
• Editing an Object Group Expression
• Deleting an Object Group
• Deleting an Object Group Expression
• Configuring a Policy
• Adding a Policy
• Editing a Policy
• Deleting a Policy
• Adding a Rule
• Editing a Rule
• Deleting a Rule
• Deleting a Source or a Destination Condition
• Configuring a Policy Set
• Adding a Policy Set
• Assigning a Policy
• Editing a Policy Set
• Deleting a Policy Set
• Deleting an Assigned Policy
• Configuring Zones
• Adding a Zone
• Editing a Zone
• Deleting a Zone
• Deleting a Zone Condition
• Configuring Security Profiles
• Adding a Security Profile
• Editing a Security Profile
• Deleting a Security Profile
• Deleting a Security Profile Attribute
• Configuring Security Profile Dictionary
• Adding a Security Profile Dictionary
• Adding a Security Profile Dictionary Attribute
• Editing a Security Profile Dictionary
• Editing a Security Profile Dictionary Attribute
• Deleting a Security Profile Dictionary
• Deleting a Security Profile Dictionary Attribute

Configuring Security Policies

---

This chapter includes the following sections:

• Security Policies
• Configuring Firewall Policies
• Configuring Security Profiles
• Configuring Security Profile Dictionary

Security Policies

Cisco VNMC security policies provide options to create security profiles. The security policies are as follows:

• Firewall Policy
• Security Profiles
• Security Profile Dictionary

These policies can be configured at any organization level.

• Firewall Policies
• Security Profiles
• VNMC Security Profile Dictionary

Firewall Policies

A Cisco VNMC firewall policy is a set of firewall attributes. The attributes in a firewall policy are as follows:

1. Policy set—The policy set contains the policy, the rule, the zone, and the object group. Once the policy set is created, it can be assigned to a security profile. An existing default policy set is automatically assigned at system boot up.
2. Policy—A policy contains rules. A policy can contain rules that can be ordered. An existing default policy is automatically assigned at system boot up. The default policy has a default rule that has an action as drop.
3. Rule—A rule contains the conditions for regulating traffic. The default policy has a default rule that has an action as drop. Conditions for a rule can be set using the network, custom, and virtual machine attributes.
4. Object group—An object group object can be created under an organization node. It defines a collection of condition expressions on a specific system defined or on a custom attribute. An object group can be referred in a policy rule condition when a member or not-member operator is selected. The rule condition referring to the object group evaluates to true if any of the expressions in the object group evaluate to true.
5. Zone—A zone defines a set of virtual machines based on conditions. The zone name is used in the authoring rules.

Firewall policies are created and then pushed to the Cisco VSG.

Security Profiles

A Cisco VNMC security profile is a set of custom security attributes. The security profile is added to the port profile for the Nexus 1000V VSM. The port profile is assigned to the Nexus 1000V VSM vNic, making the security profile part of the virtual machine (VM). Adding a security profile to the VM allows the addition of custom attributes to the VM. Firewall rules can be written using custom attributes such that traffic between VMs can be allowed to pass or be dropped.

There is a preconfigured default security profile at root level. The default security profile points to the default policy set. The default security profile can be edited but cannot be deleted.

VNMC Security Profile Dictionary

A Cisco VNMC security profile dictionary is a logical collection of security attributes. You define dictionary attributes for use in a security profile.

A security profile dictionary is created at the root or tenant node. New dictionaries are created by right-clicking on the appropriate root or tenant level. You can only create one dictionary for a tenant and only one dictionary for the root.

The security profile dictionary allows the user to define names of custom attributes. Custom attribute values are specified on security profile objects. Custom attributes can be used to define policy rule conditions. Attributes configured in a root level dictionary can be used by any tenant. Creation of a dictionary below tenant level is not supported.

Configuring Firewall Policies

Configuring Object Groups

Adding an Object Group

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root.
Step 4	Click the Object Groups node where you want to add an object group. Note    You can add the component at any organizational level.
Step 5	In the Work pane, click the Add Object Group link.
Step 6	In the Add Object Group dialog box General tab area, complete the following fields: Name Description Name field The name of the object group. This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved. Description field A user-defined description of the object group.
Step 7	Click OK.

---

Adding an Object Group Expression

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root.
Step 4	Select Object Groups > Object Group_name where you want to add an object group expression. Note    You can add the component at any organizational level.
Step 5	In the Work pane, click the Expressions tab. Select an attribute type from the Attribute Type drop-down list. Select an attribute name from the Attribute Name drop-down list. In the Expressions area, click the Add link, and complete the fields as appropriate: Name Description Attribute Name drop-down list A drop-down list that allows you to select an attribute name. Operator drop-down list A drop-down list that allows you to select an operator. Attribute Value field Attribute value to use that depends on the attribute name you have chosen. Click OK.
Step 6	In the Work pane, click Save.

---

Editing an Object Group

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root to view the appropriate Object Groups node.
Step 4	In the Work pane, click the Object Group_name to edit.
Step 5	Click the Edit link.
Step 6	In the Edit Object Group dialog box General tab area, edit the appropriate field: Name Description Name column A name for the component. Description column A user-defined description of the component.
Step 7	Click OK.

---

Editing an Object Group Expression

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root and view the appropriate Object Groups > Object Group_name.
Step 4	In the Work pane, click the Expressions tab.
Step 5	In the Expressions area, click the expression you want to edit.
Step 6	Click the Edit link to open the Edit Object Group Expression dialog box.
Step 7	Make the appropriate changes, and click OK.

---

Deleting an Object Group

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies tab.
Step 3	In the Navigation pane, expand Firewall Policy > root to display the appropriate Object Groups node.
Step 4	In the Work pane, click the Object Group_name you want to delete.
Step 5	Click the Delete link.
Step 6	In the Confirm dialog box, click Yes.

---

Deleting an Object Group Expression

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root to view the appropriate Object Groups.
Step 4	In the Work pane, click the Object Group_name where you want to delete an expression.
Step 5	In the Work pane, click the Expressions tab.
Step 6	In the Expressions area, click the object group expression you want to delete.
Step 7	In the Confirm dialog box, click Yes.

---

Configuring a Policy

Adding a Policy

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root to display the appropriate Policies node. Note    You can add the component at any organizational level.
Step 4	In the Work pane, click the Add Policy link.
Step 5	In the Add Policy dialog box, complete the following fields: Name Description Name field The name of the rule-based policy. This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved. Description field A user-defined description of the rule-based policy.
Step 6	Click OK.

---

Editing a Policy

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root to display the appropriate Policies node.
Step 4	In the Work pane, click the Policy_name you want to edit.
Step 5	In the Edit Policy dialog box, make the appropriate changes.
Step 6	Click OK.

---

Deleting a Policy

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root to display the appropriate Policies node.
Step 4	In the Work pane, click the Policy_name you want to delete.
Step 5	In the Work pane, click the Delete link.
Step 6	In the Confirm dialog box, click Yes.

---

Adding a Rule

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root to view and select the appropriate Policies > Policy_name. Note    You can add the component at any organizational level.
Step 4	In the Work pane, click the Rules tab.
Step 5	In the Work pane, click the Add Rule link.
Step 6	In the Add Rule dialog box, click the General tab, and complete the following fields: Name Description Name field The name of the rule. This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved. Description field A user-defined description of the rule. Action to take radio buttons This can be: drop permit log check box A check box to enable logging. Protocol check box The protocol to use. Depending upon your check box selection, additional drop-down lists and fields may appear for selection. Ether Type check box The EtherType to use. Depending upon your check box selection, additional drop-down lists and fields may appear for selection.
Step 7	In the Add Rule dialog box, click the Source and Destination Condition tab. Click the Add link in the Source Conditions area, and complete the following fields: Name Description Attribute Type drop-down list This can be: Network—These are source and destination IP addresses, port and protocol, EtherType and application VM—Attributes defined on a virtual machine Custom—User-defined attributes that are defined in an attribute dictionary. Custom attribute values are specified on security profiles. Expression Area Name Description Attribute Name drop-down list A drop-down list that allows you to select an attribute name. Operator drop-down list A drop-down list that allows you to select an operator. Note    Depending upon the Operator value selected, different values for selection are displayed in the Expression area following the Operator value field. Attribute Value field Depending upon the attribute name selected, an attribute value must be entered. Click OK. Click the Add link in the Destination Conditions area, and complete the following fields in the Add Destination Condition dialog box: Important: The inspection for FTP, TFTP, and RSH protocols will work only if the rule destination condition is configured with a Network Port equal (eq) operator. Name Description Attribute Type drop-down list This can be: Network—These are source and destination IP addresses, port and protocol, EtherType and application VM—Attributes defined on a virtual machine Custom—User-defined attributes that are defined in an attribute dictionary. Custom attribute values are specified on security profiles. Expression Area Name Description Attribute Name drop-down list A drop-down list that allows you to select an attribute name. Operator drop-down list A drop-down list that allows you to select an operator. Note    Depending upon the Operator value selected, different values for selection are displayed in the Expression area following the Operator value field. Attribute Value field Depending upon the attribute name selected, an attribute value must be entered. Click OK.
Step 8	In the Add Rule dialog box, click OK.
Step 9	In the Work pane, click Save.

---

Editing a Rule

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root to view the appropriate Policies > Policy_name.
Step 4	In the Work pane, click the Rules tab.
Step 5	In the Work pane, click the Rule_name you want to edit.
Step 6	Click the Edit link.
Step 7	In the Edit Rule dialog box General tab area, make the appropriate changes.
Step 8	In the Edit Rule dialog box Source and Destination Condition tab area, make the appropriate changes or add new source or destination conditions as required.
Step 9	Click OK.
Step 10	In the Policy_name pane, click Save.

---

Deleting a Rule

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root to view the appropriate Policies > Policy_name. Select the Policy_name that contains the rule you want to delete.
Step 4	In the Work pane, click the rule you want to delete.
Step 5	In the Work pane, click the Delete link.
Step 6	In the Confirm dialog box, click Yes.

---

Deleting a Source or a Destination Condition

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root to view the appropriate Policies > Policy_name. Select the Policy_name that contains the source or destination condition you want to delete.
Step 4	In the Work pane, click the Rules tab.
Step 5	Click the Rule_name where you want to delete a source or a destination condition.
Step 6	Click the Edit link.
Step 7	In the Edit dialog box Source and Destination Condition tab area, click the condition you wnat to delete.
Step 8	In the Work pane, click the Delete link.
Step 9	In the Confirm dialog box, click Yes.

---

Configuring a Policy Set

Adding a Policy Set

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root to view the appropriate Policy Sets node. Note    You can add the component at any organizational level.
Step 4	In the Work pane, click the Add Policy Set link.
Step 5	In the Add Policy Set dialog box, General tab area, complete the following fields: Name Description Name field The name of the policy set. This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved. Description field A user-defined description of the policy set.
Step 6	In the Add Policy Set dialog box, click OK.

---

Assigning a Policy

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root to view the appropriate Policy Sets > Policy Set_name. Select the Policy Set_name where you want to assign a policy.
Step 4	In the Work pane, click the Policies tab.
Step 5	Click the Assign Policy link.
Step 6	In the Assign Policy dialog box, do the following: Select the appropriate policy. Click OK.
Step 7	In the Work pane, click Save.

---

Editing a Policy Set

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root to view the appropriate Policy Sets node.
Step 4	In the Work pane, click the Policy Set_name you want to edit.
Step 5	In the Work pane, click the Edit link.
Step 6	In the Edit Policy Set dialog box, click the General tab, and change the appropriate fields: Name Description Name field A name for the component. Description field A user-defined description of the component.
Step 7	In the Edit Policy Set dialog box, click the Policies tab.
Step 8	Use the Up and Down arrows to rearrange the policies as required.
Step 9	(Optional) You may delete policies if required.
Step 10	In the Edit Policy Set dialog box, click OK.

---

Deleting a Policy Set

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root to view the appropriate Policy Sets node.
Step 4	In the Work pane, click the Policy Set_name you want to delete.
Step 5	In the Work pane, click the Delete link.
Step 6	In the Confirm dialog box, click Yes.

---

Deleting an Assigned Policy

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root to view the appropriate Policy Sets > Policy Set_name. Select the Policy Set_name that contains the assigned policy you want to delete.
Step 4	In the Work pane Policies tab area, click the Policy_name you want to delete.
Step 5	Click the Delete link.
Step 6	In the Confirm dialog box, click Yes.

---

Configuring Zones

Adding a Zone

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root to view the appropriate Zones node. Note    You can add the component at any organizational level.
Step 4	In the Work pane, click the Add Zone link.
Step 5	In the Add Zone dialog box General tab area, complete the following fields: Name Description Name field The name of the zone. This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved. Description field A user-defined description of the zone.
Step 6	Click the Conditions tab.
Step 7	Click the Add link.
Step 8	In the Add Zone Condition dialog box, do the following: Select an attribute type from the Attribute Type drop-down list. In the Expression area, complete the following fields: Name Description Attribute Name drop-down list Depending upon the attribute type selected, a different set of choices are available. Operator drop-down list Depending upon the attribute type selected, a different set of choices are available. Attribute Value field Depending upon the attribute type selected, a different set of choices are available. Click OK.
Step 9	In the Add Zone dialog box, click OK.

---

Editing a Zone

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root to view the appropriate Zones node.
Step 4	In the Work pane, click the Zone_name you want to edit.
Step 5	In the Work pane, click the Edit link.
Step 6	In the Edit Zone dialog box General tab area, change the appropriate fields: Name Description Name column A name for the component. Description column A user-defined description of the component.
Step 7	In the Edit Zone dialog box Conditions tab area, do the following: Use the Up and Down arrows to rearrange the attributes as required. Click the Edit link to open the Edit Zone Condition dialog box, and make the appropriate changes in the following fields, as available: Name Description Attribute Type drop-down list This can be: Network VM Custom Name Description Attribute Name drop-down list Depending upon the attribute type selected, a different set of choices are available. Operator drop-down list Depending upon the attribute type selected, a different set of choices are available. Attribute Value field Depending upon the attribute type selected, a different set of choices are available. Click OK.
Step 8	In the Edit Zone dialog box, click OK.

---

Deleting a Zone

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root to display the appropriate Zones node.
Step 4	In the Work pane, click the Zone_name you want to delete.
Step 5	Click the Delete link.
Step 6	In the Confirm dialog box, click Yes.

---

Deleting a Zone Condition

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Firewall Policy > root to view the appropriate Zones > Zone_name. Select the Zone_name that contains the condition you want to delete.
Step 4	In the Work pane, click the Conditions tab.
Step 5	Click the condition you want to delete.
Step 6	Click the Delete link.
Step 7	In the Confirm dialog box, click Yes.

---

Configuring Security Profiles

Adding a Security Profile

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Security Profile > root to view the appropriate Security Profiles node. Note    You can add the component at any organizational level.
Step 4	In the Work pane, click the Add Security Profile link.
Step 5	In the General tab area, complete the following fields: Name Description Name field The name of the Security Profile. Description field A user-defined description of the Security Profile. Policy Set drop-down list A user-created list of policy sets from which to select.
Step 6	In the Add Security Profile dialog box Attribute tab area, do the following: Click the Add link. In the Add Security Profile Attribute dialog box, complete the following fields: Name Description Name field An available selection of attribute names from the Security Profile Dictionary. Value field A user-defined description of the Security Profile Dictionary attribute. Click OK.
Step 7	In the Add Security Profile dialog box, click OK.

---

Editing a Security Profile

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Security Profile > root to view the appropriate Security Profiles node.
Step 4	In the Work pane, click the Security Profile_name you want to edit.
Step 5	In the Work pane, click the Edit link.
Step 6	In the Edit Security Profile dialog box General tab area, make the appropriate changes: Name Description Name field The name of the Security Profile. Description field A user-defined description of the object. Policy Set drop-down list A selectable drop-down list of Policy Sets.
Step 7	In the Edit Security Profile dialog box Attribute tab area, do the following: Click the Edit link. Click the attribute you want to edit. In the Edit Security Profile Attribute dialog box, make the appropriate changes: Name Description Name field An available selection of attribute names from the Security Profile Dictionary. Value field A user-defined description of the Security Profile Dictionary attribute. Click Apply. Click OK.
Step 8	In the Edit Security Profile dialog box, click OK.

---

Deleting a Security Profile

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Security Profile > root to view the appropriate Security Profiles node.
Step 4	In the Work pane, click the Security Profile_name you want to delete.
Step 5	In the Work pane, click the Delete link.
Step 6	In the Confirm dialog box, click OK.

---

Deleting a Security Profile Attribute

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Security Profile > root to view the appropriate Security Profiles > Security Profile_name.
Step 4	Click the Security Profile_name where you want to delete a Security Profile attribute.
Step 5	In the Work pane, click the Attribute tab.
Step 6	In the Work pane, select the attribute you want to delete.
Step 7	Click the Delete link.
Step 8	In the Confirm dialog box, click Yes.

---

Configuring Security Profile Dictionary

Adding a Security Profile Dictionary

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Security Profile Dictionary > root to click on the appropriate node where you want to add a security profile dictionary. Note    Creation of a security profile dictionary is supported at the root and Tenant levels.
Step 4	In the Work pane, click the Add Security Profile Dictionary link.
Step 5	In the Add Security Profile Dictionary dialog box General tab area, complete the following fields: Name Description Name field The name of the Security Profile Dictionary. Description field A user-defined description of the object.
Step 6	Click OK.

---

Adding a Security Profile Dictionary Attribute

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Security Profile Dictionary > root to view and select the appropriate Security Profile Dictionary_name.
Step 4	In the Work pane, click the Attribute tab.
Step 5	In the Work pane, click the Add link.
Step 6	In the Add Security Profile Dictionary Attribute dialog box, complete the following fields: Name Description Name field The name of the Security Profile Dictionary attribute. Description field A user-defined description of the object.
Step 7	Click OK.

---

Editing a Security Profile Dictionary

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Security Profile Dictionary > root to view and select the appropriate node where you want to edit a security profile dictionary.
Step 4	In the Work pane, click the Security Profile Dictionary_name you want to edit.
Step 5	In the Work pane, click the Edit link.
Step 6	In the Edit Security Profile Dictionary dialog box General tab area, complete the following fields: Name Description Name field The name of the Security Profile Dictionary. Description field A user-defined description of the object.
Step 7	Click OK.

---

Editing a Security Profile Dictionary Attribute

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Security Profile Dictionary > root to view the appropriate Security Profile Dictionary_name.
Step 4	In the Work pane, click on a Security Profile Dictionary_name. Click the Security Profile Dictionary_name where you want to edit the Security Profile Dictionary attribute.
Step 5	In the Work pane, click the Edit link.
Step 6	In the Edit Security Profile Dictionary dialog box, click the Attribute tab.
Step 7	Click the Attribute_name you want to edit.
Step 8	Click the Edit link.
Step 9	In the Edit Security Profile Attribute dialog box, make the appropriate changes: Name Description Name field The name of the Security Profile Dictionary attribute. Description field A user-defined description of the object.
Step 10	Click OK.
Step 11	In the Edit Security Profile Dictionary dialog box, click OK.

---

Deleting a Security Profile Dictionary

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Security Profile Dictionary > root to view and select the appropriate node where you want to delete a security profile dictionary.
Step 4	In the Work pane, click the Security Profile Dictionary_name you want to delete.
Step 5	In the Work pane, click the Delete link.
Step 6	In the Confirm dialog box, click OK.
Step 7	In the Work pane, click Save.

---

Deleting a Security Profile Dictionary Attribute

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Security Policies subtab.
Step 3	In the Navigation pane, expand Security Profile Dictionary > root to view and select the appropriate Security Profile Dictionary_name. Click the Security Profile Dictionary_name where you want to delete a Security Profile Dictionary attribute.
Step 4	In the Work pane, click the Attributes tab.
Step 5	In the Work pane, select the attribute you want to delete.
Step 6	Click the Delete link.
Step 7	In the Confirm dialog box, click Yes.

---