-
null
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The following topics describe how to use the Map view:
•Displaying Your Network on the Map
•Managing Device Policies in Map View
The Security Manager Map view provides a graphical view of your VPN and Layer 3 network topology.
Using the map view, you can investigate details of your VPN configuration graphically. Topological display of tunnels enables you to easily derive the relationship among multiple VPN configurations (for example, a hierarchical VPN). You can group devices to achieve a more complete picture of your VPN configuration. This is useful in situations where a hub failover pair is a peer with hundreds of spokes.
You can represent your Layer 3 network topology graphically, populating it with managed devices (called device nodes). You can make the picture of the topology more complete by adding unmanaged objects (called map objects) such as devices, clouds, and networks. For large networks, you can choose to simplify the topology graph by incorporating only a portion of the overall topology. You can save the topology maps for future use.
You can save multiple topology maps to reflect your network's geographical or functional organization. You can link a saved map to a node on a parent map, so that from the parent map you can drill down to the linked map with more detailed information (for more information, see Using Linked Maps). Saved maps are shared among all users who have the necessary access privileges.
You can launch other Security Manager features from the map view. In some cases, you can simplify the use of features by selecting nodes from the map before you start another feature. For example, you can select multiple nodes, then create a VPN that includes those nodes as members.
A map is a representation of a portion of your network. You can create and save multiple maps to address your network management needs. To work with any map, you must be in Map view (select View > Map View).
After you create and save a map, the map is available to all users on the system that have at least read privileges to all the devices on the map. Users that do not have read privileges to a device on a map do not see the map in the list of existing maps when they try to open a map. For more information, see Access Permissions for Maps.
You can only have one map open at a time. If a map is open and you create a new map or open an existing map, you are prompted to save or discard any unsaved changes that you made to the current map.
Multiple users can open and modify a map at the same time. When a user saves changes to a map, any other users who are using the map are notified and have the option to do one of the following:
•Update their map to the version saved by the other user, losing any changes they have made.
•Save their version of the map as a new map, preserving any changes they made.
The following topics describe how to manage maps:
Access to maps is controlled, based on two systems of user privileges:
•Device privileges—You must have at least read privileges to all the devices in a map to open the map.
•Map privileges—Access to maps is based on your Security Manager user role. There are two levels of map access:
–Read-only—You can open maps, but you cannot modify them. If you have this map privilege level, the features for modifying maps are not available.
–Read-write—You can modify maps. All map modification features are available.
Related Topics
To create a new map, select Map > New Map. You must already be in Map view (select View > Map View).
New maps do not contain any elements. For information about adding elements to a map, see Displaying Your Network on the Map
Related Topics
To save the active map, select Map > Save Map.
Any changes that you made since you last saved it are saved. If you did not save the map previously, the Save Map As dialog box opens, enabling you to assign a name to the map and save it.
If you close a map that contains unsaved changes, you are prompted to save the changes.
If your Security Manager session closes automatically because of inactivity when a map is open with unsaved changes, the current version of the map is saved if it has a name. If you have not yet saved the map, the map is discarded. For example, if you generate the default map, or create a new map, and do not save it before your session times out, you cannot retrieve that map.
Related Topics
•Save Map As Dialog Box, page B-9
You can open any map that you have created. You can also open any map that another user has created, provided you have the requisite permission settings with regard to the devices shown on that map.
Before You Begin
You must be in Map view to open a map. Select View > Map View.
Related Topics
•Open Map Dialog Box, page B-9
Step 1 Select Map > Open Map. The Open Map dialog box opens.
Step 2 Select a map from the Available Maps list and click OK.
If you no longer need a map, you can delete it (presuming that you have edit permission). Deleting a map does not delete any devices or VPNs shown on the map, nor does it delete or modify their configurations; only the map is deleted.
Before You Begin
You must be in Map view to delete a map. Select View > Map View.
Related Topics
Step 1 Select Map > Delete Map. The Delete Map dialog box appears.
Step 2 Select the map to delete from the Available Maps list.
Step 3 Click OK.
Step 4 In the confirmation dialog box, click Yes.
The map is deleted.
When viewing a map, you can export the map to a scalable vector graphics (SVG) image file for use outside of Security Manager.
Related Topics
Step 1 Select Map > Export Map. The Export Topology Map to SVG dialog box opens.
Step 2 Browse to the location in which to save the file.
Step 3 Enter a filename in the File name field. The correct file extension will be added for you.
Step 4 Click Save.
Several methods of navigating within a map enable you to see the portion of the map that you want, at the level of detail that you want.
The following topics describe how to navigate within a map:
•Changing the Zoom Level of Maps
The navigation window displays a smaller version of the entire active map. The shaded rectangle defines the area of the map that is currently displayed.
Use the navigation window to select the portion of the map to view and to change the map zoom level.
•To toggle the display of the navigation window on and off, select Map > Show/Hide Navigation Window.
•To pan the navigation control to select which portion of the map to display, click within the shaded rectangle and drag it to a new location.
•To change the zoom level, click and drag one of the resizing handles in the corners of the shaded rectangle to increase or decrease the area of the map displayed.
The title bar in the navigation window displays the name of the map. If the map has unsaved changes, an asterisk (*) appears next to the map name.
Related Topics
You can pan the map to select the portion of the map to display, using any of the following methods:
•Click the Pan Map toolbar button, then click and hold anywhere on the map and drag the cursor.
•Use the vertical and horizontal scroll bars that are available if the entire map does not fit in the visible page.
•Click and drag the shaded rectangle in the navigation window.
Related Topics
You can change the zoom level of the map to select how much of the open map to display.
•To change the zoom level of the map in predefined increments:
–To zoom in on the map, select Map > Zoom In, or click the Zoom In toolbar button.
–To zoom out from the map, select Map > Zoom Out, or click the Zoom Out toolbar button.
•To zoom into a specific area of the map, click Zoom Rectangle in the map toolbar, then click the map and drag a rectangle around the area. When you release the mouse button, the map zooms to display the area defined by the rectangle.
•Alternatively, to zoom in to or out of a specific area of the map, click and drag the corner of the shaded rectangle in the navigation window.
•To display the entire map, select Map > Fit to Window.
•To display the map at actual size, select Map > Display Actual Size.
Related Topics
Table 3-1 describes how to select map elements.
To center the display of the map on a particular map element, right-click the element, then select Move to Center.
You can automatically arrange the network nodes on the active map in several predefined layouts. Only nodes that are already displayed on the map are arranged. Any nodes that you later add do not follow the layout.
To select a map layout, right-click the map background, then select one of the following layouts from the map context menu:
•Hierarchical Layout—Arranges the nodes in a hierarchical layout.
•Radial Layout—Arranges the nodes in a radial layout.
•Circular Layout—Arranges the nodes in a circular layout.
You can undock the map window, which enables you to use other product features while keeping the map open.
Step 1 To undock the map, select Map > Undock Map View.
Step 2 To dock the map window, select Map > Dock Map View.
This procedure describes how to find a node that is displayed on the active map.
Related Topics
•Find Node Dialog Box, page B-10
Step 1 Select Map > Find Map Node. The Find Node dialog box appears.
Step 2 Enter search criteria in the dialog box.
You can search for a node based on its name, interface IP addresses, and device type. As you enter criteria, the list of nodes is updated to include only the devices that match all of the entered criteria.
Step 3 Select the node to find from the node list, then click OK.
The selected node is highlighted and appears in the center of the map.
The network data that is displayed on maps is typically updated as this data changes. However, to be certain that a map displays current network data, you can refresh it manually by selecting Map > Refresh Map.
A linked map is a map that you associate with a map element on another map. Because it not practical to include all the nodes on a large network in a single map, you can use linked maps to create a hierarchical topology of your network.
You cannot link a node to the open map.
Before You Begin
You must create the map to link to before you can link to it.
Related Topics
•Set Linked Map Dialog Box, page B-11
Step 1 Right-click the map element to which to link a map, then select Set Linked Map. The Set Linked Map dialog box opens.
Step 2 Select a map to associate with the selected map element, then click OK.
Step 3 To open the linked map, right-click the linked node, then select Open Linked Map.
You can create a default map that contains all of the managed devices and VPNs in the Security Manager inventory.
Generating the default map is a good way to create a map. After generating the map, save it with a unique name to make it a standard map, and modify it as desired.
You can generate the default map whenever you want to, and it contains the inventory as it exists at the time you generate it. You cannot specifically save the default map as the default map; it is regenerated every time you select it.
To create the default map, you must have sufficient access rights to the devices in the inventory. For more information, see Access Permissions for Maps.
Before You Begin
You must be in Map view to create the default map. Select View > Map View.
Tips
•If you refresh the map (select Map > Refresh Map), items that you added to the inventory after generating the default map are not added to the map. You must regenerate the default map to see new devices.
Step 1 Select Map > Open Map.
Step 2 Select Default Map from the Available Maps list, then click OK.
Note If you have do not have sufficient access rights to all devices in the inventory, the default map that opens shows only the subset of devices for which you do have access rights.
Step 3 To save the default map as a standard map, select Map > Save Map, then enter a name for the map and click OK.
You can change the background of a map by changing the color or by configuring an image. A suggested use for a background image is to use an image that represents a geographic area. Then you can position map elements according to their geographic locations.
Some background images are included with Security Manager. You can also transfer images to the server to use as background images. You can use background images of the following file formats: JPEG, GIF, PNG, IVL, and SVG. If you want to use a new image, copy the image file to the Security Manager server file system by connecting directly to the server. For security reasons, Security Manager does not provide a method of transferring files to the server.
To configure the map background, in Map view, select Map > Map Properties to open the Map Settings dialog box (see Map Settings Dialog Box, page B-10).
•To configure a background image, select it in the file list.
If the image is not listed, click Add and browse to the file you placed on the server. Click OK to have Security Manager add it to the list of available background images.
If you no longer need a listed image, select it and click Delete.
Tip You can control the position and scale of the image using the X and Y coordinates and scale settings. The X,Y source point is the upper left corner of the image. You can use positive or negative numbers. You must experiment to get the results you desire. The scale setting is in percentage.
•To change the background color, click Select next to the background color field and choose the desired color.
You use the map view to represent your network topology by creating maps. A map is a visual representation of your network, or a portion of it if it is too large to fit on a single map. Maps consist of map elements that represent devices, links, and other objects in your network. For more information about map, see Working With Maps.
The following topics describe how to create maps:
•Displaying Managed Devices on the Map
•Using Map Objects To Represent Network Topology
•Displaying Layer 3 Links on the Map
All objects that can appear on a map are map elements. You display map elements on a map to create a representation of a portion of your network.
The following types of map elements are available:
•Device nodes—Elements that represent managed devices. Examples:
–Router
–Firewall device
–Adaptive Security Appliance (ASA)
–Catalyst switch or 7600 router
–Firewall Services Module (FWSM)
•Map objects—Elements that are not managed. Examples:
–Unmanaged device
–Network
–Network cloud
–Host
•Links—Elements that represent network connections. Examples:
–Layer 3 link
–VPN tunnels
Related Topics
•Using Map Objects To Represent Network Topology
•Understanding Automatic Layer 3 Connectivity Display
•Displaying Layer 3 Links on the Map
A device node represents a device that is managed by Security Manager. You add a device node to a map by selecting the device from the Security Manager inventory.
When you add a device node to a map, its Layer 3 connectivity to other nodes on the map is created automatically. For more information, see Understanding Automatic Layer 3 Connectivity Display.
The following sections describe how to use device nodes:
•Adding a New Managed Device to the Map
•Displaying an Existing Managed Device on the Map
•Showing Containment of Catalyst Switches, Firewalls, and Adaptive Security Appliances
•Displaying Devices on the Map from the Device View
You can create a new device node by adding a new device to the Security Manager inventory from the Map view. After you create the new device in the inventory from the Map view, it is added to the active map as a device node.
If you add a device using the Device view, you must manually add the device to the map (see Displaying an Existing Managed Device on the Map).
Related Topics
Step 1 Click the New Device button in the map toolbar. The New Device dialog box opens.
Step 2 Add a new device.
For more information about this dialog box, click its Help button.
Step 3 The new device is added to the center of the map. Move the device icon to the desired position on the map.
This procedure describes how to add a device node to a map.
Before You Begin
The device that you want to add must be in the Security Manager inventory.
Related Topics
Step 1 Right-click the map, then select Show Devices on Map. The Show Devices on Map dialog box appears.
Step 2 Select the device nodes to display by doing the following:
a. To add a device node, select a device from the Available Devices list, then click >>. The device is added to the Selected Devices list.
b. To remove a device node, select it from the Selected Devices list, then click <<. The device is removed from the Selected Devices list.
Step 3 When the Selected Devices list contains only the nodes that you want to display, click OK.
The dialog box closes, and the map is updated to display only the device nodes you selected.
Step 4 To remove a managed node, select Remove from Map from the node context menu.
The containment relationship between Catalyst and Adaptive Security Appliance (ASA) devices and their service modules and security contexts, between PIX 7.x devices and FWSM and their security contexts, or between IPS devices and their virtual sensors, is displayed in maps as follows:
•When you select a Catalyst device, nodes that represent its Firewall Services Modules (FWSM) are highlighted.
•When you select an ASA, nodes that represent its Security Service Modules are highlighted.
•When you select a service module, the device that contains it is highlighted.
•When you select an IPS device, the nodes that represent virtual sensors defined on the device are highlighted.
•You can view a list of the security contexts contained in an ASA, firewall, or FWSM device, or the virtual sensors contained in an IPS device, by right-clicking the node and selecting Show Containment. This command also shows the service modules in a device that has them.
•When you select a security context node, all its ancestor device nodes are highlighted.
•When you select a virtual sensor, the device on which it is defined is highlighted.
From the device selector in the Device view, you can locate a device node on the active map. The device node is centered on the map and highlighted. The device must be displayed on the active map. Otherwise, you are notified that it cannot be found.
Step 1 Right-click a device in the device tree.
Step 2 Select Show in Map view from the context menu.
If the device is shown on the active map, it is shown centered and highlighted on the undocked map. You are notified if the device is not shown on the active map.
You can add map elements to a map that represent objects (such as devices and links) that Security Manager does not manage. These nodes are called map objects. You can use map objects to create a more useful representation of your network topology.
You can add Layer 3 links between any map elements, whether they are device nodes, map nodes, or a combination of both types.
The following topics describe using map objects:
Use this procedure to add a map object to the map.
Related Topics
•Select Policy Object Dialog Box, page B-15
•Using Map Objects To Represent Network Topology
•Displaying an Existing Managed Device on the Map
Step 1 Select Map > Add Map Object. The Add Map Object dialog box appears.
Step 2 Enter a name for the node in the Device Name field.
Step 3 Select the type of device that the node represents from the Type list.
Step 4 (Optional) Add interfaces to the node by doing the following:
a. Click Add. The Interface Properties dialog box opens.
b. Enter an interface name, IP address, and network mask, then click OK.
c. Repeat this procedure to add additional interfaces.
Step 5 (Optional) Select a policy object as the basis for the map object:
a. Click Copy Policy Object. The Select Policy Object dialog box opens.
b. Select a policy object type from the Select a policy object list.
c. Click Select. The Single Selection Objects Selector dialog box opens.
d. Select a policy object, then click OK.
e. Click OK in the Select Policy Object dialog box. Information from the policy object is entered in the Add Map Object dialog box.
Step 6 Click OK. The map object is added to the center of the map. Move it to the desired location.
To delete a map object, right-click the object, then select Delete Map Object.
A Layer 3 link is a line on the map that represents a network connection between two device interfaces.
Layer 3 links are added to the map automatically when you add a new map element that contains interface information. Network nodes are added as needed to represent Layer 3 connectivity when you add a new element. When you delete an interface that is a Layer 3 link endpoint, the link is removed.
You can add additional Layer 3 links between device nodes and map objects to illustrate your network's connectivity. Adding Layer 3 links to a map does not configure any network devices. Layer 3 links are just visual elements on the map.
You can use Layer 3 links to connect any two interfaces on a map. Depending on the interfaces that you choose, the Layer 3 link might include intermediary networks or network clouds. In some cases, you have the option to select which intermediary networks and networks clouds are inserted between the connected interfaces.
The following topics describing using Layer 3 links:
•Understanding Automatic Layer 3 Connectivity Display
Use this procedure to add a Layer 3 link between two map elements.
When you add a Layer 3 link, intermediary networks and network clouds are automatically inserted, depending on the node interfaces that you select to connect. In some cases, you have the option to select which intermediary networks and networks clouds are inserted between the connected interfaces.
Related Topics
•Select Interfaces Dialog Box, page B-12
•Add Link Dialog Box, page B-13
Step 1 Click Map > Add Link.
Step 2 Click one of the map elements to connect, then click the other map element to connect.
Step 3 If the map elements contain interfaces, select the source and destination interfaces for the link in the Select Interfaces dialog box, then click OK.
The Add Link dialog box might open, depending on which interfaces you select.
Step 4 If the Add Link dialog box opens, select which intermediary objects and network clouds to insert, then click OK.
Use this procedure to delete a Layer 3 link between two map elements.
Deleting a Layer 3 link does not delete any intermediary network or network clouds between map elements.
Related Topics
•Displaying Layer 3 Links on the Map
Step 1 Right-click the Layer 3 link to be removed.
Step 2 Select Delete Link.
Layer 3 connectivity information is automatically added to the map when you add map elements that have interface information. When you add a map element that has interface information, one of the following happens:
•If the interface is on a network that is not represented on the map as a network map object, a network map object is added to the map with a Layer 3 link to the new map element.
•If the interface is on a network that is represented on the map as a network map object, a Layer 3 link is added between the new map element and the network map object.
When you remove a node interface that is a Layer 3 link endpoint, the link is also removed.
The automatic addition of network objects and links is called Autolink. You can configure Autolink to not automatically add private or certain reserved network addresses. To configure these settings, select Tools > Security Manager Administration, then click Autolink.
The following topics describe how to manage VPNs in the Map view:
•Displaying Existing VPNs on the Map
•Creating VPN Topologies in Map View
•Editing VPN Policies or Peers From the Map
To display an existing VPN on the map, select Map > Show VPNs on Map. You are prompted with a list of existing VPNs. Select the ones you want from the available VPNs list and click >> to move them to the selected list.
Tip You can also remove a VPN using this command. Select the VPNs you want to remove from the selected VPNs list and click <<. When you remove a VPN, only the VPN tunnels are removed. The device nodes remain on the map.
When you display a VPN, all of the its member devices are added to the map as device nodes, and all of its tunnels are highlighted. However, devices that you removed from the map previously are not added, even if they are members of a VPN that you display. You can add such devices to the map manually, and their VPN connectivity is displayed.
A VPN tunnel is a line on the map that represents a VPN connection between two devices. VPN tunnels are not added to the map automatically when you add a device node that is a member of a VPN. However, if the VPN was already selected to be shown on the map, adding a device in the VPN to the map will also display the tunnel.
Related Topics
•Show VPNs on Map Dialog Box, page B-16
You can create VPN connections between VPN-capable device nodes that are displayed on the map. To create a VPN, do one of the following:
•Click the New VPN button in the toolbar and select the type of VPN you want to configure: point-to-point, hub and spoke, or full mesh.
•Select the devices that you want to participate in the VPN (use Ctrl+click to select multiple devices), and either right click and select the command for the desired type of VPN, or click the New VPN button and select the VPN type.
Consider the following tips:
–Select only 2 devices to create a point-to-point VPN.
–If you create a hub-and-spoke VPN, the device you right-click is initially defined as the hub, but you can change that in the wizard.
–While in the wizard, you can add or remove devices. You are not restricted to the devices you selected on the map.
Using either technique, the Create VPN wizard opens, where you can create the VPN. For more information, see Using the Create VPN Wizard, page 9-14 or click the Help button in the wizard.
The VPN is displayed on the map when you are finished with the wizard.
Related Topics
You can edit VPN policies, or the peers that participate in a VPN, from map view. To edit policies or peers, right-click a VPN tunnel or device node and select one of these commands:
•Edit VPN Policies—To open the Site-to-Site VPN Manager, where you can edit the policies that define the VPN. For more information, see Site-to-Site VPN Manager Window, page G-1.
•Edit VPN Peers—To open a dialog box that allows you to configure the peers that participate in the VPN. Click the Help button in the dialog box for more information.
•Show VPN Peers—To see which devices participate in a VPN without editing the list.
If the device participates in more than one VPN, you are first prompted to select the desired VPN before the appropriate dialog box is opened.
You can perform only basic policy management and configure firewall services policies in Map view. You cannot configure other types of policies. The following topics describe how to manage policies from the Map view:
•Performing Basic Policy Management in Map View
•Managing Firewall Policies in Map View
•Managing Firewall Settings in Map View
You can perform some basic policy management tasks in Map view. Right click the device and select one of the following commands:
•Copy Policies Between Devices—To copy local device policies from one device to another. For more information on copying policies, see Copying Policies Between Devices, page 6-22.
•Share Device Policies—To create shared policies from local device policies. For more information on sharing policies, see Sharing Multiple Policies of a Selected Device, page 6-28.
•Clone Device—To create a copy of a device, including its policies. For more information on cloning devices, see Cloning a Device, page 5-24.
•Preview Configuration—To view the configuration file that will be generated for the device, including the changes from the previous deployment. For more information on previewing configurations, see Previewing Configurations, page 17-27.
•Discover Policies on Device—To discover the policies defined on the device and configure them in Security Manager, wiping out whatever policies are defined in Security Manager for the device. For more information device discovery, see Discovering Policies on Devices Already in Security Manager, page 6-14.
Related Topics
•Chapter 17, "Managing Deployment"
•Chapter 5, "Managing the Device Inventory"
•Chapter 6, "Managing Policies"
You can configure firewall policies on a device in Map view. These policies are local to the device rather than being shared policies (you must use Policy view to configure shared policies).
Tip If you want to assign a shared policy to a device, see Performing Basic Policy Management in Map View.
To configure local firewall policies on a device in Map view, right click the device and select one of the following commands:
•Edit Firewall Policies > AAA Rules—To configure AAA policies, which control who is allowed access to the device and what services they are allowed to use once they have access. For more information on configuring AAA rules, see AAA Rules Page, page I-1.
•Edit Firewall Policies > Access Rules—To configure Access Rules policies, which control the traffic that flows through a device. For more information on configuring access rules, see Access Rules Page, page I-9.
•Edit Firewall Policies > Inspection Rules—To configure Inspection Rules policies, which analyze traffic at the application layer and track TCP and UDP sessions to perform refined access control. For more information on configuring inspection rules, see Inspection Rules Page, page I-16.
•Edit Firewall Policies > Botnet Traffic Filter Rules—(ASA 8.2 and higher only) To configure Botnet Traffic Filter Rules policies, which monitor web traffic. For more information on configuring botnet traffic filter rules, see Botnet Traffic Filter Rules Page, page I-34.
•Edit Firewall Policies > Transparent Rules—To configure Transparent Rules policies, which define EtherType rules for transparent firewalls. For more information on configuring inspection rules, see Transparent Rules Page, page I-39.
•Edit Firewall Policies > Web Filter Rules—To configure Web Filter Rules policies, which define rules for web access. For more information on configuring web filter rules, see Web Filter Rules Page (PIX/ASA), page I-45 or Web Filter Rules Page (IOS), page I-51.
•Edit Firewall Policies > Zone Based Firewall Rules—(IOS 12.4(6)T and higher only) To configure Zone Based Firewall Rules policies, which configure inspection and web filtering using security zones. For more information on configuring zone based firewall rules, see Zone-based Firewall Rules Page, page I-54.
Related Topics
•Chapter 11, "Managing Firewall Services"
•Chapter 6, "Managing Policies"
You can configure firewall settings policies on a device in Map view. These policies are local to the device rather than being shared policies (you must use Policy view to configure shared policies).
Tip If you want to assign a shared policy to a device, see Performing Basic Policy Management in Map View.
To configure local firewall settings policies on a device in Map view, right click the device and select one of the following commands:
•Edit Firewall Settings > AAA Firewall—(ASA/PIX/FWSM only) To configure AAA Firewall settings policies, which configures proxy, authentication challenge, MAC exempt lists, and other general AAA settings. For more information on configuring AAA firewall settings, see AAA Firewall Page, Advanced Setting Tab, page I-73 and AAA Firewall Page, MAC-Exempt List Tab, page I-76.
•Edit Firewall Settings > Access Control—To configure Access Control settings policies, which configures optimization and other general access control settings. For more information on configuring access control settings, see Access Control Settings Page, page I-67.
•Edit Firewall Settings > AuthProxy—(IOS devices only) To configure AuthProxy settings policies, which configure general settings for authorization proxies. For more information on configuring authorization proxies, see AuthProxy Page, page I-79.
•Edit Firewall Settings > Inspection—(IOS devices only) To configure Inspection settings policies, which configure timeout and session settings for inspection rules. For more information on configuring inspection settings, see Inspection Settings Page, page I-70.
•Edit Firewall Settings > Web Filter—To configure Web Filter settings policies, which configure the server used for web filtering. For more information on configuring web filter settings, see Web Filter Settings Page, page I-83.
•Edit Firewall Settings > Zone Based Firewall—(IOS 12.4(6)T and higher devices) To configure Zone Based Firewall settings policies, which configure zones and Trend web filter server settings.