user manual
20-13
Cisco ASDM User Guide
OL-16647-01
Chapter 20 Configuring Access Rules and EtherType Rules
Configuring Access Rules
Fields
• TCP—Select this option to add TCP services or port numbers to an object group.
• UDP—Select this option to add UDP services or port numbers to an object group.
• TCP-UDP—Select this option to add services or port numbers that are common to TCP and UDP to
an object group.
• Service Group table—This table contains a descriptive name for each service object group. To
modify or delete a group on this list, select the group and click Edit or Delete. To add a new group
to this list, click Add.
Modes
The following table shows the modes in which this feature is available:
Add/Edit Service Group
The Add/Edit Service Group dialog box lets you manage a group of TCP/UDP services/ports.
Fields
• Service Group Name—Specifies the name of the service group. The name must be unique for all
object groups. A service group name cannot share a name with a network group.
• Description—Specifies a description of the service group.
• Service—Lets you select services for the service group from a predefined drop-down list.
• Range/Port #—Lets you specify a range of ports for the service group.
Modes
The following table shows the modes in which this feature is available:
Advanced Access Rule Configuration
The Advanced Access Rule Configuration dialog box lets you to set global access rule logging options.
When you enable logging, if a packet matches the access rule, the security appliance creates a flow entry
to track the number of packets received within a specific interval (see Log Options). The security
appliance generates a system log message at the first hit and at the end of each interval, identifying the
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• • • • —
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• • • • —