User Guide for Cisco Security Manager 4.4
Chapter 3 Managing the Device Inventory
Working with the Device Inventory
The Policy Object Overrides folder in the table of contents includes all of the types of objects for which
you can create overrides for the particular type of device. When you select an object type, the existing
policy objects that are configured to allow device overrides appear in the table in the right pane, if any.
If an object has an override already defined for the device, the Value Overridden? column contains a
check mark.
You can create and manage overrides for these objects. Select an object and you can do the following:
• To create an override, click the Create Override button. This opens the edit dialog box for that type
of object. Click the Help button for object-specific information.
• To edit an existing override, click the Edit Override button.
• To remove an override, click the Delete Override button.
Navigation Path
Double-click a device in the Device selector, then click the desired policy object type in the Policy
Object Overrides folder in the table of contents in the left pane.
Related Topics
• Policy Object Overrides Window, page 6-20
• Allowing a Policy Object to Be Overridden, page 6-18
• Creating or Editing Object Overrides for a Single Device, page 6-18
• Deleting Device-Level Object Overrides, page 6-21
• Filtering Tables, page 1-45
Changing Critical Device Properties
You must use caution when changing the image version of a device, the device type, or the security
context or operational mode of FWSM and ASA devices that are managed by Security Manager. In
certain cases, these changes enable a different set of features for the device. As a result, some of the
policies that you configured for the device in Security Manager might no longer apply.
The key device changes, their effect on the policies available in Security Manager, and the procedure
you should follow to implement these device changes, are described in the following sections:
• Image Version Changes That Do Not Change the Feature Set in Security Manager, page 3-50
• Changes That Change the Feature Set in Security Manager, page 3-51
Image Version Changes That Do Not Change the Feature Set in Security Manager
The following image version changes do not affect the types of policies available for that device in
Security Manager:
• Upgrading from any Cisco IOS version supported by Security Manager to any other Cisco IOS
version supported by Security Manager.
• Upgrading from any PIX 6.x image to another PIX 6.x image.
• Upgrading from any PIX 7.x image to another PIX 7.x image, retaining the same security context
and mode configuration.
• Upgrading from any ASA 7.x image to another ASA 7.x image, retaining the same security context
and mode configuration.