Why am I seeing a discrepancy in the access rule that is shown as matched in the read-only policy query page of CS-MARS and the Access Rules page in Security Manager?
A. If you modify the access rule in Security Manager after the read-only policy query window is displayed with highlighted rules that generated the event and start the Security Manager client, the rule table in the read-only policy page is used as the basis for displaying the matched rule in Security Manager and the modified rule table in Security Manager is not considered. For example, if the first row in the read-only policy query window is shown as highlighted and is TCP-based, and you change the order of the rules in the Access Rules page of Security Manager to move an ICMP-based rule to the top of the table, the ICMP-based rule (not the TCP-based rule) is highlighted when you start the Security Manager client from CS-MARS.
Related Questions
- Why am I seeing a discrepancy in the access rule that is shown as matched in the read-only policy query page of CS-MARS and the Access Rules page in Security Manager?
- Why is the access rule table displayed after lookup in the read-only policy query window different from the one configured in Security Manager?
- Can I perform any other task from the read-only policy query page for a signature-fired event, besides tuning of signatures?
