CSA 6.0 - policies in Audit mode - per groups

Unanswered Question
Dec 2nd, 2008


Deploying CSA 6.0

Have several groups created but policies linked to these groups are the same.

I would like to have all of them work in Audit mode initially and move them

into non-Audit mode on per-group basis.

When I move policy out of Audit mode (uncheck box for specific policy) in group #1

I am getting messages that this policy will be not working in audit mode

in other groups as well because it is not in audit mode in group #1.

Is there way to work it around ?

and have policies be in Audit / non-Audit mode on per-group basis

thank you


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tsteger1 Tue, 12/02/2008 - 16:42

You get the audit mode message because you are the same rule modules are applied to all hosts.

Try an audit mode group and then move the hosts in and out of the group as needed.

That will put the host in audit mode.

Your other options is to clone the rule modules but that can get messy.


a.gesse Tue, 12/02/2008 - 17:40

Hi Tom

I agree, cloning rule modules is not an option.

But there would be no such thing as “audit group”,

if I put policy in audit mode in one group (#1) and there is another group

where this policy is not in audit mode, then it becomes non-audit mode policy

even for group #1. This is what my experience tells me.

The ideal for our deployment (tens of groups, 1K users) would be able

to manipulate audit mode for policies on per-group basis.



tsteger1 Thu, 12/04/2008 - 11:06

Create a policy with only the rule module(s) you want to audit, call it something like "Audit - myrules" and assign it to the groups you want to test.

No cloning needed for that.



This Discussion