12-02-2008 09:21 AM - edited 03-09-2019 09:51 PM
Hello,
Deploying CSA 6.0
Have several groups created but policies linked to these groups are the same.
I would like to have all of them work in Audit mode initially and move them
into non-Audit mode on per-group basis.
When I move policy out of Audit mode (uncheck box for specific policy) in group #1
I am getting messages that this policy will be not working in audit mode
in other groups as well because it is not in audit mode in group #1.
Is there way to work it around ?
and have policies be in Audit / non-Audit mode on per-group basis
thank you
Alex
12-02-2008 04:42 PM
You get the audit mode message because you are the same rule modules are applied to all hosts.
Try an audit mode group and then move the hosts in and out of the group as needed.
That will put the host in audit mode.
Your other options is to clone the rule modules but that can get messy.
Tom
12-02-2008 05:40 PM
Hi Tom
I agree, cloning rule modules is not an option.
But there would be no such thing as âaudit groupâ,
if I put policy in audit mode in one group (#1) and there is another group
where this policy is not in audit mode, then it becomes non-audit mode policy
even for group #1. This is what my experience tells me.
The ideal for our deployment (tens of groups, 1K users) would be able
to manipulate audit mode for policies on per-group basis.
Thanks
Alex
12-04-2008 11:06 AM
Create a policy with only the rule module(s) you want to audit, call it something like "Audit - myrules" and assign it to the groups you want to test.
No cloning needed for that.
Tom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide