CSA 6.0 - policies in Audit mode - per groups

a.gesse · ‎12-02-2008

Hello,

Deploying CSA 6.0

Have several groups created but policies linked to these groups are the same.

I would like to have all of them work in Audit mode initially and move them

into non-Audit mode on per-group basis.

When I move policy out of Audit mode (uncheck box for specific policy) in group #1

I am getting messages that this policy will be not working in audit mode

in other groups as well because it is not in audit mode in group #1.

Is there way to work it around ?

and have policies be in Audit / non-Audit mode on per-group basis

thank you

Alex

tsteger1 · ‎12-02-2008

You get the audit mode message because you are the same rule modules are applied to all hosts.

Try an audit mode group and then move the hosts in and out of the group as needed.

That will put the host in audit mode.

Your other options is to clone the rule modules but that can get messy.

Tom

a.gesse · ‎12-02-2008

Hi Tom

I agree, cloning rule modules is not an option.

But there would be no such thing as â€œaudit groupâ€,

if I put policy in audit mode in one group (#1) and there is another group

where this policy is not in audit mode, then it becomes non-audit mode policy

even for group #1. This is what my experience tells me.

The ideal for our deployment (tens of groups, 1K users) would be able

to manipulate audit mode for policies on per-group basis.

Thanks

Alex

tsteger1 · ‎12-04-2008

Create a policy with only the rule module(s) you want to audit, call it something like "Audit - myrules" and assign it to the groups you want to test.

No cloning needed for that.

Tom