WAAS Central Manager Policy Definitions across several device groups

Unanswered Question
Eric Rose Wed, 01/27/2010 - 19:27
User Badges:
  • Cisco Employee,

I am not sure of a way to copy a policy and pasting it into another group.


A question though - typically policies are the same across "all devices" within an organization. What is the reason why you are setting policies via multiple device groups?


Thanks

Eric

I have my "Core" WAE's in a separate device group to prevent them from recieving a policy or setting intended for Edge WAEs.  For example, If someone sets the assignment method to hash, I certianly dont want that pushed to my Core, ( using Mask assignment)



However, a custom application definition WILL need to be applied to both Core and Edge WAE's. Therefore I need a way to create the policy for all devices group and copy out and apply selected custom policies to the Core device group as well.


Problem:  I have QUALYS Vulnerability Scanners that wreak havoc on WAE's by opening 1000's of sessions and not propoerly closing them, causing TFO Overload conditions, throughout the network.


Solution: create a custom policy to set Scanner IP action to pass-through. there are 30+ scanners so the match condition is lenthy and woudl be painful to build manually for each device group.


new Problem: need to apply this to multiple device groups.

Eric Rose Wed, 01/27/2010 - 19:51
User Badges:
  • Cisco Employee,

A WAE device can get "policy / configuration" from multiple device group or even from the local device screens. Each screen / tab can be called from a different device group for a specific device.


WCCP configuration based on a Hash or Mash can be done via the remote or data center device group as you mentioned.

     also similiar to SSL configuration via the data center device group


application policy definitions can then be set via the all device groups - this way the scanner policy and enforce via that device group.

     A WAE device can be a member or muliple device for different configuration screens.

     Also this way you can make sure that all devices have the same application policy definitions.


Let me know if this helps.

Eric

Actions

This Discussion