01-27-2010 06:51 PM
Hi there,
I am trying to find a way to apply a custom application policy(s) to multiple device groups. ( not the AllDevicesGroup).
I have not found a way to export or import the policy.
Any help would be appreciated.
Todd
01-27-2010 07:27 PM
I am not sure of a way to copy a policy and pasting it into another group.
A question though - typically policies are the same across "all devices" within an organization. What is the reason why you are setting policies via multiple device groups?
Thanks
Eric
01-27-2010 07:43 PM
I have my "Core" WAE's in a separate device group to prevent them from recieving a policy or setting intended for Edge WAEs. For example, If someone sets the assignment method to hash, I certianly dont want that pushed to my Core, ( using Mask assignment)
However, a custom application definition WILL need to be applied to both Core and Edge WAE's. Therefore I need a way to create the policy for all devices group and copy out and apply selected custom policies to the Core device group as well.
Problem: I have QUALYS Vulnerability Scanners that wreak havoc on WAE's by opening 1000's of sessions and not propoerly closing them, causing TFO Overload conditions, throughout the network.
Solution: create a custom policy to set Scanner IP action to pass-through. there are 30+ scanners so the match condition is lenthy and woudl be painful to build manually for each device group.
new Problem: need to apply this to multiple device groups.
01-27-2010 07:51 PM
A WAE device can get "policy / configuration" from multiple device group or even from the local device screens. Each screen / tab can be called from a different device group for a specific device.
WCCP configuration based on a Hash or Mash can be done via the remote or data center device group as you mentioned.
also similiar to SSL configuration via the data center device group
application policy definitions can then be set via the all device groups - this way the scanner policy and enforce via that device group.
A WAE device can be a member or muliple device for different configuration screens.
Also this way you can make sure that all devices have the same application policy definitions.
Let me know if this helps.
Eric
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide