Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CSA groups in Test Mode

Let's say that I have a host in 3 groups - <All Windows>, TestGroup, OtherGrp.

By default my Host is in <All Windows>, I can't remove it. I don't have any policies assigned to <All Windows>. The other two groups do have policies.

So now my Host is running rules from the 2 other groups. If I put <All Windows> into Test Mode, what happens? My Host will show that its in Test Mode, because its inheriting it from <All Windows>.

Is the Agent completely in Test Mode? Does Test Mode only apply to the group it isn't enabled on? So if my two other groups aren't in test mode, are the rules still working normally, or is <All Windows> overwriting that setting?

1 ACCEPTED SOLUTION

Accepted Solutions
Blue

Re: CSA groups in Test Mode

If a host is in a group that is in test mode, all rules that apply to the host are in test mode.

A host can have rules in test mode and still have other rules in protect mode.

Tom S

3 REPLIES
Blue

Re: CSA groups in Test Mode

If a host is in a group that is in test mode, all rules that apply to the host are in test mode.

A host can have rules in test mode and still have other rules in protect mode.

Tom S

New Member

Re: CSA groups in Test Mode

Okay, thanks. I just found that in the book Cisco Security Agent, p. 345, as well.

So if you put into test mode, you've put ALL your Hosts and ALL of the Rules into test mode.

New Member

Re: CSA groups in Test Mode

You can't copy the all windows.

But polices and rules are attached.

I recommend making a new group, make copies of the policies attached and attach them to your new group.

This way you can edit them without affecting the original.

105
Views
0
Helpful
3
Replies
CreatePlease to create content