Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

WAAS Central Manager Policy Definitions across several device groups

Hi there,

I am trying to find a way to apply a custom application policy(s) to multiple device groups. ( not the AllDevicesGroup).

I have not found a way to export or import the policy.

Any help would be appreciated.

Todd

3 REPLIES
Cisco Employee

Re: WAAS Central Manager Policy Definitions across several devic

I am not sure of a way to copy a policy and pasting it into another group.

A question though - typically policies are the same across "all devices" within an organization. What is the reason why you are setting policies via multiple device groups?

Thanks

Eric

Community Member

Re: WAAS Central Manager Policy Definitions across several devic

I have my "Core" WAE's in a separate device group to prevent them from recieving a policy or setting intended for Edge WAEs.  For example, If someone sets the assignment method to hash, I certianly dont want that pushed to my Core, ( using Mask assignment)

However, a custom application definition WILL need to be applied to both Core and Edge WAE's. Therefore I need a way to create the policy for all devices group and copy out and apply selected custom policies to the Core device group as well.

Problem:  I have QUALYS Vulnerability Scanners that wreak havoc on WAE's by opening 1000's of sessions and not propoerly closing them, causing TFO Overload conditions, throughout the network.

Solution: create a custom policy to set Scanner IP action to pass-through. there are 30+ scanners so the match condition is lenthy and woudl be painful to build manually for each device group.

new Problem: need to apply this to multiple device groups.

Cisco Employee

Re: WAAS Central Manager Policy Definitions across several devic

A WAE device can get "policy / configuration" from multiple device group or even from the local device screens. Each screen / tab can be called from a different device group for a specific device.

WCCP configuration based on a Hash or Mash can be done via the remote or data center device group as you mentioned.

     also similiar to SSL configuration via the data center device group

application policy definitions can then be set via the all device groups - this way the scanner policy and enforce via that device group.

     A WAE device can be a member or muliple device for different configuration screens.

     Also this way you can make sure that all devices have the same application policy definitions.

Let me know if this helps.

Eric

1054
Views
0
Helpful
3
Replies
CreatePlease to create content