There are 3 types of policies:
Central policy- Contains global settings and behavioral analysis for generic threats.
Forwarding policy-defines forwarding rules
Local policy- user created policies
VPM- Visual Policy Manager. Gui Policy editor.
Default policy enforcement order:
VPM > File-local >Policy File-central >Policy file-forward file
When changing the policy file evaluation order, remember that final decisions can differ because
decisions from files later in the order can override decisions from earlier files (the Forward policy file
order cannot be changed).
To configure policy order via the Management Console:
Configuration> Policy > Policy Options
Via the cli:
(config) policy order v l c
v(VPM) c(central) l(local)
To change the default polcy from the Management Colsole:
Configuration > Policy > Policy Options
Via the cli:
(config) policy proxy-default {allow | deny}
Policy tracing records every policy event at all layers:
To turn on policy tracing via the Management Console:
Configuration > Policy > Policy Options and select Trace all
Individual policy rules can also be traced by selecting Trace on the rule in the VPM
Via the cli:
Policy trace {all|none}
To view the currently installed policy:
If an HTTPS-Console is configured, use
port is 8082).
Via the cli
(config) show policy
To view the uncompiled policy:
(config) show configuration
Or
(config) show sources policy {central | local | forward | vpm-cpl |vpm-xml}
Posts
0 comments:
Post a Comment