Managing Policies; Policy Overview; Changing A Policy Without Distributing The Change - 3Com 3CR990 Administration Manual

4

Policy Overview

Managing Policies

This chapter provides detailed information on creating and assigning policies. It contains
the following topics:
"Policy Overview" below
I
"Creating Policies and Rules" on page 49
I
"Verifying a Policy Using Test Mode" on page 53
I
"Distributing a Policy to the Network" on page 55
I
"Secured EFW Device—Allow Traffic versus Block All Traffic" on page 56
I
"Exporting or Importing Policies or Rule Sets" on page 56
I
A policy determines the behavior of any device sets assigned to it. Each device set in the
system must be assigned to a single policy. However, a single policy may have more than
one device set assigned to it.
Before you assign a device set to a policy, you can make any modifications to that policy at
any time without causing a policy distribution. Policy distribution is the process of sending
a policy (or updated policy) to one or more EFW devices. Policy distribution occurs when
any of the following actions occur within the Management Console:
Modification of a policy that has a device set containing EFW devices assigned to it
I
Modification of a rule set used by a policy assigned to a device set containing EFW
I
devices
Assignment of a new device set containing EFW devices to a policy
I
Assignment of a new device to a device set
I
Use of the Distribute Policy button on the NIC Status window (displayed when you
I
press the Status button on the NIC window).
NOTE: Areas in the Management Console that cause a distribution to EFW devices
if modified are indicated by an arrow icon
An unassigned policy resides only in the Policy Server database. When a policy having one or
more device sets is saved, any modifications that were made to the policy are saved to the
database and distributed. Changes made to a policy are lost when you exit the
Management Console if they have not been saved.

Changing a Policy Without Distributing the Change

If you are in the process of making changes to a particular policy, but are not yet
comfortable with distributing the policy with the changes, you can use the Save As button
to save the partially completed policy under a different policy name with no device sets
assigned to it. You can then continue making changes to that policy without affecting any
device sets. When you are satisfied with the changes to that policy, you can simply move
the device sets from the previous version of that policy to the new policy.
.
45