Adding or editing user-defined protection policies
Cloning existing protection policies
Cloning existing protection policies
■
Enabling or disabling logging rules
■
Enabling or disabling blocking rules
■
Overriding blocking rules globally
■
Deleting user-defined protection policies
■
The Network Security console provides a way to add and edit user-defined
protection policies. Symantec protection policies cannot be modified. If you
want to modify a Symantec protection policy, clone it and modify the clone.
To add or edit user-defined protection policies
1
In the Policies tab, do one of the following:
Click New.
■
Select an existing protection policy, and click Clone > Edit.
■
2
In Policy Name, enter a unique name to distinguish this policy.
3
You have the option of doing any or all of the following:
In Search Events, you can change the search parameters to display a
■
more manageable subset of event types to apply rules.
See
"Searching to create a subset of event types"
In Search Results, you can adjust the view.
■
See
"Adjusting the view by columns"
4
In Search Results, define the policy by doing any or all of the following:
For software and appliance nodes, select event types to apply logging
■
rules to direct the monitoring of events.
See
"Enabling or disabling logging rules"
For 7100 Series appliance nodes, select event types to apply blocking
■
rules. Software nodes do not currently support blocking rules.
See
"Enabling or disabling blocking rules"
5
In Search Events, click OK to exit.
6
In the Protection Policies tab, click Apply to save and apply changes.
Because Symantec protection policies cannot be edited, if you want to modify a
Symantec protection policy, you must clone it and modify the clone.
Protection policies
Defining new protection policies
on page 117.
on page 119.
on page 122.
on page 123.
121