If I could recommend on best practices for policy organization, I would start by upgrading the Management server so you can start enjoying some of the benefits of layers. The ability to share the same set of rules is a Management-Only feature, therefore you can start by just upgrading your Management to R80.10, use this feature, and later plan your Gateway migration. With R80 and R80.10 Management, you can change the application control & URL filtering layer to a shared layer and reuse that layer across your multiple policies - see . I realize this will probably result in more questions, but it should be enough to get you started. When you upgrade to R80.10+, you can have both policies use the same App Control/URL Filtering rules using the same inline layer. The downside to #2 is that you will have to duplicate rules (particularly App Control/URL Filtering rules) across your two policy packages, but the resulting policies should be simpler to manage. One thing you definitely want to do to ensure the wrong policy isn't installed on the wrong gateways is go to Policy > Policy Package Installation Targets and specify the specific gateways the Policy Package applies to. If you want to use your existing policy as a basis, you can do a File > Save As and create a new Policy Package (after saving other changes you might have made). Create a different policy package for your Branch Offices.
This is not an approach I see regularly and I think it makes the policy more complicated overall. You can create gateway-specific rules that are only applied on specific gateways (using the Install-On column). Create a single policy that applies to all your gateways. There's a couple of approaches you can take in terms of building policy:ġ. Unified management is definitely the way to go here, it will make your life simpler in the end.
This is a fine place to post your question
0 kommentar(er)
