![]() But most organisations have one policy defined per firewall. In that case, you can just leave the “Install On” column at its default of “Policy Targets.” There’s no need to set it to anything else, since this policy is only ever going to be installed on one firewall.īut people see that column and think “Ah, I must have to define the enforcement point. ![]() So in certain circumstances, it might make sense. This lets you define at a per-rule level, which firewall will enforce that rule. When you compile & install policy, it will only install the rules that apply to that specific firewall. This is pretty easy to do, and might make sense if you have many common rules.īut then you say “What if I had 30 common rules, 50 that only applied to firewall A, and another 50 that only applied to firewall B?” That’s where people start using the “Install On” column. But sometimes you want to have the same policy on multiple firewalls. Most organisations will only have one installation target per policy. You can imagine the merriment that ensued when someone would install the wrong policy on a firewall. In the 4.1 days, we didn’t have this option. At install time, you had to choose from the complete list of firewalls. The default had all firewalls selected.
0 Comments
Leave a Reply. |