cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Vladimir
Pearl

Shared Layers Annoyances

With R80++ we've got an ability to implement Shared Layers. It is an interesting feature that allows us to have common security parameters across multiple policies.

Having used it for a while, I've bumped into this scenario:

Client has multiple, geographically distributed gateways.

We have implemented common APPC/URLF layer across individual policies governing their corresponding location.

Occasionally, one of the locations requests modification to the APPC/URLF which business approves and it is getting implemented.

Policy is published and installed on that location only.

Now we have an untold number of pending changes for the rest of the infrastructure and those will not take effect until all the policies are installed.

My problem is that there are no clear indicators in the rest of the policies that the changes are pending installation.

Perhaps having a Layer specific indicator of installation status will be helpful.

1 Reply
Highlighted

Re: Shared Layers Annoyances

I feel your pain, we have a similar situation, a couple of 5000 appliances for DC and a number of remote locations with 1400 gateways, the DC uses a inline shared policy and the 1400's use a ordered layer for APCL which uses the same Shared layer.
In our case it is only 2 different policies that use the same shared layer but still.
Regards, Maarten