Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RAJMOHAN
Explorer
Jump to solution

MDS Global Rule

Hi All,

Good morning !! We are currently using MDS with multiple CMAs running on R80.40. Currently, the plan is to create Global Rule (push to all domain/CMA) along with we plan to create another global Rule named as DC and push only to 3 primary DC GW's. Could someone please confirm if this is viable option to have kind of two global Rules one push to all GW whereas the other one mainly for DC (3 GW) part  ?

0 Kudos
1 Solution

Accepted Solutions
Kaspars_Zibarts
Employee Employee
Employee

@Vincent_Bacher has the best answer 🙂

Else you can always create different global policies per domain if it helps and your GWs are separated that way:

image.png

 

View solution in original post

0 Kudos
5 Replies
Vincent_Bacher
Advisor
Advisor

I think this is described in MDM admin guide in section "Applying Global Rules to Security Gateways by Function".

We don't use that but from my perspective that should be viable. 

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
Kaspars_Zibarts
Employee Employee
Employee

@Vincent_Bacher has the best answer 🙂

Else you can always create different global policies per domain if it helps and your GWs are separated that way:

image.png

 

0 Kudos
George_Ellis
Advisor

As Kaspars example points out, as I think I understand what you are asking, one policy per domain.  So I was thinking you were asking if you could do a cumulative push of A + B?  I have not seen that that will work.  But since you are in the same domain (Global), copy-paste works and add part b's specific rules.
But I may not have followed what you mean.

0 Kudos
RAJMOHAN
Explorer

Hi ,

Thanks all for your response.. I  strongly feel the  way Kaspars suggested would work and easy method though. Will test it out in couple of weeks.

 

0 Kudos
Maarten_Sjouw
Champion
Champion

Another option is to use Global dynamic objects, this makes a policy very much more dynamic. You create the object in the global policy and name it GBL-name_global, the '_global' part is mandatory. Now in the global rulebase you could use a global dynamic named GBL-DC-GWs_global in an install on column. 
In the normal rulebase you create a Simple Network Group with the exact same name GBL-DC-GWs_global and add the 3 DC GWs to it. Now assign the new global policy to the domain and you will see the group will show on that one global rule you added it to and the simple network group will be linked to the Dynamic global object.

Hop I explained it clear enough, if not I can always try to do better.

Regards, Maarten

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events