Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Clement
Explorer

Verify Access Control Policy and Sub-policies usage

I have an Access Control Policy which is made of the follwing:

- Global Policies

- Multiple Sub-policies, used for zone-to-zone purpose (we migrated from Juniper, which used zones)

 

Unfortunately, I realized that the Verify Access Control Policy tool is not comparing rules across sub-policies. Is there a way to force the tool to verify global policies against sub-policies ?

0 Kudos
3 Replies
Dorit_Dor
Employee
Employee

Why would you compare them?

If something matches one sub policy, it wont match the other. So technically, they cant conflict ... 

 

0 Kudos
Clement
Explorer

The idea is to simplify the access rules with a global rules template. So I would like global policies to be verified against the sub policies.

0 Kudos
PhoneBoy
Admin
Admin

Policy verification only works within a given layer (not across them), looking for rules that match the same source, destination, and service (other than the Cleanup rule at the end).
I'm not seeing the use case for this to verify across global + local layers, given how they work.
In fact, depending on the specific policy construction, this may be necessary.

It would be helpful if you could articulate exactly the problem you're trying to solve, possibly with a concrete example.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events