Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Explorer

Policy Target 'Install On'

We have Selected 'Policy  Targets' as to install on for Cluster. Policy Targets contains the specific gateway cluster.

 

Now When I install policy on 'Cluster-1' with target set as 'Cluster-1' 0nly in the situation when I do Policy Install on 'Cluster -2' it still shows installed policy changes on Cluster-1  under 'View  Chnages'.

 

I am not sure if I explained it well.

 

Thanks

Ravi 

 
 

 

 

0 Kudos
11 Replies
Highlighted
Admin
Admin

I'm not really following.
Screenshots might help.
0 Kudos
Highlighted
Explorer

If you see attached files, Install on is set to 'Policy  Targets' which are specific to cluster only. Now When I go to install policy it shows  419 changes which we made on other clusters not on 'P-cluster'.  None of the change related  to 'P-cluster' but still it shows under changes list while I do install on 'P-cluster'.

 

 

 

 

 

 

0 Kudos
Highlighted
Admin
Admin

Did you make ANY change to ANY objects along the way?
Those object changes apply to all policy packages, even if they're not used in the package.
They are only pushed to the gateway when a policy install takes place.
0 Kudos
Highlighted
Champion
Champion

Lets assume the following:

  • you have 1 policy that is used for Cluster_1 and Cluster_2
  • you make some changes
  • you push policy to Cluster_1
  • Now you want to push the policy to Cluster_2
  • You see that there are changes waiting to be installed.

This is correct, those changes had not been applied to Cluster_2 yet so they show as not finished, it is the same policy you made changes to.

Regards, Maarten
0 Kudos
Highlighted
Explorer

I have  deleted 1 Policy  on 'Cluster_1' and its not used on 'Cluster_2' still it shows waiting install on 'Cluster_2'.

We have 15 cluster in our environment. So if I delete  1 policy on 'Cluster_1' it shows pending install on  all rest of 14 clusters.

 

0 Kudos
Highlighted
Explorer

Just not I have deleted rule on another cluster and it shows the changes on 'Cluster_P'.

0 Kudos
Highlighted
Champion
Champion

As all your clusters use the same policy and there is a change in the policy, regardless the change, it will show that there was a change in the policy. When you delete a line, all line numbers have changed in the policy.
Regards, Maarten
0 Kudos
Highlighted
Explorer

We have separate policy install package 'Target' used for each clusters. So each clusters  are using different policies.  

 

I mean to say Perimeter firewall will not have same policies as inside firewall.  Still if I  made any changes on Inside firewall its shows on Perim firewall in  pending install.

 

Is this something  known or same policy thing?

 

Regards,

Ravi

0 Kudos
Highlighted
Champion
Champion

If each policy is only related to a specific cluster, do you have the installation target set?
If not it will still think each policy is related to each cluster.
When you make changes to a object (other than rules) it is relevant to all policies and I really do not believe that the underlying technology will differentiate between gateways.

When you do use the installation targets, you do not need to use the install-on column on top of that, this will only give you a lot of work when you need to replace a cluster or rename...
Regards, Maarten
0 Kudos
Highlighted
Explorer

If each policy is only related to a specific cluster, do you have the installation target set? - Yes it set to specific cluster target only.

I have observed this thing in scenario where 'Object_X' is used only on 'Cluster_1' and I do changes on 'Object_X' it will set to install for all the clusters. 

Though I need to try other possible way to fix. 

 

 

0 Kudos
Highlighted
Participant

I'm not sure but maybe any Object which is used in the Policy for Cluster-1, in that particular object in NAT properties maybe its configured to install the Policy target on All/Cluster-2.
Refer to the attached screenshot for reference and check if it helps.

 

Regards,

CSR

0 Kudos