cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

R80.10 Application Blade

Jump to solution

Hi All

I have recently updated my SC to R80.10 and I have 5 Gateways on R77.30 and all of these use the Application and Control Blade.  I have a policy under each FW policy and use the install on as the relevant gateway.

I am now going to review these rules and was wondering if I need to have 5 seperate policies still or can I have 1 policy, and then under the Install On just select all my gateways?

Thanks

0 Kudos
1 Solution

Accepted Solutions

Re: R80.10 Application Blade

Jump to solution

You can share your Application Control layer across all policies. This is actually recommended. You can use the Policy Targets as demo'd by Dameon's excellent video.

This is a Management-only feature, no need to upgrade an R7x gateway for that.

see: Sharing a layer across different policies 

3 Replies
Jerry
Gold

Re: R80.10 Application Blade

Jump to solution

I've got the same setup except all runs R80.10 and segregated all this with new features like layers and parent rules from VSX MDS. In your case it would be wise to compare all those policies and unite them (consolidate them) in one global APP policy? If not possible think about APP per SG but making more out of the new layers on R80.10.

Jerry
0 Kudos
Admin
Admin

Re: R80.10 Application Blade

Jump to solution

Yes, you can install one policy to multiple gateways and you can use the install-on field in the way you describe.

What I would also do is to set the installation target for a given policy to specific gateways.

This is a good best practice to ensure you don't accidentally install the wrong policy on the wrong gateway.

I created a brief video explaining how to do this.

Video Link : 5531

0 Kudos

Re: R80.10 Application Blade

Jump to solution

You can share your Application Control layer across all policies. This is actually recommended. You can use the Policy Targets as demo'd by Dameon's excellent video.

This is a Management-only feature, no need to upgrade an R7x gateway for that.

see: Sharing a layer across different policies