cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Clement
Ivory

Verify Access Control Policy and Sub-policies usage

I have an Access Control Policy which is made of the follwing:

- Global Policies

- Multiple Sub-policies, used for zone-to-zone purpose (we migrated from Juniper, which used zones)

 

Unfortunately, I realized that the Verify Access Control Policy tool is not comparing rules across sub-policies. Is there a way to force the tool to verify global policies against sub-policies ?

0 Kudos
3 Replies
Employee+
Employee+

Re: Verify Access Control Policy and Sub-policies usage

Why would you compare them?

If something matches one sub policy, it wont match the other. So technically, they cant conflict ... 

 

0 Kudos
Clement
Ivory

Re: Verify Access Control Policy and Sub-policies usage

The idea is to simplify the access rules with a global rules template. So I would like global policies to be verified against the sub policies.

0 Kudos
Admin
Admin

Re: Verify Access Control Policy and Sub-policies usage

Policy verification only works within a given layer (not across them), looking for rules that match the same source, destination, and service (other than the Cleanup rule at the end).
I'm not seeing the use case for this to verify across global + local layers, given how they work.
In fact, depending on the specific policy construction, this may be necessary.

It would be helpful if you could articulate exactly the problem you're trying to solve, possibly with a concrete example.
0 Kudos