Appreciate your responses PhoneBoy, Omri
Just to clarify from the Global Assignments, Reassign part was failling, in the Task Progress list I get:
1) "Global Domain Assignment Failed: Global domain IPS version (635210151) is an earlier version than the local domain IPS version (635210225).
Update the global domain IPS version to the same or higher version than the local domain IPS."
The error is self explanatory, however I could not workout why the global policy intermittently doesnt update or why the gateway had somehow updated when it is configured
not to update automatically but to "Use IPS management updates" as per gateway IPS properties, which is what was then causing local IPS version to be more recent then the global.
I am also getting this second error intermittently when I am the only admin using the global policy, however logging out and back in sometimes fixes this issue so no biggie.
2) Global Domain Assignment Failed: Global Assignment settings are locked for editing by another administrator and need to be published or discarded before the operation can take place.
Omri, in summary we were trying to simplify the IPS updates so that the Global Policy updates are scheduled to check and download the latest protections then to push that out to
all the gateways in each CMA. The gateways are configured to "Use IPS management updates" via the GW IPS profile. However there are clearly different ways of configuring/pushing
IPS updates and I might have "over configured" judging by your reply.
Omri you make a good point "what is the purpose of using schedule update on both CMA and Global domain level ?"
This is probably where I went wrong and over-configured, so I will remove CMA level IPS update and just leave the global policy IPS update schedule, on the gateways will say "Use IPS management updates"
That should hopefully do the job and make sure local IPS update is never more recent then the global scheduled update, so the reassign wont then fail.
Now I got Global Policy / threal prevention / Update / Schedule Update / ticked "Enable IPS scheduled updates on Server and Gateway" / configure - update daily at 22:00
Questions - There is no option to automatically install TP policy to propagate the new protections to the gateways post global scheduled update, does this happen automatically in the background?
Or do I need to manaully reasign at the domain level? Is there any way to automate "Global Assignments" so that post Global IPS scheduled update assigments are upto date with no manual intervention?
Gents, thanks for your help and patience. Tx Dario