Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tony_Graham
Advisor

Switching to Autonomous Policy from Custom

All,

We have been running Custom Polices for IPS and Threat Prevention since it was first introduced. Now that Autonomous 'curated' policies are available, we would like to investigate that. What is the path to move from Custom Policies to Autonomous. When one is enabled is the other disabled or do existing policies need to be removed and then Autonomous enabled? Also are there any 'gotchas' where certain blades are required where we may not have licenses when using Autonomous policies.

Thanks.

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

I don't believe your existing configuration needs to be removed, Autonomous Threat Prevention simply needs to be enabled in the relevant gateway object(s).
Note that the "perimeter" setting in ATP is roughly equivalent to the Optimized policy.

In terms of licensing, ATP will use the licenses you have.

Tony_Graham
Advisor

Excellent,

Thanks Dameon.

0 Kudos
Timothy_Hall
Champion
Champion

When ATP is enabled, all your Custom configurations (profiles, policies, etc.) will still be there and available if you switch ATP back off.  The biggest thing for enabling ATP is to make sure all your exceptions are GLOBAL and not attached to rules as the latter will suddenly stop working when ATP is enabled which can be a rude shock. 

Here are the pages from my IPS/AV/ABOT Immersion class covering this tip and some other gotchas, only update to this would be the new SK covering how to customize UserChecks while ATP is enabled: sk178764: How to use a custom UserCheck object for Threat Extraction in the Autonomous Threat Preven...

ATP1.jpgATP2.jpgATP3.jpg

 

Watch My 2023 CPX360 Speech Titled "Max Power
Reloaded: R81+ Gateway Performance Innovations"
Tony_Graham
Advisor

Thanks Tim.

0 Kudos