AnsweredAssumed Answered

Threat Prevention policies after R77.30 to R80.10 migration. Is it correct?

Question asked by Gianluca Oglietti on Sep 21, 2017
Latest reply on Nov 7, 2018 by Eric Beasley

Hi to all,

I have a little question related to the new Unified Policy (Threat Prevention). We have just migrate all our environment from R77.30 to R80.10 (management server and gateways) and now we are trying to migrate all the policy to the new paradigm.

After the migration our Threat Prevention policies is based on 2 layers: "IPS" and "Threat Prevention". What we would to do is to create a Threat Prevention policies based on only 1 layer (by using an ad-hoc profile with all our active blades configured). Is it possible?

We tried to do that many times but we are not able to delete the layers:  in the "Threat Prevention" layer the option is disabled/grayed (we can only "edit" it!) while in the IPS layer all the options are disabled. This last layer is also shared and we would un-shared it but this is not possible.

I'm not sure if this is the behavior "by design" for a R80.10 environment also because we have seen some video here where the the Threat Prevention policies had no layers.

So... is it correct that we are unable to modify our Threat Prevention policies or we have some kind of problem? I've also tried to open a SR but CP told us that this is a "by design" behavior... I know that this is true in a R77.30 environment, but is it true also in a R80.10 environment?

Can someone help me?