Tomer Sole

Editing Policy from no layers to 2 layers

Discussion created by Tomer Sole Expert on Apr 1, 2018
Branched to a new discussion

I wanted to clarify something about Ordered Layers UI in R80.10, both in Access Control and Threat Prevention.

 

You edit your policy package. Currently it looks like this:

 

Clicking the + button and adding a new layer:

 

Will change the policy's structure to this:

 

Intuitively, you may think that you just jumped from 0 layers to 2, but in fact, the first layer, with the name that you didn't set by yourself, has been there all along. 

 

It's just that when the policy consists of one layer (a layer is a set of rules, or a rule-base), SmartConsole does not mention it explicitly but instead just goes with "You have an Access Control / Threat Prevention part". 

 

The same pattern happens in Threat Prevention. From this:

 

Clicking the + button and adding a new layer:

 

Will change the policy's structure to this:

 

Sidenode: Threat Prevention policies also have the IPS Shared Layer concept, which is a result of having pre-R80 gateways with the IPS blade. Read more about that part here: Threat Prevention policies after R77.30 to R80.10 migration. Is it correct? 

 

The automatic naming convention goes by:

- Access Control: Layer's name is "[Policy name] Network". Example: if your policy is named CorporateInternal, the default first layer's name will be "CorporateInternal Network".

- Threat Prevention: Layer's name is "[Policy Name] Threat Prevention". Example: If your policy is named DMZ, the default first layer's name will be "DMZ Threat Prevention".

- The UI hides the part of the policy's name, to reduce some clutter. But in fact if you reference that policy with the API or the CLI, you will see the full name, and not just the suffix "Network" or "Threat Prevention".

 

Outcomes