Tomer, can you clarify if this common IPS/TP layer could be installed on all targets in all policies simultaneously, or is the installation still limited to a single group of gateways/clusters managed by the parent Access Control policy?
You still have to select the policy + the gateways at the policy installation dialog. If the policy is not the same across your gateway group, then this means picking a different policy package at every time. The term is a Policy Package which includes Access Control + Threat Prevention.
BUT we're simplifying that soon as well TechTalk: R80.20 Demo
Any clue as to ETA?
Of the TechTalk? Sure - this Wednesday J
I want to present the feature and then if you think that this can help simplifying this scenario then we can talk about ETAs / how to enable it from the public EA.
So the feature that I wanted to mention was the ability to Schedule Policy Installations with R80.20 (not M1). It is in the current public EA as well as the upcoming next Management Feature Release.
You can create a preset with multiple policies or multiple gateways in it. Then, you can either play it with one click or add a time object to schedule it to a time window.
This way you could install multiple different policies at once.
You can use this feature if you are a Multi-Domain user by logging into the MDS domain and going to Install Policy Presets.
I've seen it during the demo being used with Access Control policies. Can you confirm that this is applicable to TP policies decoupled from access control as well?
Hi, for this version it will always install both policies.
So it looks that a solution to your use case remains with writing custom API scripts that batch-calls "install-policy access false threat-prevention true" on each of the targets.
Thanks for the info Tomer.
Unfortunately, client is not interested in using scripts.
Looks like we are stuck with MDS for the duration.
Retrieving data ...