Cisco Systems CL-28826-01 Sharing a Local Policy

5-38

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 5 Managing Policies

Managing Policies in Device View and the Site-to-Site VPN Manager

Sharing a Local Policy

As your network grows, you might decide to convert a local policy into a shared policy that you can

assign to multiple devices or VPN topologies (see Local Policies vs. Shared Policies, page 5-3). Sharing

a policy provides a streamlined management approach that ensures that all devices or topologies

assigned to the policy are configured in a consistent manner. For example, if you configure a set of

firewall inspection rules on a particular device, sharing that device’s inspection rules policy makes it

possible to assign that policy to other devices, eliminating the need to configure each device individually.

See Assigning a Shared Policy to a Device or VPN Topology, page 5-41.

In addition, having a shared policy enables you to update the configurations of each assigned device or

topology at one time, saving time and promoting greater consistency across your set of managed devices.

When you share a policy, you must name the policy. (Local policies do not have names, because they are

associated with only a single device or topology.) This enables you to identify this policy when managing

shared policies in Policy view.

Related Topics

•Understanding the Device View, page 3-1

•Policy Status Icons, page 5-28

•Using the Policy Banner, page 5-35

•Assigning a Shared Policy to a Device or VPN Topology, page 5-41

•Unsharing a Policy, page5-40

•Adding Local Rules to a Shared Policy, page5-42

•Sharing Multiple Policies of a Selected Device, page 5-39

•Inheriting or Uninheriting Rules, page 5-43

•Working with Shared Policies in Device View or the Site-to-Site VPN Manager, page 5-34

Step 1 In Device view or the Site-to-Site VPN Manager, select a policy from the Policies selector, then do one

of the following:

•(Device view only) Select Policy > Share Policy.

•Right-click the policy and select Share Policy.

•Click the local device/this VPN link in the Assigned To field in the policy banner. A warning dialog

box called Local Policies Cannot Be Assigned to Multiple Devices opens to inform you that you are

viewing a local policy. Click Share Policy to continue.

The Share Policy dialog box is displayed.

Step 2 Enter a name for the shared policy and click OK.

Clone Policy Creates a copy of a policy with a new name. Use this option to create a

new policy with the same definition as the policy from which it was

created, which you can then edit. See Cloning (Copying) a Shared

Policy, page 5-44.

Rename Policy Renames the selected policy. See Renaming a Shared Policy, page 5-45.

Table5-6 Policy Shortcut Commands (Continued)