5-56
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 5 Managing Policies
Managing Policy Bundles
Assigning Policy Bundles to Devices
You can modify the list of devices assigned a particular policy bundle as required. Multiple policy
bundles can be assigned to a device as long as the policy types in those policy bundles do not overlap.
When assigning a policy bundle to a device, if local policies on that device are the same policy type as
those contained in the policy bundle, you are given the option to inherit or replace the existing policies.
Note If any of the policies that are part of a policy bundle are not compatible with the device to which you are
assigning it, the bundle cannot be assigned.
If you remove a device from a policy bundle assignment, all policies that are part of that bundle are
effectively removed from the device’s planned configuration. Local policies will be lost and cannot be
retrieved. Upon deployment, any configuration of that type that exists on the device is removed. For more
information about the implications of unassigning a policy, see Unassigning a Policy, page 5-33.
Caution Use the policy bundle assignment feature with care, as unassigning a policy bundle removes that
configuration from the device and can have unintended consequences. For example, if you unassign a
device access policy from a Cisco IOS router and then deploy that change, you might prevent Security
Manager from configuring that device in the future (see User Accounts and Device Credentials on Cisco
IOS Routers, page 60-13).
Related Topics
Managing Policy Bundles, page 5-53
Creating a New Policy Bundle, page 5-54
Cloning a Policy Bundle, page 5-55
Renaming a Policy Bundle, page 5-55
Step 1 In Policy Bundle view, select an existing policy bundle in the Policy Bundle selector.
The policy bundle details are displayed in the Policy Bundle main window.
Step 2 Click the Assignments tab.
Step 3 Modify the list of devices to which the policy bundle is assigned, as follows:
To assign the selected policy bundle to additional devices, select them from the Available Devices
list, then click >> to move them to the Assigned Devices list.
To unassign the selected policy bundle from devices, select them from the Assigned Devices list,
then click << to return them to the Available Devices/VPNs list. Devices or topologies that are
unassigned from the policy remove this policy from their running configuration during deployment.
Tip To assign a policy to all the devices in a device group, select the name of the device group, then
click >>.
Step 4 Click OK to save your assignment changes.
The policy bundle name is updated in the Policy Bundle selector.