IBM Proventia Network Enterprise User Manual - page 78
Chapter 5: Introduction to Enterprise Scanner Policies
78
IBM Internet Security Systems
Policy Inheritance with Agent Policies
Introduction
This topic describes rules of inheritance for agent policies. It also explains where policies
appear in the SiteProtector Console, based on the ways in which you can define them.
Rules for policy
inheritance
The following rules describe policy inheritance for agent policies:
●
You must define a unique Access, ESM, Networking, Services, and Time policy for
each agent.
●
You can allow the Notification and Update policies to inherit their definitions from
policies defined higher in the group structure.
●
You can define only one Network Locations policy, to be used by all agents and assets.
That policy must be defined at the Site Group level.
Agent policies in the
Console
You work with policies in a Policy tab in the SiteProtector Console. When you select an
agent on the left pane, the agent’s policies appear on the right pane. If you expand the
agent node, the policies also appear below the agent. Figure 19 is an example of agent
policies for an agent in the CorporateScanners group:
Figure 19: Example of agent policies in a Policy tab in the SiteProtector system
Examples of
inheritance
indicators
Table 25 describes the inheritance indicators illustrated in Figure 19:
Inheriting From
Value
Description
blank
The agent policies
—
Access, ESM, Networking, Services, and Time—are
defined at the agent level.
Inheriting from the
factory defaults
All of the policies are defined at the agent or Cancun group level. None of
the policies inherit from the factory defaults.
A_Group_Name
The Notification and Update Settings policies appear on the left pane under
Cancun, indicating that they are defined for the Cancun group. The
Inheriting From column on the right pane confirms that the agent inherits
the policies from Cancun.
Table 25: Agent policy inheritance indicators