Updating Policies on Devices
When you finish creating and verifying your security configurations, you can publish these configurations and keep them ready to be pushed to the security devices. Security Director helps you push all the security configurations to the devices all at once by providing a single interface that is intuitive.
The Publish workflow provides the ability to save and publish different services to be updated at a later time to the appropriate firewalls (during the down time). This permits administrators to review their firewall, VPN, and NAT policies before updating the device. This saves administrators troubleshooting time, avoid errors, and saves costs associated with errors. Verify and tweak your security configurations before updating them to the device by viewing the CLI and XML version of the configuration in the Publish workflow. This approach helps you keep the configurations ready and update these configurations to the devices during the maintenance window.
When you publish rules, the process takes into account the priority and precedence values set on the policy and the order of rules on the device. Rules are published in the order of their priority groups, with prerules in the High priority group publishing first, before prerules in the Medium and Low priority groups.
If you change the priority or precedence of a published policy, the policy must be republished for the changes to take effect. Sometimes, changing priority or precedence in one policy can affect other policies in the same priority group. However, such policies do not need to be republished in order for their changes in priority or precedence to take effect for the policies that are implicitly changed by the explicit changes to the republished policy.
To update a policy:
- Select Configure > Policy-Name Policy > Policies. Select the policy that you want to update and click Update. The Update Policy page appears.
- Select the policy that you want to update and click Update. The Update Policy page appears.
- Select the check boxes next to the devices to which the
policy changes will be published.
You can search for a specific device on which the policy is published by entering the search criteria in the search field. You can search the devices by their name and IP address.
- Select Schedule at a later time if you want to schedule and publish the configuration later.
- Select Run now if you want to apply the configuration immediately.
- Click Publish. The Affected Devices page displays the devices on which the policies will be published.