Creating Policy Enforcement Groups
To access this page, click Configure>Shared Objects>Policy Enforcement Groups.
You can create policy enforcement groups from the policy enforcement groups page.
- Know what type of endpoints you are including in your policy enforcement group: IP address, subnet, or location.
- Determine what endpoints you will add to the group based on how you will configure threat prevention according to location, users and applications, or threat risk.
- Keep in mind that endpoints cannot belong to multiple policy enforcement groups.
To create a policy enforcement group:
- Select Configure>Shared Objects>Policy Enforcement Groups.
- Click the + icon.
- Complete the configuration by using the guidelines in the Table 1 below.
- Click OK.
Table 1: Fields on the Policy Enforcement Group Page
Field | Description |
|---|---|
Name | Enter a unique string that must begin with an alphanumeric character and can include underscores; no spaces allowed; 63-character maximum. |
Description | Enter a description; maximum length is 1024 characters. You should make this description as useful as possible for all administrators. |
Group Type | Select a group type from the available choices. IP address/subnet or location. |
Items | Select the check box beside the IP address(es) of the endpoint device(es) in the Available list and click the > icon to move them to the Selected list. The endpoints in the Selected list will be included in the policy enforcement group. |
Add New Endpoint | Click the Add New Endpoint button if the address or location you want does not appear in the Available list. |
