Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Creating Policy Enforcement Groups

    To access this page, click Configure>Shared Objects>Policy Enforcement Groups.

    You can create policy enforcement groups from the policy enforcement groups page.

    • Know what type of endpoints you are including in your policy enforcement group: IP address, subnet, or location.
    • Determine what endpoints you will add to the group based on how you will configure threat prevention according to location, users and applications, or threat risk.
    • Keep in mind that endpoints cannot belong to multiple policy enforcement groups.

    To create a policy enforcement group:

    1. Select Configure>Shared Objects>Policy Enforcement Groups.
    2. Click the + icon.
    3. Complete the configuration by using the guidelines in the Table 1 below.
    4. Click OK.

    Table 1: Fields on the Policy Enforcement Group Page




    Enter a unique string that must begin with an alphanumeric character and can include underscores; no spaces allowed; 63-character maximum.


    Enter a description; maximum length is 1024 characters. You should make this description as useful as possible for all administrators.

    Group Type

    Select a group type from the available choices. IP address/subnet or location.


    Select the check box beside the IP address(es) of the endpoint device(es) in the Available list and click the > icon to move them to the Selected list. The endpoints in the Selected list will be included in the policy enforcement group.

    Add New Endpoint

    Click the Add New Endpoint button if the address or location you want does not appear in the Available list.

    Modified: 2017-07-21