Understanding vGW Series Multi-Center Synchronized Objects

This topic explains how protocols and compliance rules objects are synchronized from the master vGW Security Design VM to the delegate vGW Security Design VM center. The Settings pane of the delegate center shows status and other information about objects that are synchronized to it.

From the perspective of a delegate center, the synchronized objects are viewed as read-only global objects, and they cannot be modified.

This topic includes the following sections:

Object Synchronization

It can occur that a newly synchronized global object is identical in name and content to a local object on the delegate center. In this case, for global objects that contain default values such as protocols and compliance rules, the local object is converted to a global one. The global version of the local object on the delegate center vGW Security Design VM is marked as converted. All references to the local object are preserved, but now they pertain to the global object. Because the converted object is now a global object, it is accessible as a read-only object on the delegate center vGW Security Design VM. That is, the administrator of the delegate center vGW Security Design VM cannot modify it.

When an object is no longer mirrored, it is deleted from the delegate center unless it is used by local objects. That is, if it was converted from a local object such as a protocol, it is converted back to the local object at that time.

Object Naming

To avoid naming issues and Smart Group logic problems, when the same name for a global object and a local object exists in the same context, the global object takes precedence and the name is used for it. The vGW Series marks the object as global, as viewed from the delegate center. The object with the conflicting name is renamed with the word local appended to it.

The administrator of the master vGW Security Design VM can remove an object from selection for a delegate center. In this case, the object is no longer a global one on the delegate center. If a local counterpart exists, it is now reinstated and the delegate center administrator can edit it.

Creation of Objects Local to the Delegate vGW Security VM

Administrators of delegate vGW Security Design VMs centers are still able to configure local objects for their own systems. These local objects remain local, and they have no affect on the master vGW Security Design VM configuration, with some exceptions. For example, the priority of local policy groups is always lower than global ones.

Related Documentation