Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1529
Views
0
Helpful
3
Replies

WAAS Central Manager Policy Definitions across several device groups

todd.martin
Level 1
Level 1

‎01-27-2010 06:51 PM

Hi there,

I am trying to find a way to apply a custom application policy(s) to multiple device groups. ( not the AllDevicesGroup).

I have not found a way to export or import the policy.

Any help would be appreciated.

Todd

0 Helpful
3 Replies 3

Eric Rose
Cisco Employee
Cisco Employee

‎01-27-2010 07:27 PM

I am not sure of a way to copy a policy and pasting it into another group.

A question though - typically policies are the same across "all devices" within an organization. What is the reason why you are setting policies via multiple device groups?

Thanks

Eric

0 Helpful

todd.martin
Level 1
Level 1
In response to Eric Rose

‎01-27-2010 07:43 PM

I have my "Core" WAE's in a separate device group to prevent them from recieving a policy or setting intended for Edge WAEs.  For example, If someone sets the assignment method to hash, I certianly dont want that pushed to my Core, ( using Mask assignment)

However, a custom application definition WILL need to be applied to both Core and Edge WAE's. Therefore I need a way to create the policy for all devices group and copy out and apply selected custom policies to the Core device group as well.

Problem:  I have QUALYS Vulnerability Scanners that wreak havoc on WAE's by opening 1000's of sessions and not propoerly closing them, causing TFO Overload conditions, throughout the network.

Solution: create a custom policy to set Scanner IP action to pass-through. there are 30+ scanners so the match condition is lenthy and woudl be painful to build manually for each device group.

new Problem: need to apply this to multiple device groups.

0 Helpful

Eric Rose
Cisco Employee
Cisco Employee
In response to todd.martin

‎01-27-2010 07:51 PM

A WAE device can get "policy / configuration" from multiple device group or even from the local device screens. Each screen / tab can be called from a different device group for a specific device.

WCCP configuration based on a Hash or Mash can be done via the remote or data center device group as you mentioned.

     also similiar to SSL configuration via the data center device group

application policy definitions can then be set via the all device groups - this way the scanner policy and enforce via that device group.

     A WAE device can be a member or muliple device for different configuration screens.

     Also this way you can make sure that all devices have the same application policy definitions.

Let me know if this helps.

Eric

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents