Accepted Solutions
Hi @SamSmith3 ,
1st at Administration > System > Backup & Restore > Policy Export > click the Export Now (Encryption: Export without encryption & Destination: Download file to local computer) ... to download a PolicyConfig.xml file (you can also do this via Support Bundle when you choose Include Policy Configuration).
2nd at PolicyConfig.xml:
a. all <radiusPolicySet> have a:
<name> Policy Set Name </name>
<rank> Position in the Policy Set </rank>
<allowedProtocols> Allowed Protocol Name </allowedProtocols>
<status> ENABLED/DISABLED </status>
b. all <authorRules> have a:
<name> Rule Name </name>
<profiles> Authorization Profile Name </profiles>
<rank> Position in the Rule </rank>
<status> ENABLED/DISABLE </status>
c. all <AznResults> have a:
<Profile description="Authz Profile Description" nadProfileName="NAD Name" name="Name of the Authz Profile">
<option name="Attributes Details">DACL = DACL Name</option>
3rd. for clean up ... check (CRTL-F the PolicyConfig.xml) for:
a. a name="Name of the Authz Profile" inside the <AznResults>, if there is ONLY one match, then you are able to remove this AuthZ Profile.
b. to remove an unused dACL, you must get the name of each dACL (at Policy > Policy Elements > Results > Authorization > Downloadable ACLs) and CTRL-F the PolicyConfig.xml, if there is NO match, then you are able to remove this dACL.
Hope this helps !!!
Hi @SamSmith3 ,
1st at Administration > System > Backup & Restore > Policy Export > click the Export Now (Encryption: Export without encryption & Destination: Download file to local computer) ... to download a PolicyConfig.xml file (you can also do this via Support Bundle when you choose Include Policy Configuration).
2nd at PolicyConfig.xml:
a. all <radiusPolicySet> have a:
<name> Policy Set Name </name>
<rank> Position in the Policy Set </rank>
<allowedProtocols> Allowed Protocol Name </allowedProtocols>
<status> ENABLED/DISABLED </status>
b. all <authorRules> have a:
<name> Rule Name </name>
<profiles> Authorization Profile Name </profiles>
<rank> Position in the Rule </rank>
<status> ENABLED/DISABLE </status>
c. all <AznResults> have a:
<Profile description="Authz Profile Description" nadProfileName="NAD Name" name="Name of the Authz Profile">
<option name="Attributes Details">DACL = DACL Name</option>
3rd. for clean up ... check (CRTL-F the PolicyConfig.xml) for:
a. a name="Name of the Authz Profile" inside the <AznResults>, if there is ONLY one match, then you are able to remove this AuthZ Profile.
b. to remove an unused dACL, you must get the name of each dACL (at Policy > Policy Elements > Results > Authorization > Downloadable ACLs) and CTRL-F the PolicyConfig.xml, if there is NO match, then you are able to remove this dACL.
Hope this helps !!!
