Base Policy Inheritance what am I doing wrong here???

keithcclark71 · ‎10-04-2022

I seem to be doing something wrong with inheritance settings based off parent ACP. In the attached screenshots you can see what I am trying to do is establish mandatory Geo and URL block rules for all sub FTD policies to inherit. However it appears with the base policy that it is not assigned to my devices and It appears I cannot assign the base policy in a merged fashion to my sub FTD ACP policies rather the base policy would be primary policy if I assign it. What is weird is if I look at my sub ACP policies they do show the base policy GEO and URL block with reset rules at the top. However my problem is that I seen no hit counts for these rules nor can I see any block events when searching based off these rules which seems to be not right to me especially with the geo block I have in place which should be generating several block events??? Security intelligence, HTTP response seem to be inheriting from the base policy I created but not the rules it seems because event though I see those rules in my sub policies I am not getting hit counts from them. Anyone follow me here?

keithcclark71 · ‎10-05-2022

Hey guys any ideas here? Should I open a TAC on this one? I was thinking a lot would utilize inheritance from a base policy with a multiple site deployment and having like a global ruleset to also apply to all sites so rather than individually having to adjust rules at each site one could just adjust rules in base policy and deploy for consistency across sites.