54
5.3.3 Virtual policies
In addition to created policies, as well as those replicated from other servers (see chapter
Replication tab
), the Policy
Tree also contains a Default Parent Policy and Default Primary Clients Policy, which are referred to as virtual policies.
The default Parent Policy is located on an upper server in the Global Policy Settings and selected as
Default policy for lower servers
. If the server is not replicated, this policy is empty (will be explained later on).
The default Primary Clients Policy is located on the given server (not on upper server) in Global Policy Settings and
picked up in Default policy for primary clients. It is automatically forced to newly connected clients (primary clients) of
the given ERAS, unless they have already adopted some other policy from Policy Rules (for more information, see
chapter
Assigning policies to clients
. Virtual policies are links to other policies located on the same server.
5.3.4 Role and purpose of policies in the policy tree structure
Each policy in the Policy Tree is assigned an icon on the left. The meaning of icons are as follows:
1) Policies with blue icons refer to those present on the given server. There are three subgroups of blue icons:
Icons with white targets – Policy was created on that server. In addition, it is not down replicable, which means it is
not assigned to clients from lower servers and also it does not serve as a parent policy for the child servers. These
policies can only be applied within the server – to clients connected to the server. It can also serve as a parent policy for
another policy from the same server.
Icons with blue targets – Policy was also created on the server, however, the option
Override any child policy
is
selected (for more information, see chapter
How to create policies
).
Icons with downward arrows – these policies are replicated – the option
Down replicable policy
is enabled. You
can apply these policies on the given server and on its child servers.
2) Policies with grey icons originate from other servers.
Icons with upward arrows – These policies are replicated from child servers. They can only be viewed or deleted with
the option
Delete Policy Branch
. This option will not delete the policy itself, it will only remove the policy from the
Policy Tree. Therefore they can reappear after replication. If you do not want to display policies from lower servers, use
the option
Hide foreign servers policies not used in policy tree
.
Icons with downward arrows – These policies are replicated from upper servers. They can be used as Parent policies
for other policies, assigned to clients (
Add Clients
) or removed (
Delete Policy
). Please note that deleting will only
delete the policy – it will reappear after replication from the upper server (unless the attribute
Down replicable policy
has been disabled on the upper server).
NOTE:
To move and assign policies within the structure, you can either select the parent policy, or drag-and-drop it
with the mouse.
Existing policy rules can be imported/exported from/to an
.xml
file by clicking on the
Import.../Export...
button. Name
conflicts during the import (existing and imported policy with the same name) are solved by assigning a random string
79
55
53
