Exporting and Importing a Policy in v10

book

Article ID: 160308

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

There is new functionality in v10 and Greater that allows a policy to be exported into a .xml file and then imported into a different Enforce Server.

Resolution

Exporting A Policy as a Template

  • In the Enforce UI, navigate to the Edit Policy page.
  • Note the link at the bottom that says "Export this policy as a template". Click it. This will offer up an xml file for download.
  • Save it.

Your template is served

Importing a Template as a Policy.

  • Save a template file under <VONTU_INSTALL>/Protect/config/templates on the enforce server.
  • Make sure the file is readable by the "protect" user.
  • In the Enforce UI, Navigate to Add Policy -> Add a policy from a template.
  • Scroll down to the "Imported Templates" section at the bottom. You ought to see an entry for the template you just placed in the templates directory.
  • Select it and go to the next step. 

If the policy in the template does not have any EDM/IDM/DGM conditions, you will now have a new policy.

If the policy in the template has EDM/DGM conditions, you will be asked for a Database index during import. You can choose to not provide any Database index, in which case the corresponding conditions will be dropped from the created policy

If the policy in the template has IDM conditions, you will be asked for a Document index during the import. Again, you can choose no index and drop the conditions.

If the policy being imported has both EDM/DGM AND IDM conditions, you will be issued a warning and the IDM conditions will be dropped.

Limitations:

  1. Cannot tie policy to multiple indices at import: Consider policy with two rules: one matching on EDM1 and another matching EDM2 . The template import wizard only lets you choose one index during import, so both rules in this policy would match either on EDM1 or on EDM2 or neither.  This applies for any mix for EDM, IDM and DGM rules.  If you try to import a policy containing an EDM rule AND an IDM rule, the IDM rule will be eliminated at import.\
  2. Limited support for custom protocols: If a policy contains a rule matching on a custom protocol, importing a template for that policy may not work correctly and the rule created by the import may match on the wrong protocol or no protocol at all.
  3. Export/Import must be 'apples to apples': Policies can only be imported into the same major version they were exported from.  I.E. a 12.5 exported policy cannot be imported into 14.0.  A 14.0 policy will work in 14.0.1.