Policy order execution - the order in which policy is executed

book

Article ID: 166769

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Policy order execution - the order in which policy is executed
You want to know about the order in which policy files are applied

Resolution

For a new ProxySG, the default and recommended order is:
VPM File - Local Policy File - Central Policy File - Forward File

For an upgraded ProxySG, the policy evaluation order is the order already existing on the appliance before the upgrade.

The order in which policy files are applied (except for the Forward policy file) can be modified in the:

  • Management Console
    Go to Configuration > Policy > Policy Options.
  • CLI (config) prompt
    policy order {CLV | CVL | LCV | LVC | VCL | VLC}
    where C (central), L (local), and V (VPM) specify order of evaluation.

You can view the current settings in the CLI using the "show policy order" command.

Be aware that changes to policy file order may result in different final decisions because decisions from files later in the order can override decisions from earlier files.