Why does the Policy not restore properly when the VPM-CPL content is copied over


Article ID: 167544


Updated On:


ProxySG Software - SGOS


The Visual Policy contained on the proxy is made up of 2 files; VPM-CPL, and VPM-XML.
These 2 files may be exported/copied from the Management console by going to the following location:
Management Console -> Configuration -> Policy -> Policy Files -> Visual Policy Files.
There you have the option to view and copy both the VPM-CPL and VPM-XML.
If you wish to add these copies to a proxy, then you will need to ensure you add the VPM-XML file, as just adding the VPM-CPL file will not be enough to restore the Visual Policy configuration.
Alternatively, you can import only the VPM-XML but when doing so, you need to afterwards launch the Visual Policy Manager and click Install Policy for it to convert the VPM-XML to VPM-CPL or else there will be no related policy for the proxy to evaluate when processing traffic.
Note: Regardless of which method you choose for copying over the VPM policy, if configurations referenced in the VPM do not exist on the unit where it is being installed, you will receive errors when installing policy in the Visual Policy Manager. For example: If you install a VPM policy that references a keyring called "SSL-Intercept" but there is no keyring with that name on the unit you're installing the VPM policy, the policy installation will fail with an error.
Example: "Error: Reference to an unknown keyring: 'SSL-Intercept'"
When such and error is reached, the VPM-CPL is not compiled. The configurations either need to be the same or the VPM policy cannot be installed.