As of SGOS 7.3.11.1 and later, you can now test the configured name of an appliance in policy. Depending on the name of the current appliance, the condition evaluates to either true or false. In both cases, at least some of the affected rules or layers are removed from the compiled policy to optimize policy evaluation (as long as # (config) policy optimize-tautology is enabled; it is enabled by default).
If a rule or layer guard including this condition always evaluates to true, the compiled policy omits the condition from the rule or layer. If a rule or layer guard including this condition always evaluates to false, the compiled policy omits the rule or layer. You can verify the effective policy in the installed policy files and in the > show policy executable CLI output.
If # (config) policy optimize-tautology is enabled, you receive one of two messages when installing the policy:
The CPL (Content Policy) syntax is as follows:
appliance.name[.string_modifier][.case_sensitive|.case_insensitive]=pattern[,pattern2,..]
Where:
Policy Example
Consider the following policy that installed on an appliance named SGOS_1.
In the following policy, the first rule evaluates to false and the second rule evaluates to true:
<Proxy "Requests for sites categorized as Sports or Games">
appliance.name="SGOS_3" category=(Sports, Games) deny
appliance.name="SGOS_1" category=(Sports, Games) exception(content_filter_denied)
The compiled policy removes the rule for SGOS_3 and the appliance.name= condition in the second rule:
<Proxy "Requests for sites categorized as Sports or Games"> [layer 25] [vpm-cpl:3255]
category=(Sports, Games) exception(content_filter_denied)