- Shared Objects

- Policy Import to MC

- Policy download on Proxy policy files

- Category download for Local Database

- Standard CPL policy

- MC API

Info and resources on each option:

Using a Shared Object in Management Center such as an URL List or CPL Fragment and then associating the shared object in the VPM policy and adding the Object to Policy can be done.

With a shared object, the URL's can be added in bulk, and without needing to update the Policy the included shared object will automatically be updated.

Create Management Center URL List (URL Policy Exceptions) https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/management-center/3-3/distribute_sol/config_policy/config_shared_policy/url_list.html

Add a Shared Object to MC VPM Policy

The concept of Shared Objects can be extended to hosting the URL list on a server and the MC can download these files and update the Shared Object using jobs. Hosting the file on MC directly would provide the benefit of version control, but the file can be hosted externally as well.

A job can be scheduled to pull down a file to update policy, and then add that job in a multi-step job that then installs policy right after the file is ingested on a set schedule.

Import External Policy to Management Center https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/management-center/3-2/distribute_sol/config_policy/config_policy2/import_external_policy.html

Import Policy or Shared Objects to Management Center https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/management-center/3-2/distribute_sol/config_policy/install_import/import_policy.html

Add a Management Center Job That Includes Multiple Operations (Multistep Device)

- The CPL Local, Forward and Central files also allow you to import a file from a remote URL or local file option. The Central file can be used to automatically check for changes and import the file when it changes.

Configuring a Custom Central Policy File for Automatic Installation

https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/edge-swg/7-3/visual-policy-manager/managing-the-central-policy-file/configuring-a-custom-central-policy-file-for-automatic-installation.html

Configuring Automatic Installation

It's possible to use custom categories defined by a local database which the Proxy can be configured to receive updates from.

About the Local Database

The Large list of URLs could also be maintained in CPL which updating a bulk list of URLs would be more efficient than the VPM. This is still more of a manual option compared to the more recent policy imports, shared objects or API, but still a very simple and potential candidate here.

 

Create Management Center URL List (URL Policy Exceptions) https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/management-center/3-2/distribute_sol/config_policy/config_shared_policy/url_list.html

The Management Center API can be used to manage policy, including creating new objects, changing the policy content, and installing policy on a device. Tools and/or Scripts can be developed and configured to bulk update URLS with this method.

 

Management Center REST API