Creating and Viewing Enforcement Policy for Nodes ================================================= **Enforcement Policies** work in a similar fashion to sorting in a mail room. All Nodes flow through a Priority List of **Enforcement Policies** to decide how much access they are allowed and which Groups they fit into. (*When creating custom Enforcement Policies, or re-arranging your Enforcement Policy list, two Enforcement Policies are required to stay where they are*) - **Blocking Exceptions**: A custom Enforcement Policy cannot be placed above the Blocking Exceptions, or the Exceptions will not be properly applied - **Default Policy**: A custom Enforcement Policy cannot be placed below the Default Policy, as these are the bottom baselines for Enforcement To Create An Enforcement Policy ------------------------------- #. Go to **Policy** in the top panel #. Go to **Policy > Enforcement Policy** in the left Policy panel #. Click **Tasks > Create** #. **Action** tab click **Next** #. **General** tab create an **ID** and enter brief **Description** to identify what the Policy does (*Priority stays as default. Status should be Enabled*) Click **Next** #. **Node Group** tab select the **Node Group** that was created, move to **Selected** section and click **Next** #. **Permission** tab select **Available Permission** and move to **Selected** and click **Next** #. **Redirection** tab is optional to set **CWP** and **Switch Block options**. Click **Next** #. **Agent Action** tab is **optional** to add **Agent Actions** #. Click **Finish** Viewing Enforcement Policy Utilization -------------------------------------- Widgets displaying enforcement stats can be viewed by clicking **Policy** from the top panel and then selecting **Policy > Enforcement Policy** from the left Policy panel. The two widgets displayed are: - **Sensor Operation Mode Status Statistics**: Shows how many Sensors are Up and how many are in Monitoring or Enforcement Sensor Operating Mode - **Nodes Denied Status**: Shows percentage of nodes denied out of all detected nodes To See Enforcement Status on Node Management Page ------------------------------------------------- The *Enforcement Status* of a Node can be found by on the **Node Management** page, which can be viewed from the top panel by clicking **Management > Node** - **Enforcement Policy Column**: Shows which Policies are being enforced on that Node. If a Node has a Policy listed in **Orange**, that means that node is currently **Blocked** because it is not compliant with that Policy. To Group by Enforcement Policy ------------------------------ Go to the **Status & Filters** window in the bottom left corner of the **Node Management** page. Select from the options under **Enforcement Policy**.