Creating and Viewing Enforcement Policy for Nodes
Enforcement Policies work in a similar fashion to sorting in a mail room. All Nodes flow through a Priority List of Enforcement Policies to decide how much access they are allowed and which Groups they fit into. (When creating custom Enforcement Policies, or re-arranging your Enforcement Policy list, two Enforcement Policies are required to stay where they are)
- Blocking Exceptions: A custom Enforcement Policy cannot be placed above the Blocking Exceptions, or the Exceptions will not be properly applied
- Default Policy: A custom Enforcement Policy cannot be placed below the Default Policy, as these are the bottom baselines for Enforcement
To Create An Enforcement Policy
- Go to Policy in the top panel
- Go to Policy > Enforcement Policy in the left Policy panel
- Click Tasks > Create
- Action tab click Next
- General tab create an ID and enter brief Description to identify what the Policy does (Priority stays as default. Status should be Enabled) Click Next
- Node Group tab select the Node Group that was created, move to Selected section and click Next
- Permission tab select Available Permission and move to Selected and click Next
- Redirection tab is optional to set CWP and Switch Block options. Click Next
- Agent Action tab is optional to add Agent Actions
- Click Finish
Viewing Enforcement Policy Utilization
Widgets displaying enforcement stats can be viewed by clicking Policy from the top panel and then selecting Policy > Enforcement Policy from the left Policy panel.
The two widgets displayed are:
- Sensor Operation Mode Status Statistics: Shows how many Sensors are Up and how many are in Monitoring or Enforcement Sensor Operating Mode
- Nodes Denied Status: Shows percentage of nodes denied out of all detected nodes
To See Enforcement Status on Node Management Page
The Enforcement Status of a Node can be found by on the Node Management page, which can be viewed from the top panel by clicking Management > Node
- Enforcement Policy Column: Shows which Policies are being enforced on that Node. If a Node has a Policy listed in Orange, that means that node is currently Blocked because it is not compliant with that Policy.
To Group by Enforcement Policy
Go to the Status & Filters window in the bottom left corner of the Node Management page. Select from the options under Enforcement Policy.