Policy sync groups
Centrally defined policy components
Policy sync groups allow AA group policy or AA Cflowd policy components to be centrally defined and applied to multiple ISA-AA groups and partitions. A policy sync group includes a master policy that defines a set of common policy components, and a list of member AA group or AA Cflowd policies that are synchronized with the master.
A synchronization action that you perform using a policy sync group affects only the classes named in the group, and applies to each AA group and partition that is a member of the policy sync group.
The following synchronization options are available:
After you create a policy sync group, you can use the policy sync group to do the following:
-
Distribute AA group policy or AA Cflowd group policy updates to all members using the Synchronize function.
-
Audit the member policies to identify variances from the master policy settings.
If a policy audit identifies a difference between the master policy and a member policy, the NFM-P raises an alarm. The differences are listed as the affected objects of the alarm.
See To configure a policy sync group for policy sync group configuration information. See To audit, compare, or synchronize policies using a policy sync group for information about how to use a policy sync group to compare, audit, or synchronize member policies.