Policy sync groups

Centrally defined policy components

Policy sync groups allow AA group policy or AA Cflowd policy components to be centrally defined and applied to multiple ISA-AA groups and partitions. A policy sync group includes a master policy that defines a set of common policy components, and a list of member AA group or AA Cflowd policies that are synchronized with the master.

A synchronization action that you perform using a policy sync group affects only the classes named in the group, and applies to each AA group and partition that is a member of the policy sync group.

The following synchronization options are available:

• The master policy classes override the member policy classes.

• The master policy classes are added to each member policy.

After you create a policy sync group, you can use the policy sync group to do the following:

• Distribute AA group policy or AA Cflowd group policy updates to all members using the Synchronize function.

• Audit the member policies to identify variances from the master policy settings.

• Compare two member policies.

If a policy audit identifies a difference between the master policy and a member policy, the NFM-P raises an alarm. The differences are listed as the affected objects of the alarm.

See To configure a policy sync group for policy sync group configuration information. See To audit, compare, or synchronize policies using a policy sync group for information about how to use a policy sync group to compare, audit, or synchronize member policies.