The FLUSH/NOFLUSH and PURGE/NOPURGE parameters can be configured for each policy type supported by the Policy Agent.
These parameters determine whether or not policies are deleted from the associated TCP/IP stack under certain conditions, as detailed in Table 2.
Table 1 shows where you configure these parameters for each type of local or remote policy.
Policy type | Statement where configured |
---|---|
Local Routing policies | Not configurable (always support FLUSH and NOPURGE) |
Local IDS policies | IDSConfig or TcpImage/PEPInstance |
Local IPSec policies | Not supported |
Local QoS policies | TcpImage/PEPInstance |
Local AT-TLS policies | TTLSConfig or TcpImage/PEPInstance |
Remote policies (all types except IPSec and Routing) | PolicyServer or TcpImage/PEPInstance |
Import policies | Not supported |
Table 2 shows the results of using the FLUSH and PURGE parameters.
Event | IPSec policies | Routing policies | Other policies |
---|---|---|---|
Policy Agent start (FLUSH defined) | All policies are replaced in the TCP/IP stack. | All policies are deleted and reloaded into the TCP/IP stack. | All policies are deleted and reloaded into the TCP/IP stack. |
Policy Agent start (NOFLUSH defined) | All policies are replaced in the TCP/IP stack. | All policies are deleted and reloaded into the TCP/IP stack. | All changed policies are updated in the TCP/IP stack. Deleted policies are not removed from the TCP/IP stack. |
Policy Agent termination (PURGE defined) | TCP/IP stack policies are unchanged. | TCP/IP stack policies are unchanged. | All policies are removed from the TCP/IP stack. |
Policy Agent termination (NOPURGE defined) | TCP/IP stack policies are unchanged. | TCP/IP stack policies are unchanged. | TCP/IP stack policies are unchanged. Deleted policies are not removed from the TCP/IP stack. |
Policy Agent update (FLUSH defined) | If there are any changed or deleted policies, then all policies are replaced in the TCP/IP stack. | Any changed policies are replaced in the TCP/IP stack, and then all deleted policies are removed from the TCP/IP stack. | Any changed policies are replaced in the TCP/IP stack, and then all deleted policies are removed from the TCP/IP stack. |
Policy Agent update (NOFLUSH defined) | If there are any changed or deleted policies, then all policies are replaced in the TCP/IP stack. | Any changed policies are replaced in the TCP/IP stack, and then all deleted policies are removed from the TCP/IP stack. | Any changed policies are replaced in the TCP/IP stack. Deleted policies are not removed from the TCP/IP stack. |
Policy Agent refresh (FLUSH defined) | If there are any changed or deleted policies, then all policies are replaced in the TCP/IP stack. | If there are any changed or deleted policies, then all policies are deleted and reloaded into the TCP/IP stack. | If there are any changed or deleted policies, then all policies are deleted and reloaded into the TCP/IP stack. |
Policy Agent refresh (NOFLUSH defined) | If there are any changed or deleted policies, then all policies are replaced in the TCP/IP stack. | If there are any changed or deleted policies, then all policies are deleted and reloaded into the TCP/IP stack. | Any changed policies are replaced in the TCP/IP stack. Deleted policies are not removed from the TCP/IP stack. |