Policy types
- Quality of service (QoS) policies
- Differentiated Services (DS) policies
- Integrated Services (RSVP) policies
- Sysplex distributor (SD) policies
- Intrusion detection services (IDS) policies
- Scan policies
- Attack policies
- Traffic Regulation policies
- IP security (IPSec) policies
- IP filtering policies
- Key exchange policies
- Local dynamic VPN policies
- Application Transparent Transport Layer Security (AT-TLS) policies
- Policy-based routing (Routing) policies
- zERT policy-based enforcement (ZERT) policies
For information about how IPv6 affects the Policy Agent and which types of policies support IPv6, see z/OS Communications Server: IPv6 Network and Appl Design Guide.
These policy types are defined using different policy schemas. They use a common rule, but have separate conditions and actions. None of the different policy types can be mixed in a given policy object. All policy rules can contain time-related information that indicates when the policy rule should be considered active or inactive.
For the QoS, IDS, Routing, , AT-TLS and ZERT types, active policy rules are installed in the TCP/IP stack, so they can be applied as traffic filters, while inactive policy rules exist only in the Policy Agent. For the IPSec type, both active and inactive IP filtering policies are installed in the TCP/IP stack. However, only manual VPN tunnels that are active as a result of a time condition are installed in the stack. For the Routing policy type, active route tables are installed in the stack, while inactive route tables exist only in the Policy Agent. Configured route tables are active when they are referenced by an active Routing rule and its associated Routing action.
The Policy Agent supports all of the previously mentioned policy types, installing them into one or more TCP/IP stacks as configured. However, policies to be retrieved by policy clients are not installed in any stacks on the policy server.