A Compliance Policy stipulates conditions that the devices
must adhere to. A Compliance Policy contains Compliance Rules and
can be configured to send an e-mail action in the event that a policy
fails. Compliance Rules enable the user to combine multiple compliance
definitions to build the full validation to which a device must adhere
in order to pass a compliance test. Use this procedure to edit an
existing Compliance Rule.
Before you begin
To define new Compliance Rules or edit existing Rules,
access to the User Interface wizard is required. Compliance Rules
can cover all devices in an entire network, a subset of devices or
a specific device. Users have the option of editing an existing Compliance
Rule at any time. When all changes have been saved, the user can activate
Compliance Rule as a new version. The previous version becomes inactive.
About this task
Follow these steps to edit an existing Compliance Rule.
Procedure
- Access the Policy Definitions tab, and select Rules.
- Right click on the Rule you want to edit, and select "Edit
Rule". Alternatively, select the Rule and Click the Edit Rule icon
on the toolbar.
The Edit Rule window
displays.
- Make any necessary edits to the Compliance Rule. Amendments
may be made to the graphical rule, and the action required in the
event of non compliance. Use the following descriptions as a guide
to editing the fields displayed in the Edit Rule window.
- Name
- Specifies the name of the Compliance Rule. The maximum number
of characters for the name is 255. This is a mandatory field.
- Description
- Specifies a brief narrative attached to the newly created Compliance
Rule that explains its function or use. The maximum number of characters
for the description is 4000.
- Revision
- This number is automatically assigned and initially given a value
of 1. Each time the Compliance Rule is edited, the revision number
automatically increments by 1. This is for versioning control.
- Applicable Device Filter
- This filter allows the ability to select which device VTMOS applies
to this rule. As well as drop down selection for VTMOS, a regular
expression is supported for all filters. The selected value entered
in the Model Filter will be checked against both 'Model' and 'Actual
Model' fields (as in the Device Viewer).
Note: The devices selected
in the device filter rule must appropriately reflect the type of devices
against which all compliance definitions and remedial actions in the
rule can be applied. For example, Juniper routers must not be included
if the definitions in a rule are specific to CISCO routers only. If
in this example Juniper routers were included in the compliance rule
device filter, each of the Juniper routers would fail the compliance
evaluation, since the CISCO specific compliance definition would not
be found in the Juniper device configuration. On the other hand, if
a rule with the device filter is set appropriately is used against
a device that is not supported by that rule, the device will be marked
NA (not applicable) in the test results.
- Prev
- Go to previous selection.
- Next
- Go to next selection.
- Finish
- Finish current activity.
- Cancel
- Cancel current activity without saving.
- Click Finish to complete the editing of the specified Compliance
Rule.
What to do next
The Revision Number on the modified Rule increments by
1, and the Compliance Rule can now be activated.
It is not necessarily the Compliance Rule with the highest Revision Number that is active, as the
user may return to a previous version and activate. A new revision will only be created if the rule
being edited is in an "active" or "inactive" state. No new revision will be created when the rule is
in "workspace" mode.