Policy Agent general configuration file statements

Table 1 and Table 2 list the Policy Agent general configuration file statements, including the purpose of each statement.

Table 1. Policy Agent main configuration file statements
Statement Purpose See
AutoMonitorApps Specifies applications to be monitored and automatically started or restarted by Policy Agent. AutoMonitorApps statement
AutoMonitorParms Specifies global parameters that control how Policy Agent monitors and starts or restarts applications. AutoMonitorParms statement
ClientConnection Configures the Policy Agent as a policy server, listening on the specified port for remote connections. ClientConnection statement
Codepage Specifies the EBCDIC code page to be used when reading configuration files and policy definition files. Codepage statement
CommonIDSConfig Specifies the path of an IDS policy file that contains common IDS policy statements. CommonIDSConfig statement
CommonIPSecConfig Specifies the path of an IPSec policy file that contains common IPSec policy statements. CommonIPSecConfig statement
CommonRoutingConfig Specifies the path of a Routing policy file that contains common Routing policy statements. CommonRoutingConfig statement
CommonTTLSConfig Specifies the path of an AT-TLS policy file that contains common AT-TLS policy statements. CommonTTLSConfig statement
DynamicConfigPolicyLoad Specifies the configuration file names to use on the policy server for policy client policies. DynamicConfigPolicyLoad statement
LogLevel Specifies level of tracing. LogLevel statement
ServerConnection Specifies the connection information used by a policy client to connect to the policy server. This statement includes security information and the location of the policy server. ServerConnection statement
ServicesConnection Specifies the listening port, listening TCP/IP image, and security level for connections to this Policy Agent. ServicesConnection statement
TcpImage and PEPInstance Defines a TCP/IP image and its associated configurations. TcpImage and PEPInstance statement
Table 2. Policy Agent image configuration file statements
Statement Purpose File See
IDSConfig Specifies the path of an IDS policy file that contains stack-specific IDS policy statements. This statement is required to read an IDS configuration file for a given stack. Image IDSConfig statement
IPSecConfig Specifies the path of an IPSec policy file that contains stack-specific IPSec policy statements. This statement is required to define IPSec policy for a given stack. Image IPSecConfig statement
PolicyPerfMonitorForSDR Enables or disables the policy performance monitor function. QoS image PolicyPerfMonitorForSDR statement
PolicyPerformanceCollection Enables or disables the policy performance collection function. QoS image PolicyPerformanceCollection statement
PolicyServer Configures the Policy Agent as a policy client, and specifies what types of policies to retrieve from the policy server. This statement also specifies security and processing information that is passed to the policy server. Image PolicyServer statement
QOSConfig Specifies the path of a QoS policy file that contains stack-specific QoS policy statements. Image QOSConfig statement
ReadFromDirectory Initializes Policy Agent as an LDAP client. Image ReadFromDirectory statement
RoutingConfig Specifies the path of a Routing policy file that contains stack-specific Routing policy statements. This statement is required to read a Routing configuration file for a given stack. Image RoutingConfig statement
SetSubnetPrioTosMask Defines IPv4 ToS byte or IPv6 Traffic Class to device and virtual LAN (VLAN) user priority mapping. QoS image SetSubnetPrioTosMask statement
TTLSConfig Specifies the path of an AT-TLS policy file that contains stack-specific AT-TLS policy statements. This statement is required to define AT-TLS policy for a given stack. Image TTLSConfig statement

Table 3 lists the configuration file statements that define policies, and the purpose and policy type of each.

Table 3. Policy Agent configuration file policy statements
Statement Purpose Type See
IDSAction Defines IDS action. IDS IDSAction statement
IDSAttackCondition Defines IDS rule attack condition. IDS IDSAttackCondition statement
IDSExclusion Defines IDS rule exclusion IDS IDSExclusion statement
IDSReportSet Defines IDS action report set. IDS IDSReportSet statement
IDSRule Defines IDS rule. IDS IDSRule statement
IDSScanEventCondition Defines IDS rule scan event condition. IDS IDSScanEventCondition statement
IDSScanExclusion Defines IDS rule scan exclusion. IDS IDSScanExclusion statement
IDSScanGlobalCondition Defines IDS rule scan global condition. IDS IDSScanGlobalCondition statement
IDSTRCondition Defines IDS rule TR condition. IDS IDSTRCondition statement
IpAddr Defines IP address. Reusable IpAddr statement
IpAddrGroup Defines IP address group. Reusable IpAddrGroup statement
IpAddrSet Defines a single IP address or range of IP addresses. Reusable IpAddrSet statement
IPDataOffer Defines dynamic VPN data offer. IPSec IpDataOffer statement
IPDynVpnAction Defines IP filter dynamic VPN action. IPSec IpDynVpnAction statement
IpFilterGroup Defines IP filter policy group. IPSec IpFilterGroup statement
IpFilterPolicy Defines IP filter global policy information. IPSec IpFilterPolicy statement
IPFilterRule Defines IP filter policy rule. IPSec IpFilterRule statement
IpGenericFilterAction Defines IP filter generic action. IPSec IpGenericFilterAction statement
IpLocalStartAction Defines IP filter local start action. IPSec IpLocalStartAction statement
IpManVpnAction Defines IP filter manual VPN action. IPSec IpManVpnAction statement
IpOptionGroup Defines IP options group. Reusable IpOptionGroup statement
IpOptionRange Defines IP options. Reusable IpOptionRange statement
IpProtocolGroup Defines IP protocols group. Reusable IpProtocolGroup statement
IpProtocolRange Defines IP protocols. Reusable IpProtocolRange statement
IpService Defines IP filter rule service. IPSec IpService statement
IpServiceGroup Defines IP filter rule service group. IPSec IpServiceGroup statement
IpTimeCondition Defines time condition. Reusable IpTimeCondition statement
Ipv6NextHdrGroup Defines a group of IPv6 next header values Reusable Ipv6NextHdrGroup statement
Ipv6NextHdrRange Defines a range of IPv6 next header values Reusable Ipv6NextHdrRange statement
KeyExchangeAction Defines a key exchange action for a dynamic VPN. IPSec KeyExchangeAction statement
KeyExchangeGroup Defines a key exchange group. IPSec KeyExchangeGroup statement
KeyExchangeOffer Defines key exchange dynamic VPN offer. IPSec KeyExchangeOffer statement
KeyExchangePolicy Defines key exchange global policy information. IPSec KeyExchangePolicy statement
KeyExchangeRule Defines key exchange policy rule. IPSec KeyExchangeRule statement
LocalDynVpnGroup Defines local dynamic VPN policy group. IPSec LocalDynVpnGroup statement
LocalDynVpnPolicy Defines local dynamic VPN global policy information. IPSec LocalDynVpnPolicy statement
LocalDynVpnRule Defines local dynamic VPN policy rule. IPSec LocalDynVpnRule statement
LocalSecurityEndpoint Defines local security endpoint for IPSec policies. IPSec LocalSecurityEndpoint statement
PolicyAction Defines QoS policy action. QoS PolicyAction statement
PolicyRule Defines QoS policy rule. QoS PolicyRule statement
PortGroup Defines a port group. Reusable PortGroup statement
PortRange Defines a single port or range of ports. Reusable PortRange statement
RemoteIdentity Defines a single or wildcard value remote identity to use when negotiating dynamic VPN tunnels. IPSec RemoteIdentity statement
RemoteSecurityEndpoint Defines remote security endpoint for IPSec policies. IPSec RemoteSecurityEndpoint statement
RouteTable Defines Routing route table. Routing RouteTable statement
RoutingAction Defines Routing policy action. Routing RoutingAction statement
RoutingRule Defines Routing policy rule. Routing RoutingRule statement
ServiceCategories Defines V1 QoS policy action. QoS ServiceCategories statement
ServicePolicyRules Defines V1 QoS policy rule. QoS ServicePolicyRules statement
TrafficDescriptor Defines traffic descriptors. Reusable TrafficDescriptor statement
TrafficDescriptorGroup Defines traffic descriptor groups. Reusable TrafficDescriptorGroup statement
TTLSCipherParms Defines cipher specification for AT-TLS policies. AT-TLS TTLSCipherParms statement
TTLSConnectionAction Defines AT-TLS connection action. AT-TLS TTLSConnectionAction statement
TTLSConnectionAdvancedParms Defines AT-TLS advanced connection parameters. AT-TLS TTLSConnectionAdvancedParms statement
TTLSEnvironmentAction Defines AT-TLS environment action. AT-TLS TTLSEnvironmentAction statement
TTLSEnvironmentAdvancedParms Defines AT-TLS advanced environment parameters AT-TLS TTLSEnvironmentAdvancedParms statement
TTLSGroupAction Defines AT-TLS group action. AT-TLS TTLSGroupAction statement
TTLSGroupAdvancedParms Defines AT-TLS advanced group parameters. AT-TLS TTLSGroupAdvancedParms statement
TTLSGskAdvancedParms Defines AT-TLS System SSL advanced parameters. AT-TLS TTLSGskAdvancedParms statement
TTLSGskLdapParms Defines set of LDAP parameters for AT-TLS policies. AT-TLS TTLSGskLdapParms statement
TTLSKeyringParms Defines set of key ring parameters for AT-TLS policies. AT-TLS TTLSKeyringParms statement
TTLSRule Defines AT-TLS policy rule. AT-TLS TTLSRule statement
TTLSignatureParms Defines AT-TLS client elliptic curve preferences and signature algorithm pair specifications AT-TLS TTLSSignatureParms statement
Rules:
  • For statements of type QoS, policies are configured in the image or QoS image configuration file.
  • For statements of type IDS, policies are configured in the common or image IDS configuration files.
  • For statements of type IPSec, policies are configured in the common or image IPSec configuration files.
  • For statements of type Routing, policies are configured in the common or image Routing configuration file.
  • For statements of type AT-TLS, policies are configured in the common or image AT-TLS configuration files.
  • For statements of type Reusable, policies are configured in the common or image IDS, IPSec, AT-TLS, or Routing configuration files.
Parent topic: Policy Agent and policy applications