Creating policies
You can create policies either by adding a new one or duplicating (cloning) an existing policy.
To create a security policy:
Log in to GravityZone Control Center.
Go to the Policies page from the left side menu.
Choose the policy creation method:
Add a new policy.
Click the
Add button at the upper side of the table.This command creates a new policy starting from the default policy template.
Clone an existing policy.
Select the check box of the policy you want to duplicate.
Click the
Clone button at the upper side of the table.For details about cloning policies with configuration profiles, refer to this section.
Configure the policy settings. For detailed information, refer to Configuring computer and virtual machine policies.
Click Save to create the policy and return to the policies list.
You cannot save a policy that contains invalid data. When trying to do so, a specific message appears in lower right-corner of the screen indicating which section has issues. At the moment, the message covers only the Sandbox Analyzer > Endpoint Sensor and Integrity Monitoring > Real Time sections.
Watch a full video tutorial on the topic here:
Cloning policies with configuration profiles
When you clone a policy, you create a new one with the same settings as the original, including configuration profiles. These profiles consist of exclusions, maintenance windows, and Web Access Control schedules.
The outcome of cloning a policy with configuration profiles depends on the specific context, as detailed below.
To monitor all exclusions, exclusion lists, maintenance windows, and Web Access Control schedules, go to the Policies > Configuration profiles section.
To monitor the assignment of the configuration profiles in the policy:
For exclusions, go to Antimalware > Settings.
For maintenance windows, go to Patch Management.
For Web Access Control schedules, go to Network Protection > Content Control.
Cloning a policy within your company
When you clone a policy within your company, the same configuration profiles are shared between both policies.
Cloning a policy assigned by your partner
When you clone a policy with configuration profiles that was assigned by your partner:
New configuration profiles are created within your company, duplicating the ones from the partner’s policy. These profiles include exclusions, exclusion lists, maintenance windows, and Web Access schedules.
The new policy uses these newly created configuration profiles.
The user who clones the policy becomes the owner of the new configuration profiles.
The newly created configuration profiles will have names appended with the suffix (Clone of) followed by a number. For example, if an exclusion list is duplicated for the first policy clone, it will be named Exclusion_list (Clone of) (1). The next time the policy is cloned, the duplicate list will be named Exclusion_list (Clone of) (2).
This naming pattern also applies to maintenance windows and Web Access Control schedules. After their initial creation, exclusions are shared between the exclusion lists.
Cloning a policy with inheritance rules within your company
If you clone a policy within your company where settings are inherited from other policies:
The new policy retains the inheritance rules of the original.
The same configuration profiles are shared between both companies, without creating new profiles.
Cloning a policy with inheritance rules assigned by your partner
When cloning a policy with inheritance rules that was assigned by your partner:
The new policy no longer retains active inheritance rules.
New configuration profiles are created within your company, duplicating those from the partner’s policy. These profiles include exclusion lists, maintenance windows, and Web Access schedules.
The user who clones the policy becomes the owner of the new configuration profiles.
The duplicated configuration profiles will have names appended with (Clone of) followed by a number. For example, the first cloned exclusion list will be named Exclusion_list (Clone of) (1). Subsequent clones will have names like Exclusion_list (Clone of) (2).
This naming pattern also applies to maintenance windows and Web Access Control schedules. After their initial creation, exclusions are shared between the exclusion lists.
Note
If you clone a policy that has already been cloned, the configuration profiles will include both the original and new suffixes. For example, an exclusion list created from a clone might be named Exclusion_list (Clone of) (1) (Clone of) (1).
If you set a policy received from your partner as the default policy, and it contains configuration profiles, each time you add a new policy, a new clone of the profiles is created. These profiles will be named Exclusion_list (Clone of) (1), Exclusion_list (Clone of) (2), and so on, depending on how many times the policy is cloned.