About shared and non-shared policies

Article:HOWTO55183  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55183
Article Type
How To


Subject


About shared and non-shared policies

Policies are either shared or non-shared. A policy is shared if you apply it to more than one group or location. If you create shared policies, you can easily edit and replace a policy in all groups and locations that use it. You can apply shared policies at the My Company group level or a lower group level and subgroups can inherit policies. You can have multiple shared policies.

If you need a specialized policy for a particular group or location, you create a policy that is unique. You assign this unique, non-shared policy to one specific group or location. You can only have one policy of each policy type per location.

For example, here are some possible scenarios:

  • A group of users in Finance needs to connect to an enterprise network by using different locations when at the office and for home. You may need to apply a different Firewall policy with its own set of rules and settings to each location for that one group.

  • You have remote users who typically use DSL and ISDN, for which they may need a VPN connection. You have other remote users who want to dial up when they connect to the enterprise network. However, the sales and marketing groups also want to use wireless connections. Each of these groups may need its own Firewall policy for the locations from which they connect to the enterprise network.

  • You want to implement a restrictive policy regarding the installation of non-certified applications on most employee workstations to protect the enterprise network from attacks. Your IT group may require access to additional applications. Therefore, the IT group may need a less restrictive security policy than typical employees. In this case, you can create a different Firewall policy for the IT group.

You typically add any policy that groups and locations share in the Policies page on the Policies tab. However, you add any policy that is not shared between groups and that applies only to a specific location in the Clients page. If you decide to add a policy in the Clients page, you can add a new policy by using any of the following methods:

  • Add a new policy.

  • Copy an existing policy to base the new policy on.

  • Import a policy that was previously exported from another site.

See Performing tasks that are common to all security policies


Legacy ID



v39060784_v59371754


Article URL http://www.symantec.com/docs/HOWTO55183


Terms of use for this information are found in Legal Notices