About shared and non-shared policies
|Article:HOWTO55183|||||Created: 2011-06-29|||||Updated: 2011-12-16|||||Article URL http://www.symantec.com/docs/HOWTO55183|
Policies are either shared or non-shared. A policy is shared if you apply it to more than one group or location. If you create shared policies, you can easily edit and replace a policy in all groups and locations that use it. You can apply shared policies at the My Company group level or a lower group level and subgroups can inherit policies. You can have multiple shared policies.
If you need a specialized policy for a particular group or location, you create a policy that is unique. You assign this unique, non-shared policy to one specific group or location. You can only have one policy of each policy type per location.
For example, here are some possible scenarios:
A group of users in Finance needs to connect to an enterprise network by using different locations when at the office and for home. You may need to apply a different Firewall policy with its own set of rules and settings to each location for that one group.
You have remote users who typically use DSL and ISDN, for which they may need a VPN connection. You have other remote users who want to dial up when they connect to the enterprise network. However, the sales and marketing groups also want to use wireless connections. Each of these groups may need its own Firewall policy for the locations from which they connect to the enterprise network.
You want to implement a restrictive policy regarding the installation of non-certified applications on most employee workstations to protect the enterprise network from attacks. Your IT group may require access to additional applications. Therefore, the IT group may need a less restrictive security policy than typical employees. In this case, you can create a different Firewall policy for the IT group.
You typically add any policy that groups and locations share in the Policies page on the Policies tab. However, you add any policy that is not shared between groups and that applies only to a specific location in the Clients page. If you decide to add a policy in the Clients page, you can add a new policy by using any of the following methods:
Article URL http://www.symantec.com/docs/HOWTO55183