Data Loss Prevention

 View Only
  • 1.  Unable to import policy template from DLP 10.5 to 12.5

    Posted Oct 13, 2014 04:47 PM

    We need to add a substantial number of policies from old 10.5 instance to 12.5. When we export policies as XML templates and put them in on the 12.5 Enforce, they do not show up on the Import Temple UI. "Native" 12.5 policies work fine.

    Anyone has an idea why it does not work, is it supposed to work between version at all, or any other issues?

    Thanks!

    Alex

     



  • 2.  RE: Unable to import policy template from DLP 10.5 to 12.5

    Trusted Advisor
    Posted Oct 15, 2014 02:16 AM

    Hello,

     

     Last time i try to import policy template from different version, i have to change header of the XML file which is version related.

    you just need to paste and copy a header from a 12.5 and put it in place of the one from a 10.5 template then update the fiel Name with correct policy name. It was working fine from 10.5 to 11.X

     Regards.



  • 3.  RE: Unable to import policy template from DLP 10.5 to 12.5

    Posted Dec 03, 2014 05:22 PM

    I have a similar issue. In this case, policies were exported from 11.6 and should be imported to 12.5. Of the nine polices copied to the templates folder, only one is shown below "Imported Templates". I can't determine what allows the one policy to be imported, and not the others.

    Can you expand on what you are doing by copying and pasting the XML header?



  • 4.  RE: Unable to import policy template from DLP 10.5 to 12.5

    Trusted Advisor
    Posted Dec 04, 2014 07:18 AM

    Hello,

     

     first lines of your DLP template from 11.6 should contains something like that :

    <Policy xmlns="http://www.vontu.com/manager/policy/template/schema" Description="temporary policy" LangVersion="1.5" Name="temp" Writer="Symantec DLP 11.6.2000.21103">

    you should replace it by

    <Policy xmlns="http://www.vontu.com/manager/policy/template/schema" Description="temporary policy" Label="" LangVersion="1.5" Name="temp" Writer="Symantec DLP 12.5.0.20035">

    this method works fine from 10 to 11, but never tested it for 11 to 12.

     It is also possible that you use some type of rule in your policies which expect in 12.5 compatible template some new attributes/parameters (due to some new capabilities available in this version wrt 11.X), which could explain that some works and some not.

     Regards.

     

     



  • 5.  RE: Unable to import policy template from DLP 10.5 to 12.5

    Posted Dec 04, 2014 09:36 AM

    Thanks for the replies. 

     

    Unfortunately, all XML manipulations failed in our case. We ended up exporting/importing policies to a separate 10.5 instance, upgrading it to 12.5 and exporting/importing policies to the new 12.5 instance. That worked by with a lot of manual labor. We also had to re-add all EDM-based rules, since they did nor carry over properly during the export/import.

    Thanks!

    Alex

     



  • 6.  RE: Unable to import policy template from DLP 10.5 to 12.5

    Posted Dec 04, 2014 01:26 PM

    Changing the value for "Writer=" did not work for me, either. 



  • 7.  RE: Unable to import policy template from DLP 10.5 to 12.5

    Trusted Advisor
    Posted Dec 05, 2014 05:51 AM

    hello,

     This means there is some new parameters used in your new version wrt to your previous version in some detection rules used in your policy. These parameters are sometimes mandatory so DLP is not able to interpret your policy template.

     Yiou have two solutions...

    - Analyze a template from previous and one from new version looking at expected parameters.

    (For example in keywordrule since 11.X, DLP expect parameter named "CheckProximityKeywords", which did not exist in 10.X...and there is many more like that as each time there is a new capabilities in rule definition it has to be also defined in XML export file.)

    - Recreate policy from scratch...which seems weird but sometimes it is faster as policy template are not able to manage EDM policies (especially when there is more than one in the template).

     

    Regards



  • 8.  RE: Unable to import policy template from DLP 10.5 to 12.5

    Posted Dec 05, 2014 08:31 AM

    I have settled for recreating each policy. Would have been a big time-saver if the imports would have worked.