Understanding Policy Evaluation

You can view the behavior of selective inspection in the Policy Evaluation section. By default, it displays the current policy in force. It consists of both system assigned (default) and administrator assigned traffic flows for the inspection. When the administrator modifies the strategy for selective inspection, the sequence of the process is updated.

To view the policy evaluation, complete the following steps:

  1. On the Selective Inspection tab, modify any of the following settings:
    1. Default T3 bucket.
    2. Roles.
    3. Netaliases.
    4. Priority.
    5. Trusted Traffic.
    6. Assigned Policy.
  2. Click Save.

    The Policy Evaluation section displays the updated selective inspection behavior.

For example, from the following image, policy evaluation sequence is understood that safe policy is enforced because client roles and network aliases are not assigned. Secondly, client roles policy is enforced because both threat vectors have explicit administrator assignment. Third, administrator assigned policy is enforced because either a client role or a network alias is assigned. Fourth, risky policy is enforced as there are IP addresses in administrator assigned network aliases. Lastly, the selected network aliases policy is enforced for the trusted traffic.

Figure 1  Example for Policy Evaluation