Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Understanding Policy Evaluation
You can view the behavior of selective inspection in the Policy Evaluation section. By default, it displays the current policy in force. It consists of both system assigned (default) and administrator assigned traffic flows for the inspection. When the administrator modifies the strategy for selective inspection, the sequence of the process is updated.
To view the policy evaluation, complete the following steps:
- On the
- Default T3 bucket.
- Roles.
- Netaliases.
- Priority.
- Trusted Traffic.
- Assigned Policy.
tab, modify any of the following settings: - Click Save.
The Policy Evaluation section displays the updated selective inspection behavior.
For example, from the following image, policy evaluation sequence is understood that safe policy is enforced because client roles and network aliases are not assigned. Secondly, client roles policy is enforced because both threat vectors have explicit administrator assignment. Third, administrator assigned policy is enforced because either a client role or a network alias is assigned. Fourth, risky policy is enforced as there are IP addresses in administrator assigned network aliases. Lastly, the selected network aliases policy is enforced for the trusted traffic.
Figure 1 Example for Policy Evaluation