Staging updates in SmartCenter

[Brentd]

Hi all

I have a customer that wishes to stage updates to the Smart Center. These updates will be added and saved to the smartcenter however they will be installed at a predetermined time (not before).

I believe this could prove problematic because when/if the Gateways are rebooted they will automatically fetch the policy.

Q. Is there a way to disable the default fetching function on the GW, specifically SPLAT, but if it can also be done on other OS's as well I would love to know about it!

Thanks
Brent

[melipla]

Quote:

Originally Posted by Brentd

Hi all

I have a customer that wishes to stage updates to the Smart Center. These updates will be added and saved to the smartcenter however they will be installed at a predetermined time (not before).

I believe this could prove problematic because when/if the Gateways are rebooted they will automatically fetch the policy.

Q. Is there a way to disable the default fetching function on the GW, specifically SPLAT, but if it can also be done on other OS's as well I would love to know about it!

Thanks
Brent

I don't think you can get the gateway to unlearn it's "master" and thus be unable to pull a policy. The only method I can think of is to either block the traffic--via firewall rule (although its probably implied) or break the network routing so its unable to fetch a policy, in which case you may block the logging functionality too.

Why not have the user not save the changes until a specific time?

[Brentd]

Thanks for the reply,

That is the way they wish their change control structure to function. They can save edits to the SmartCenter but only want these showing up on the GWs when they choose!

Hence having a GW reboot and pickup the changes would be bad for them!

Thanks
Brent

[Brentd]

I will answer my own post here for others that wish to know!

When you change and save a policy to the smart center this will not be picked up by a firewall that is performing a fetch, it seems that a fetch will only get the last compiled policy from the SC and not the changes that have been saved if those changes were never installed on the gateway.

Brent

[Thorpuse]

Brent is correct about the way that Fetch works.

The one thing to be careful about if doing this is to realise that the policy you see in the dashboard and the policy that is being enforced will be different. BUT.... in the File Menu on the SmartDashboard there is an option called Installed Policies - using this, you can View the installed policy on a gateway, and accurately troubleshoot with the installed policy.