Policy Layers

Concept

Big picture is a rule base. Inside the rule base are rules. Within those rules, we can have more specific rules. This is equivalent to a parent rule and child rules under it.

This allows for the division of a policy into smaller more manageable sections that serve a certain purpose

Benefits

• Better organization of the rule base

• Simplifies Policy management by allowing delegation of ownership of different layers

• Improves performance by reducing the number of rules in a layer

Policy Layers

Policy Layer types

• Ordered Layers

  • This is a flat rule base. Each layer is processed sequentially for a match.

  • If an Accpey match is found, it's processed by the next layer until a final decision is made

  • Ordered layers can contain inline layers

  
• Inline layers

  • This is a sub-policy that is independent of the rest of the rule base

  • It is attached to specific rules

  • If a rule is matched, inspection continues in attached sub-policy

  • If a rule is not matched the sub-policy is bypassed.

Practice Questions