Automating Policy Deployment

After modifying configuration settings in the CDO, you must deploy those changes to the affected devices.

In a multidomain deployment, you can schedule policy deployments only for your current domain.

Caution
When you deploy, resource demands may result in a small number of packets dropping without inspection. Additionally, deploying some configurations restarts the Snort process, which interrupts traffic inspection. Whether traffic drops during this interruption or passes without further inspection depends on how the target device handles traffic. See Snort Restart Traffic Behavior and Configurations that Restart the Snort Process When Deployed or Activated.

Procedure


Step 1

Select System (system gear icon) > Tools > Scheduling.

Step 2

Click Add Task.

Step 3

From Job Type, select Deploy Policies.

Step 4

Specify how you want to schedule the task, Once or Recurring:

  • For one-time tasks, use the drop-down lists to specify the start date and time.

  • For recurring tasks, see Configuring a Recurring Task for details.

Step 5

Type a name in the Job Name field.

Step 6

In the Device field, select a device where you want to deploy policies.

Step 7

Select or deselect the Skip deployment for up-to-date devices check box, as required.

By default, the Skip deployment for up-to-date devices option is enabled to improve performance during the policy deployment process.

Note
The system does not perform a scheduled policy deployment task if a policy deployment initiated from the CDO web interface is in progress. Correspondingly, the system does not permit you to initiate a policy deployment from the web interface if a scheduled policy deployment task is in-progress.
Step 8

If you want to comment on the task, type a comment in the Comment field.

The comment field displays in the Tasks Details section of the schedule calendar page; keep comments brief.

Step 9

If you want to email task status messages, type an email address (or multiple email addresses separated by commas) in the Email Status To: field. You must have a valid email relay server configured to send status messages.

Step 10

Click Save.