You configure centralized policy with a configuration wizard. The wizard is a UI policy builder that consists of four screens to configure and modify the following centralized policy components:
- Groups of interest, also called lists
- Topologies and VPN membership
- Traffic rules
- Applying policies to sites and VPNs
You configure some or all these components depending on the specific policy you are creating. To skip a component, click the Next button at the bottom of the screen. To return to a component, click the Back button at the bottom of the screen.
You apply centralized policies by activating them, as described later in the article, to push the policies to all reachable vSmart controllers.
For more information about the centralized policy components, see Configuring Centralized Control Policy. For information about application-aware routing policy components, see Configuring Application-Aware Routing.
Step 1: Start the Policy Configuration Wizard
To start the policy configuration wizard:
- In vManage NMS, select the Configure ► Policies screen.
- Select the Centralized Policy tab.
- Click Add Policy.
The policy configuration wizard opens, and the Create Groups of Interest screen displays.
Step 2: Configure Groups of Interest
In Create Groups of Interest, create lists of groups to use in centralized policy:
- In the left pane, select the type of list to use with the localized policy. It can be one of the following:
- Data Prefix
- SLA Class
- In the right pane, click the New button. The New List portion of the screen opens. For example:
- Enter a name for the list, and enter or select the components to include in the list.
For application lists, note that the Google_Apps and Microsoft_Apps lists are preconfigured, and you cannot edit or delete them.
- Click Add to create the new list.
- Repeat Steps 1 through 4 to create additional lists.
- To edit, copy, or delete an existing list, click the Edit, Copy, or Trash Bin icon in the Action column.
- Click Next to move to Configure Topology and VPN Membership in the wizard.
Step 3: Configure Topology and VPN Membership
When you first open the Configure Topology and VPN Membership screen, the Topology tab is selected by default:
To configure topology and VPN membership:
- To configure a topology policy component:
- In the Topology tab, click the Add Topology drop-down.
- Select the desired network topology:
- Enter a name and description for the topology, and select the VPN list to which the topology applies.
- Click the New button, and enter the information for the topology component.
- Enter a name for the topology component, and enter or select the components to include in it.
- Click Save.
- To configure a VPN membership policy component:
- To edit, copy, or delete an existing topology or VPN membership policy, select it and click the Edit, Copy, or Trash Bin icon in the Action column.
- Click Next to move to Configure Traffic Rules in the wizard.
Step 4: Configure Traffic Rules
When you first open the Traffic Rules screen, the Application-Aware Routing tab is selected by default:
To configure traffic rules:
- In the Application-Aware Routing tab, select the desired policy type—Application-Aware Routing, Traffic Data, or Cflowd.
- Click the Add Policy drop-down.
- To import an existing policy, select Import Existing. In the Import Existing Data Policy popup, select the name of the file containing the data policy. Then click Import.
- To create a new policy, select Create New, and in the left pane, click Sequence Type.
- For an application-aware routing policy:
- In the right pane, click Sequence Rule.
- Add the match and action rules. You can select the modifiers OR, AND, or EXACT to focus the scope of a rule. OR applies to multiple community lists and is valid for all platforms; AND and EXACT apply to only one community list at a time and are not valid for vEdge devices.
- Add additional sequences as needed. Drag and drop sequences to re-order them
- Click Save Application-Aware Routing Policy.
- For a traffic data policy:
- For cflowd policy:
- To configure the cflowd template, enter values for the active flow timeout, inactive flow timeout, flow refresh interval, and sampling interval.
- To configure a collector list, click Add New Collector. Enter the VPN ID where the collector is located, its IP address, port number, transport protocol, and source interface. Click Add.
- Click Save Cflowd Policy.
- Click Next to move to Apply Policies to Sites and VPNs in the wizard.
Step 5: Apply Policy to Sites and VPNs
In Apply Policies to Sites and VPNs, apply a policy to overlay network sites and VPNs:
- Enter a name for the policy. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (–), and underscores (_). It cannot contain spaces or any other characters.
- Enter a description of the policy. This field is mandatory, and it can contain any characters and spaces. It can contain up to 2048 characters.
- From the Topology bar, select the tab that corresponds to the type of policy block—Topology, Application-Aware Routing, Traffic Data, or Cflowd. The table then lists policies that you have created for that type of policy block.
- Associate the policy with VPNs and sites. The choice of VPNs and sites depends on the type of policy block:
- For a Topology policy block, click Add New Site List and VPN List or Add New Site. Some topology blocks might have no Add buttons. Select one or more site lists, and select one or more VPN lists. Click Add.
- For an Application-Aware Routing policy block, click Add New Site List and VPN list. Select one or more site lists, and select one or more VPN lists. Click Add.
- For a Traffic Data policy block, click Add New Site List and VPN List. Select the direction for applying the policy (From Tunnel, From Service, or All), select one or more site lists, and select one or more VPN lists. Click Add.
- For a cflowd policy block, click Add New Site List. Select one or more site lists, Click Add.
- Click Preview to view the configured policy. The policy is displayed in CLI format.
- Click Save Policy. The Configuration ► Policies screen opens, and the policies table includes the newly created policy.