How to create new policy
Policy creation overview
Compliance policies are used for validating the device configuration and its state. Compliance Policies are accessible from main menu as below:
Compliance -> Polcies
There are 4 steps in creating a policy.
Step 1: Name the policy
Step 2: Add the node group
Step 3: Create the rule
Step 4: Define the condition
In this example, we will be creating the policy to evaluate the login banner configuration.
campus01-b02-access01 and campus01-b02-access02 are the two reference devices which we are using for this example. One has banner configuration and other does not.
Below command output from the device gives us the information.
campus01-b02-access01#
campus01-b02-access02#
Steps to create the policy:
Below are the steps to create new policy.
Step 1: Name the policy
(1) New -> (2) Name: Login Banner -> (3Save
Step 2: Add Nodes
Click on the Node Group to select the relevant group of devices to add. In this case "Cisco_IOS" which applies this policy to all Cisco IOS Nodes
(1) New -> (2) Name: Cisco_IOS -> (3) Save
Step 3: Create Rule
(1) New -> (2) Name: Banner check -> (3) Rule type: Configuration -> (4) Vendor: Cisco_IOS -> (5) Save
Step 4: Define the condition
(1) New -> (2) Must contain: banner login -> (3) select Lines contain regular expression (This option overcomes if addtional spaces or characters are there) -> (4) Save
This completed the policy creation for banner config validation.
To test the results of the policy, refer to the How to test Compliance Policy
To get the reports of the policy, refer to the How to Create Compliance Reports
Related Articles
How to create Compliance Reports
Compliance reports gives us the summarized results of the policies. Accessing Compliance Reports Creating new report Steps to create new report Report name: Login Banner Report -> Report type: Policies -> Policy name: Login banner Downloading ...Cisco IOS - How to create compliance policies
This article details all steps that you need to do in order to be able to run compliance on a single router. This is a process where you first model the router, add its configuration to Network Configuration and Change Management (NCCM), create a ...How to test Compliance policy
Introduction: The very next step after creating policy is to test and validate the results. In continuation with the article of How to create policy, we shall test the results of the policy over here. We can also test specific condition with the ...CVE - How to create Compliance policies for Common Vulnerabilities and Exploits.
Below is an example about building compliance policies from the CVEs. We will be using CVE-2018-0282 for this case. Creating Policy (1) Compliance -> (2) Policies -> (3) New -> (4) Name: CVE-2018-0282 -> (4) Save Applying to all vendor Nodes Under ...F5 load balancer - How to create compliance policies
This article is a technical overview of the basics of compliance, and how you can check that a node's config contains the lines you want it to contain. What you need is a node, modeled in NetYCE (CMDB works as well) that has a configuration stored in ...