Policy Versions
The currently active policy is the policy currently being used to filter network traffic. The currently active policy, which is displayed in the Policies List of the administration GUI and which can be determined from the command line by typing ssadm active, cannot be modified. You can make the common objects embedded in this version of the policy the current common objects, overwriting the existing set of common objects.
A regular policy (that is a policy without a version number) uses the current set of common objects and shares the common objects with other regular policies.
Each version of a policy has an associated version number. Edited policies automatically generate an historical version or snapshot of the common objects that are saved for reference. The version is shown by the incremental number after the dot in the name of the policy--the higher the number, the later the version. A version of a policy must be copied as a new policy with a new name before it can be activated.
Version numbering is implemented through the administration GUI or by using the edit subcommand of the ssadm command. A new version is created every time a configuration is saved.
A new version of a policy supersedes older versions. The older version still includes specific information and the actual content of the common object registry, not just a reference. An older policy version can become invalid because of changes to the network topology or to SunScreen host hardware or both.
The registry is the database of common objects. Each policy refers to a single registry. The versions of the policies have their own registry because the versions are histories.
You can copy a policy to a new name. You can edit a policy and save the changes to a new name to create a new policy. The rules can become the current rule for a policy; for example, the rules for policy Initial.10 can be made the rules for the current version of Initial.
Note -
The rules created in this way are used with the current set of common objects. On verifying this policy, you may have to fix any inconsistencies.
- © 2010, Oracle Corporation and/or its affiliates