Config for Policy

The Unified Policies Config for Policy Screen is used to configure basic Policy parameters. When you have completed all of the parameters, click the Next button at the bottom of the screen or click on Device Selection on the left side of the screen to move to the next step.

• Name - The Policy name.
• Precedence -The Policy precedence. By default, the precedence field is pre-filled with the lowest unused precedence value. A higher number indicates higher precedence. (Range = 0 - 65535)

Click on Show Advanced Options to display and configure the options below:

• Default List - Adds the rule to the QoS Default Policy List. (Default = No).
• Enabled - Enables the policy. (Default = Yes)
• Save - Marks the policy rule so that it may be captured as part of the switch configuration. (Default = Yes. Not supported on APs and is ignored when applied to these devices.)
• Log Matches - Configures the switch to log messages about specific flows coming into the switch that match this policy rule. (Default = Yes. Not supported on APs and is ignored when applied to these devices.)
• Send Trap - Enables traps for the Policy. (Default = No. Not supported on APs and is ignored when applied to these devices.)
• Reflexive - Enables support for the Reflexive for the policy. Reflexive policies allow specific return connections that would normally be denied. (Default = Ignore. Only supported on APs.)

Note: If the Reflexive option is set to "No", the policy will be a stateless rule. In this case, the iptable rule is with "NOTRACK". If some traffic matches the NOTRACK rule, functions depending on conntrack will not work. For example, DPI depends on the first 15 packets of the same conntrack session, it might not work if the traffic matches a "NOTRACK" policy.