Manage SD-WAN Policies and Profiles
For supported software information, click here.
You use policies and profiles when configuring VOS devices. This article describes how to view, edit, and perform other actions on SD-WAN configuration objects, except for main templates.
For more information about configuration objects, see Configuration Hierarchy in Versa Concerto for SD-WAN. For a description of how to manage main templates, see Manage Main Templates in Configure Main Templates.
Edit Policies and Profiles
This section describes how to edit SD-WAN policies and profiles that are reusable. All profiles are reusable and all policies are reusable except for policies that are marked as non-reusable. For more information about non-reusable policies, see Manage Non-Reusable Policies, below.
To edit reusable policies and profiles:
- Navigate to the object table for the object type. For example, to edit a CGNAT policy, go to Configuration > SD-WAN >
Network Services > CGNAT Policies. - For the object you want to edit, check the number of versions in the Version column of the table:
- If there is only one version, click the object name in the Name column. The Edit workflow displays. Continue to Step 3.
- If the object has more than one version:
- Click the link in the Version column of the object table.
A table listing the versions of the object displays.
- Click the object name in the Name column for the version that you want to edit. The Edit workflow displays.
- Continue to Step 3.
- Click the link in the Version column of the object table.
- If there is only one version, click the object name in the Name column. The Edit workflow displays. Continue to Step 3.
- In the Edit workflow, select a workflow step in the top menu bar to modify the configuration. For example, in the screen below, select the Rules workflow step to modify the configured rules. Note that different object types might have different workflow steps.
- After modifying the configuration values, select the workflow step for Review and Submit.
- To save your changes:
- Click Next. This saves your changes.
- In the popup window, select one of the following:
- No—Skip searching for references.
- Yes—Search for higher-level objects that reference the object.
- If you select Yes, search results for references display. If any references are found, the Propagate window displays.
- Select the main templates to which to propagate the object, and then click Submit. The propagation status displays on the screen.
Manage Reusable Policies and Profiles
This section describes how to perform actions on the following types of SD-WAN configuration objects:
- Profiles
- Reusable policies
You can perform the following actions on these objects, except as noted:
- Clone
- Delete
- View references
- Propagate
- Copy to subtenant
- Compare versions
- View the audit log
- Enable and disable auto delete
Note: The propagation, auto delete, and compare versions actions do not apply to the following profile types.
- File Filtering
- URL Filtering
- IP Filtering
- DNS Filtering
- Malware Protection
- IPS Profile
- User & Device Authentication
To perform actions on configuration objects:
- Navigate to the object table corresponding to the object's type.
- Click the box to the left of the object name name. This activates the action menu bar in the upper-right portion of the screen.
The example below shows an object table with a object selected and the action menu bar activated.
- Select one of the following actions.
Action Description 
Clone Click to make a copy of the selected object. The following popup window displays.
By default, Concerto names the copy by appending "Copy_of_" to the existing object name. Optionally, you can click the name and enter a different name for copy. Click Submit to save the copy of the object.
Delete Click to delete the selected object. 
Refresh Click to refresh the table. 
PropagateManually propagate the object to one or more referencing objects. Propagation associates the selected version of an object with one or more referencing objects This overwrites any existing association between another version of the object and the referencing object.
The following popup window displays.
Select the referencing objects to which you want to propagate the object, and then click Submit.View References Click to display the higher-level objects that reference the object. Copy to Subtenant Click to copy the object to one or more subtenants. The following popup window displays.
To copy the object:
- Click the box to the left of one or more subtenant names. To select all subtenants, click the box to the left of the Name column.
- If a subtenant has an existing object with the same name and version number, the Override Existing column displays Yes and No radio buttons. In this case, click Yes to overwrite the existing object, or click No to block copying the object in the next step.
- Click Submit to copy the object to the selected tenants.
Compare Compare versions of the object. View Audit Log Display the audit log for the selected object. An audit log is a record of actions taken by users on the object.
Click the arrow in the second column to display details for an entry.
Enable/Disable Auto Delete Select to enable or disable the autodelete function for the selected object. See Auto Delete in Versa Concerto for SD-WAN.
Manage Non-Reusable Policies
Configuration objects can typically be reused, but you can configure an SD-WAN policy so that it cannot be reused. A non-reusable policy can only be referenced by one main template.
To create a non-reusable policy, you do the following:
- Add the policy through a main template workflow by selecting Add New Policy.
- In the Add Policy workflow, select the Not Reusable option from the Review and Submit screen. When you submit the policy, it is associated exclusively with the current main template.
You can view non-reusable policies only through the workflow for their associated main template.
You can perform the following actions on a non-reusable SD-WAN policy:
- Edit—Edit the policy. For non-reusable SD-WAN policies, the version number is always version 1.
- Delete—Delete the policy.
- Make Reusable—Designate the policy as reusable so that you can associate it with other main templates.
To view, edit, and perform other actions on a non-reusable policy:
- Select Configure > Secure SD-WAN > Main Templates. A table of currently configured main templates displays.
- To enter edit mode for a template:
- If the template has only one version, click the template name in the Name column of the Main Templates table. The Edit Main Template window displays. Continue to Step 3.
- If the template has multiple versions:
- Click the link in the Version field of the Main Templates table.
A table listing the versions of the template displays.
- Click the template name in the Name column. The Edit Main Template window displays. Continue to Step 3.
- Click the link in the Version field of the Main Templates table.
- If the template has only one version, click the template name in the Name column of the Main Templates table. The Edit Main Template window displays. Continue to Step 3.
- In the Edit Main Template workflow, select the step for the policy type as listed in the table below.
Policy types are located in the following workflow steps.
Workflow Step Policy Types Network Interfaces - WAN Interface
- LAN Interface
- Site-to-Site Tunnel Interface
- Loopback Interface
- Paired Virtual Tunnel
- Cross-Connect Interface
Topology and Routing Protocols - LAN
- WAN
Network Services - CGNAT
- DNS Proxy
QoS Traffic Steering & Traffic Monitoring - Traffic Steering
- Application QoS
- Stateless QoS
- Traffic Monitoring
Authentication - User and Device Authentication
Security - Access Control
- TLS Decryption
- DoS Protection
- Security Settings
Servers & Settings - ALG
- System Settings
- Syslog
- NTP
- DNS
- TACACS+
- RADIUS
- SNMP Server
- VOS User Policies
- For all policy types except User and Device Authentication, select the tab corresponding to the policy type to display the policy table. For User and Device Authentication policies, the policy table is displayed when you select the Authentication step in the workflow.
For example, to display the Access Control Policies table, select the Security workflow step, and then click the Access Control tab. The example below displays the non-reusable policy named Non_reusable_AC_policy.
Field Description Name Name of the policy. Version For non-reusable policies, this field always displays 1|Not Reusable. This indicates that this is version number 1 of the template and the template is not reusable.
Rules Number of rules in the policy. Variables Number of variables in the policy. To view a list of variable names and their assigned values, click the Eye icon.
- To edit the policy, click the policy name. The Edit Policies workflow displays.
- In the Edit Policies workflow, select a workflow step in the top menu bar to modify the configuration. For example, in the screen below, select the Rules workflow step to modify the configured rules. Note that the workflow steps might be different for different policy types.
- After modifying the configuration values, select the workflow step for Review and Submit step.
- Click Next to save your changes.
- To perform actions on a non-reusable policy, click the box to the left of the policy name. This activates the action menu bar in the upper-right portion of the screen.
The example below shows the Access Control Policies table with a policy selected and the action menu bar activated.
Select one of the following actions:
Action Description Delete Delete the policy. Make Reusable Change the policy to be reusable by other main templates. If you select this option, you cannot switch the policy back to a non-reusable state.
Supported Software Information
Releases 13.1.1 and later support all content described in this article.