Contents

• Configuring Device Policies
• Device Configuration
• Device Policies
• Device Profiles
• Configuring Device Policies
• Configuring Core Policy
• Adding a Core File Policy for Device Profile
• Editing a Core File Policy for Device Profile
• Deleting a Core File Policy for Device Profile
• Configuring Fault Policies
• Adding a Fault Policy for Device Profile
• Editing a Fault Policy for Device Profile
• Deleting a Fault Policy for Device Profile
• Configuring Log File Policies
• Adding a Logging Policy for Device Profile
• Editing a Logging Policy for Device Profile
• Deleting a Logging Policy for Device Profile
• Configuring SNMP Policies
• Adding an SNMP Policy
• Editing an SNMP Policy
• Deleting an SNMP Policy
• Adding an SNMP Trap Receiver
• Editing an SNMP Trap Receiver
• Deleting an SNMP Trap Receiver
• Configuring Syslog Policies
• Adding a Syslog Policy for Device Profile
• Editing a Syslog Policy for Device Profile
• Deleting a Syslog Policy for Device Profile
• Adding a Syslog Server for Device Profile
• Editing a Syslog Server for Device Profile
• Deleting a Syslog Server for Device Profile
• Configuring Device Profiles
• Adding a Firewall Device Profile
• Editing a Firewall Device Profile
• Deleting a Firewall Device Profile

Configuring Device Policies

---

This chapter includes the following sections:

• Device Configuration
• Configuring Device Policies
• Configuring Device Profiles

Device Configuration

Cisco VNMC provides an option to configure device policies. You can configure policies at any org level.

• Device Policies
• Device Profiles

Device Policies

Device policies that can be assigned to a device profile are as follows:

• Core file policy
• Fault policy
• Logging policy
• SNMP policy
• Syslog policy

DNS server, NTP server and domain names can be assigned as inline policies. A time zone setting can also be assigned to the profile.

When the system boots up, the fault, logging, SNMP, and syslog policies already have existing default policies. The default policies cannot be deleted but may be modified. A device profile uses name resolution to resolve policy assignments. For details, see Name Resolution in a Multitenancy Environment

Device policies capture the device level configuration objects that can be applied to one of more VSGs. The following policies created under root only, in the Device Policies area, will be visible in the VNMC profile:

• Core file policy
• Fault policy
• Logging policy
• Syslog policy

Policies created under root are visible to both the VNMC profile and the Device profile.

Device Profiles

Device profiles specify device configuration policies that are applied on a per device basis. You create and delete device profiles on the Device Policies tab.

You create device profiles for the Cisco VSG. Policies that reside at the current level or higher are available for assignment to a profile. If an assigned policy does not exist, the default policy is automatically assigned.

Configuring Device Policies

Configuring Core Policy

Adding a Core File Policy for Device Profile

Procedure

---

Step 1	In the Navigation pane, click the Administration tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Configuration > root.
Step 4	Click the Core File node where you want to add a core file policy. Note    You can add the policy at any organizational level.
Step 5	In the Work pane, click Add Core File Policy.
Step 6	In the Add Core File Policy dialog box, complete the following fields: Name Description Name field A user-defined name for the core file policy. This name can be between 1 and 511 alphanumeric characters. You cannot use spaces or any special characters, and you cannot change this name after the object has been created. Description field A user-defined description of the core file. Admin State drop-down list This can be: enabled—Enables the core file policy. TFTP is used. disabled—Disables the core file policy. Hostname field The hostname or IP address to connect using TFTP. Note    If you use a hostname rather than an IP address, you must configure a DNS server in Cisco VNMC. Port field The port number to use when exporting the core dump file using TFTP. Protocol field The protocol used to export the core dump file. Path field The path to use when storing the core dump file on the remote system. The default path is /tftpboot. To mention a sub folder under tftpboot, use, for example, /tftpboot/test.
Step 7	Click OK.

---

Editing a Core File Policy for Device Profile

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Configuration > root.
Step 4	Click the Core File node where you want to edit a core file policy.
Step 5	In the Work pane, click the core_file_policy_name you want to edit.
Step 6	In the Work pane, General tab area, modify the following fields as appropriate: Name Description Name field A user-defined name for the core file policy. Description field A user-defined description of the core file. Admin State drop-down list This can be: enabled—Enables the core file policy. TFTP is used. disabled—Disables the core file policy. Hostname field The hostname or IP address to connect using TFTP. Note    If you use a hostname rather than an IP address, you must configure a DNS server in Cisco VNMC. Port field The port number to use when exporting the core dump file using TFTP. Protocol Displays the protocol used to export the core dump file. Path check box The path to use when storing the core dump file on the remote system. The default path is /tftpboot. To mention a sub folder under tftpboot, use, for example, /tftpboot/test.
Step 7	Click OK.

---

Deleting a Core File Policy for Device Profile

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Configuration > root.
Step 4	Click the Core File node where you want to delete a core file policy.
Step 5	In the Work pane, click on the core_file_policy_name you want to delete.
Step 6	In the Work pane, click Delete.
Step 7	In the Confirm dialog box, click Yes.

---

Configuring Fault Policies

Adding a Fault Policy for Device Profile

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Configuration > root.
Step 4	Click the Fault node where you want to add a Fault policy. Note    You can add the policy at any organizational level.
Step 5	In the Work pane, click the Add Fault Policy link.
Step 6	In the Add Fault Policy dialog box, complete the following fields: Name Description Name field A user-defined name for the fault policy. This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved. Description field A user-defined description of the fault policy. Flapping Interval spinbox Flapping occurs when a fault is raised and cleared several times in rapid succession. To prevent this, the system does not allow a fault to change its state until this amount of time has elapsed since the last state change. If the condition reoccurs during the flapping interval, the fault returns to the active state. If the condition does not reoccur during the flapping interval, the fault is cleared. What happens at that point depends on the setting in the Clear Faults Retention Action field. The number of hours, minutes, and seconds that should pass before the system allows a fault to change its state. The default flapping interval is 10 seconds. Clear Faults Retention Action drop-down list This can be: retain—Retains the cleared faults section. delete—The system immediately deletes all fault messages as soon as they are marked as cleared. Clear Faults Retention Interval radio-button This can be: forever—The system leaves all cleared fault messages regardless of how long they have been in the system. other—The system displays the dd:hh:mm:ss spinbox for selection of the number of days, hours, minutes, and seconds that should pass before the system deletes a cleared fault message. The default retention interval is 1 hour.
Step 7	Click OK.

---

Editing a Fault Policy for Device Profile

Note	When the system boots up, a default policy already exists. The default policy cannot be deleted but may be modified.

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Configuration > root.
Step 4	Click and expand the Fault node where you want to edit the Fault policy.
Step 5	In the Work pane, click the Fault Policy_name you want to edit.
Step 6	In the Work pane, click the Edit link.
Step 7	In the Edit Fault Policy dialog box, edit the appropriate fields: Name Description Name field A user-defined name for the fault policy. Description field A user-defined description of the fault policy. Flapping Interval spinbox Flapping occurs when a fault is raised and cleared several times in rapid succession. To prevent this, the system does not allow a fault to change its state until this amount of time has elapsed since the last state change. If the condition reoccurs during the flapping interval, the fault returns to the active state. If the condition does not reoccur during the flapping interval, the fault is cleared. What happens at that point depends on the setting in the Clear Faults Retention Action field. The number of hours, minutes, and seconds that should pass before the system allows a fault to change its state. The default flapping interval is 10 seconds. Clear Faults Retention Action drop-down list This can be: retain—Retains the cleared faults section. delete—The system immediately deletes all fault messages as soon as they are marked as cleared. Clear Faults Retention Interval radio-button This can be: forever—The system leaves all cleared fault messages regardless of how long they have been in the system. other—The system displays the dd:hh:mm:ss spinbox for selection of the number of days, hours, minutes, and seconds that should pass before the system deletes a cleared fault message. The default retention interval is 1 hour.
Step 8	Click OK.

---

Deleting a Fault Policy for Device Profile

Note	When the system boots up, a default policy already exists. The default policy cannot be deleted but may be modified.

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Configuration > root.
Step 4	Click and expand the Fault node where you want to delete the Fault policy.
Step 5	In the Work pane, click the Fault Policy_name you want to delete.
Step 6	In the Work pane, click the Delete link.
Step 7	In the Confirm dialog box, click OK.

---

Configuring Log File Policies

Adding a Logging Policy for Device Profile

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand the root node.
Step 4	Click the Log File node where you want to add a logging policy. Note    You can add the policy at any organizational level.
Step 5	In the Work pane, click the Add Logging Policy link.
Step 6	In the Add Logging Policy dialog box, complete the following fields: Name Description Name field A user-defined name for the logging policy. This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved. Description field A user-defined description of the logging policy. Log Level drop-down list The policy is logged upto or equal to the level based on this profile. This can be: debug0 debug1 debug2 debug3 debug4 info warn minor major crit The default log level is info. Backup Files Count field The number of backup files that are filled before they are overwritten. The range is 1-9 files. The default is 2 files. File Size (bytes) field The backup file size. The range is 1MB-100MB. The default file size is 5MB.
Step 7	Click OK.

---

Editing a Logging Policy for Device Profile

Note	When the system boots up, a default policy already exists. The default policy cannot be deleted but may be modified.

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand the root node.
Step 4	Click and expand the Log File node where you want to edit the logging policy.
Step 5	In the Work pane, click the Logging Policy_name you want to edit.
Step 6	In the Edit Logging Policy dialog box, edit the appropriate fields: Name Description Name field A user-defined name for the logging policy. Description field A user-defined description of the logging policy. Log Level drop-down list The policy is logged upto or equal to the level based on this profile. This can be: debug0 debug1 debug2 debug3 debug4 info warn minor major crit The default log level is info. Backup Files Count field The number of backup files that are filled before they are overwritten. The range is 1-9 files. The default is 2 files. File Size (bytes) field The backup file size. The range is 1MB-100MB. The default file size is 5MB.
Step 7	Click OK.

---

Deleting a Logging Policy for Device Profile

Note	When the system boots up, a default policy already exists. The default policy cannot be deleted but may be modified.

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand the root node.
Step 4	Click and expand the Log File node where you want to delete the logging policy.
Step 5	In the Work pane, click the Logging Policy_name you want to delete.
Step 6	In the Confirm dialog box, click OK.

---

Configuring SNMP Policies

Adding an SNMP Policy

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Configuration > root.
Step 4	Click the SNMP Policies node where you want to add an SNMP policy. Note    You can add the policy at any organizational level.
Step 5	In the Work pane, click the Add SNMP link. In the Add SNMP dialog box General tab area, complete the following fields: Name Description Name field A user-defined name for the SNMP policy. This name can be between 1 and 16 alphanumeric characters. You cannot use spaces or any special characters, and you cannot change this name after the object has been created. Description field A user-defined description of the SNMP policy. Admin State drop-down list The administrative state of the policy. This can be: enabled—This is the default value. disabled Location field The physical location for the device. Contact field The contact person for the device. SNMP Port field Specifies the port on which the SNMP agent is listening for requests. In the Add SNMP dialog box Communities tab area, click the Add SNMP Community link, and complete the following fields: Name Description Community field The community name the system includes when it sends the trap to the SNMP host. This must be the same community as you configured for the SNMP service. Role field The role associated with the community string is read-only—This is the default value. Additional roles may be supported by specific SNMP agents. In the Add SNMP dialog box Traps tab area, click the Add SNMP Trap link, and complete the following fields: Name Description Hostname field The IP address of the SNMP host to which the system should send the trap. Port field The port on which the SNMP Network Management System is listening for traps. The default port is 162. Community field The community name the system includes when it sends the trap to the SNMP host. This must be the same community as you configured for the SNMP service. Click OK.

---

Editing an SNMP Policy

Note	When the system boots up, a default policy already exists. The default policy cannot be deleted but may be modified.

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Configuration > root.
Step 4	Click the SNMP Policies node where you want to edit an SNMP policy.
Step 5	In the Work pane, click the SNMP Policy_name you want to edit.
Step 6	Click the Edit link. In the Edit SNMP dialog box General tab area, edit the appropriate information: Name Description Name field A user-defined name for the SNMP policy. This name can be between 1 and 16 alphanumeric characters. You cannot use spaces or any special characters, and you cannot change this name after the object has been created. Description field A user-defined description of the SNMP policy. Admin State drop-down list The administrative state of the policy. This can be: enabled—This is the default value. disabled Location field The physical location for the device. Contact field The contact person for the device. SNMP Port field Specifies the port on which the SNMP agent is listening for requests. In the Edit SNMP dialog box Communities tab area, edit the appropriate information: Name Description Community column The community name the system includes when it sends the trap to the SNMP host. This must be the same community as you configured for the SNMP service. Role column The role associated with the community string is read-only—This is the default value. Additional roles may be supported by specific SNMP agents. Note    Depending upon the object you select in the table, different options will appear in the area above the table. In the Edit SNMP dialog box Trap tab area, edit the appropriate information: Name Description Hostname field The IP address of the SNMP host to which the system should send the trap. Port field The port on which the SNMP Network Management System is listening for traps. The default port is 162. Community field The community name the system includes when it sends the trap to the SNMP host. This must be the same community as you configured for the SNMP service.
Step 7	Click OK.

---

Deleting an SNMP Policy

Note	When the system boots up, a default policy already exists. The default policy cannot be deleted but may be modified.

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Configuration > root.
Step 4	Click and expand the SNMP Policies node where you want to delete an SNMP policy.
Step 5	In the Work pane, click the SNMP Policy_name you want to delete.
Step 6	Click the Delete link.
Step 7	In the Confirm dialog box, click OK.

---

Adding an SNMP Trap Receiver

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Configuration > root.
Step 4	Click the SNMP Policies > SNMP Policy_name where you want to add an SNMP trap.
Step 5	In the Work pane, Traps tab area, click the Add SNMP Trap link.
Step 6	In the Add SNMP Trap dialog box, complete the following fields: Name Description Hostname field The IP address of the SNMP host to which the system should send the trap. Port field The port on which the SNMP Network Management System is listening for traps. The default port is 162. Community field The community name the system includes when it sends the trap to the SNMP host. This must be the same community as you configured for the SNMP service.
Step 7	Click OK.

---

Editing an SNMP Trap Receiver

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Configuration > root.
Step 4	Click the SNMP Policies > SNMP Policy_name where you want to edit the SNMP trap.
Step 5	In the Work pane, Traps tab area, click the hostname to edit.
Step 6	Click the Edit link.
Step 7	In the Edit SNMP Trap dialog box, edit the appropriate fields: Name Description Hostname field The IP address of the SNMP host to which the system should send the trap. Port field The port on which the SNMP Network Management System is listening for traps. The default port is 162. Community field The community name the system includes when it sends the trap to the SNMP host. This must be the same community as you configured for the SNMP service.
Step 8	Click OK.

---

Deleting an SNMP Trap Receiver

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Configuration > root.
Step 4	Click the SNMP Policies > SNMP Policy_name where you want to delete the SNMP trap.
Step 5	In the Work pane, Traps tab area, click the hostname to delete.
Step 6	Click the Delete link.
Step 7	In the Confirm dialog box, click OK.

---

Configuring Syslog Policies

Adding a Syslog Policy for Device Profile

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Configuration > root.
Step 4	Click the Syslog Policies node where you want to add a Syslog policy. Note    You can add the policy at any organizational level.
Step 5	In the Work pane, click the Add Syslog link. In the General tab area, complete the following fields: Name Description Name field A user-defined name for the syslog policy. Description field A user-defined description of the syslog policy. Admin State drop-down list This can be: enabled disabled Note    Syslog policy is enabled if at least one syslog server is enabled. If all syslog server children are disabled, then this policy is disabled. Port field The TCP or UDP port where syslog messages should be sent. In the Local Destinations tab area, complete the following fields in the Console area: Name Description Admin State radio button This can be: enabled disabled Note    Syslog policy is enabled if at least one syslog server is enabled. If all syslog server children are disabled, then this policy is disabled. Level radio button If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console. This can be: alerts critical emergencies In the Local Destinations tab area, complete the following fields in the Monitor area: Name Description Admin State radio button This can be: enabled disabled Note    Syslog policy is enabled if at least one syslog server is enabled. If all syslog server children are disabled, then this policy is disabled. Level drop-down list If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console. This can be: emergencies (0) alerts (1) critical (2) errors (3) warnings (4) notifications (5) information (6) debugging (7) In the Local Destinations tab area, complete the following fields in the File area: Name Description Admin State radio button This can be: enabled disabled Note    Syslog policy is enabled if at least one syslog server is enabled. If all syslog server children are disabled, then this policy is disabled. Level drop-down list If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console. This can be: emergencies (0) alerts (1) critical (2) errors (3) warnings (4) notifications (5) information (6) debugging (7) File Name field The name of the file in which the messages are logged. Size (KB) field The maximum size, in Kilobytes, the file can be before Cisco VNMC begins to write over the oldest messages with the newest ones.
Step 6	Click OK.

---

Editing a Syslog Policy for Device Profile

Note	When the system boots up, a default policy already exists. The default policy cannot be deleted but may be modified.

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Configuration > root.
Step 4	Click the Syslog Policies node where you want to edit a Syslog policy.
Step 5	In the Work pane, click the Syslog Policy_name you want to edit.
Step 6	Click the Edit link.
Step 7	In the Edit Syslog dialog box, do the following: In the General tab area, edit the appropriate fields: Name Description Name field A user-defined name for the syslog policy. Description field A user-defined description of the syslog policy. Admin State drop-down list This can be: enabled disabled Note    Syslog policy is enabled if at least one syslog server is enabled. If all syslog server children are disabled, then this policy is disabled. Port field The TCP or UDP port where syslog messages should be sent. In the Local Destinations tab area, edit the appropriate fields in the Console area: Name Description Admin State radio button This can be: enabled disabled Note    Syslog policy is enabled if at least one syslog server is enabled. If all syslog server children are disabled, then this policy is disabled. Level radio button If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console. This can be: alerts critical emergencies In the Local Destinations tab area, edit the appropriate fields in the Monitor area: Name Description Admin State radio button This can be: enabled disabled Note    Syslog policy is enabled if at least one syslog server is enabled. If all syslog server children are disabled, then this policy is disabled. Level drop-down list If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console. This can be: emergencies (0) alerts (1) critical (2) errors (3) warnings (4) notifications (5) information (6) debugging (7) In the Local Destinations tab area, appropriate the fields in the File area: Name Description Admin State radio button This can be: enabled disabled Note    Syslog policy is enabled if at least one syslog server is enabled. If all syslog server children are disabled, then this policy is disabled. Level drop-down list If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console. This can be: emergencies (0) alerts (1) critical (2) errors (3) warnings (4) notifications (5) information (6) debugging (7) File Name field The name of the file in which the messages are logged. Size (KB) field The maximum size, in Kilobytes, the file can be before Cisco VNMC begins to write over the oldest messages with the newest ones.
Step 8	Click OK.

---

Deleting a Syslog Policy for Device Profile

Note	When the system boots up, a default policy already exists. The default policy cannot be deleted but may be modified.

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Configuration > root.
Step 4	Click the Syslog Policies node where you want to delete a Syslog policy.
Step 5	In the Work pane, click the Syslog Policy_name you want to delete.
Step 6	Click the Delete link.
Step 7	In the Confirm dialog box, click OK.

---

Adding a Syslog Server for Device Profile

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Configuration > root.
Step 4	Click the Syslog Policies > Syslog Policy_name where you want to add a Syslog server.
Step 5	In the Work pane Servers tab area, click the Add Syslog Server link.
Step 6	In the Add Syslog Server dialog box, complete the following fields: Name Description Server Type column This can be: primary secondary tertiary Hostname column The hostname or IP address on which the syslog file resides. Admin State column This can be: enabled disabled Note    Syslog policy is enabled if at least one syslog server is enabled. If all syslog server children are disabled, then this policy is disabled. Severity column The severity level. This can be: emergencies (0) alerts (1) critical (2) errors (3) warnings (4) notifications (5) information (6) debugging (7) Forwarding Facility column This can be: auth authpriv cron daemon ftp kernel local0 local1 local2 local3 local4 local5 local6 lpr mail news syslog user uucp
Step 7	Click OK.

---

Editing a Syslog Server for Device Profile

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Configuration > root.
Step 4	Click the Syslog Policies node where you want to edit a Syslog server.
Step 5	In the Work pane, click the appropriate Syslog Policy_name.
Step 6	Click the Edit link.
Step 7	In the Edit Syslog dialog box Servers tab area, edit the appropriate fields: Name Description Server Type column This can be: primary secondary tertiary Hostname column The hostname or IP address on which the syslog file resides. Admin State column This can be: enabled disabled Note    Syslog policy is enabled if at least one syslog server is enabled. If all syslog server children are disabled, then this policy is disabled. Severity column The severity level. This can be: emergencies (0) alerts (1) critical (2) errors (3) warnings (4) notifications (5) information (6) debugging (7) Forwarding Facility column This can be: auth authpriv cron daemon ftp kernel local0 local1 local2 local3 local4 local5 local6 lpr mail news syslog user uucp
Step 8	Click OK.

---

Deleting a Syslog Server for Device Profile

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Configuration > root.
Step 4	Click Syslog Policies > Syslog Policy_name where you want to delete a Syslog server.
Step 5	In the Work pane, click the appropriate server you want to delete.
Step 6	Click the Delete link.
Step 7	In the Confirm dialog box, click OK.

---

Configuring Device Profiles

Adding a Firewall Device Profile

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Profile > root.
Step 4	Click a Profiles node where you want to add a firewall device profile. Note    You can add the component at any organizational level.
Step 5	In the Work pane, click the Add Firewall Device Profile link.
Step 6	In the Add Firewall Device Profile dialog box, General tab area, complete the following fields: Name Description Name field A system-defined name for this profile. Description field A user-defined description of the profile. Time Zone drop-down list A list of time zones for user selection.
Step 7	In the Add Firewall Device Profile dialog box Policy tab area, do the following: In the DNS Servers area, complete the following fields as appropriate: Name Description Add DNS Server link Opens a dialog box that allows you to specify a new DNS server. Delete link Deletes the DNS server IP address selected in the IP Address table. Up and Down arrows Changes the priority of the selected DNS Server IP address. IP Address table Contains the IP addresses for the DNS servers configured in the system. VNMC uses the DNS servers in the order they appear in the table. In the NTP Servers area, complete the following fields as appropriate: Name Description Add NTP Server link Opens a dialog box that allows you to specify a new NTP server. Delete link Deletes the NTP server hostname selected in the Hostname table. Up and Down arrows Changes the priority of the selected NTP Server hostname. Hostname table Contains the NTP server hostnames configured in the system. VNMC uses the NTP server hostnames in the order they appear in the table. In the DNS Domains area, complete the following fields as appropriate: Name Description Add Domain link Opens a dialog box that allows you to specify the DNS name and domain name. Edit link Edits the DNS domain name selected in the DNS Domains table. The default DNS name cannot be edited. Delete link Deletes the DNS domain name selected in the DNS Domains table. DNS Domains table Contains the DNS domains names and domains configured in the system. In the Log area, complete the following fields as appropriate: Name Description SNMP area The SNMP policies associated with this profile can be selected, added, or edited. Syslog area The syslog policies associated with this profile can be selected, added, or edited. Fault area The fault policy associated with this profile can be selected, added, or edited. Core File area The core file policy associated with this profile can be selected, added, or edited. Policy Agent Log File area The policy agent log file policy associated with this profile can be selected, added, or edited. Policy Engine Logging radio button This can be: enabled disabled Click OK.
Step 8	In the Add Firewall Device Profile dialog box, click OK.

---

Editing a Firewall Device Profile

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Profile > root.
Step 4	In the Work pane, click the Profiles > Profiles_name node where you want to edit a firewall device profile.
Step 5	In the Work pane, General tab area, change the following fields as appropriate: Name Description Name field A system-defined name for this profile. Description field A user-defined description of the profile. Time Zone drop-down list A list of time zones for user selection.
Step 6	In the Work pane Policy tab area, do the following: In the DNS Servers area, change the following fields as appropriate: Name Description Add DNS Server link Opens a dialog box that allows you to specify a new DNS server. Delete link Deletes the DNS server IP address selected in the IP Address table. Up and Down arrows Changes the priority of the selected DNS Server IP address. IP Address table Contains the IP addresses for the DNS servers configured in the system. VNMC uses the DNS servers in the order they appear in the table. In the NTP Servers area, change the following fields as appropriate: Name Description Add NTP Server link Opens a dialog box that allows you to specify a new NTP server. Delete link Deletes the NTP server hostname selected in the Hostname table. Up and Down arrows Changes the priority of the selected NTP Server hostname. Hostname table Contains the NTP server hostnames configured in the system. VNMC uses the NTP server hostnames in the order they appear in the table. In the DNS Domains area, change the following fields as appropriate: Name Description Add Domain link Opens a dialog box that allows you to specify the DNS name and domain name. Edit link Edits the DNS domain name selected in the DNS Domains table. The default DNS name cannot be edited. Delete link Deletes the DNS domain name selected in the DNS Domains table. DNS Domains table Contains the DNS domains names and domains configured in the system. In the Log area, change the following fields as appropriate: Name Description SNMP area The SNMP policies associated with this profile can be selected, added, or edited. Syslog area The syslog policies associated with this profile can be selected, added, or edited. Fault area The fault policy associated with this profile can be selected, added, or edited. Core File area The core file policy associated with this profile can be selected, added, or edited. Policy Agent Log File area The policy agent log file policy associated with this profile can be selected, added, or edited. Policy Engine Logging radio button This can be: enabled disabled
Step 7	Click OK.

---

Deleting a Firewall Device Profile

Procedure

---

Step 1	In the Navigation pane, click the Policy Management tab.
Step 2	In the Navigation pane, click the Device Policies subtab.
Step 3	In the Navigation pane, expand Device Profile > root.
Step 4	In the Work pane, expand the root node in the table, and click on the firewall device profile you want to delete.
Step 5	Click the Delete link.
Step 6	Click OK.

---