Import and Export Orchestrated Policies

Starting in software version 5.11.00, you can import and export an orchestrated policy in YAML format. This allows you to bulk deploy the policies.

The following are the advantages of importing and exporting policies:

  • Retrieve a policy that was deleted unintentionally.
  • Deploy the policy in another device.
  • Re-deploy a policy in the device after GigaVUE-FM is upgraded to a new version (in case of issues in the existing solution).

The YAML file contains the following information:

  • Policy
  • Sources
  • Rules
  • Packet Transformation
  • Destination

The below is the Import and Export Policy sample template of a YAML file. You can use the following sample template as a reference while building a policy in YAML format.

name: <PolicyExample>
priority: false
deployed: false
source:
- <IP address of the device>:<Port Number>
- <Network Name>
rules:
- ruleName: <Rule Name>
tags: chicago
type: pass
highPriorityDrop: false
noExpansionTags:
criteria:
- criteria1:
filters:
- type: ipSrc
addresses:
- <IP address of the device>
- <IP address of the device>
- type: portSrc
addresses: 5
- type: ipVer
addresses: 4
- criteriaWithBinding
packetTransformation:
- type: dedup
parameters:
action: drop
timer: 50000
ipTclass: include
vlan: ignore
tcpSeq: include
ipTos: include
- Slicing-gsApp
tools:
- Tool1
 
# it is practical to have all the tool bindings separate from the policy body in order to leave the policy body as an abstract policy template
toolBindings:
- toolName: Tool1
# in the future we may have also metadata receivers
receiverType: packets
groupingType: replicate
outputs:
- type: port
ports:
- Generic2:22/3/x1
# possibly more tool bindings...
sourceBindings:
- sourceName: ChicagoServers
tags:
inputs:
# in the future we will have various types including types that reflect tunnelling arrangements
- type: port
clusterName: <ClusterName>
ports:
- cluster1:22/2/x12
- cluster2:22/2/x11
criteriaBindings:
- criteriaName: CriteriaWithBinding
filters:
- type: ipDest
addresses:
- <IP address of the device>
- <IP address of the device>
- type: port
addresses:
- 5

Rules and Notes

Refer to the following rules and notes:

  • You can export policies that either deployed or undeployed. However, when you import a policy, it will be in undeployed status. You must manually deploy the imported policy.
  • You cannot import or export the egress port filters in a policy. You must manually apply them.
  • When you export a policy that has GigaStream , port groups and other such groups, you must ensure that those groupings exist when you import the same policy. This also applies to tools that were created through the tool wizard.
  • Port types involved in a policy that is exported must not be changed when trying to import the same policy.
  • If templates were used to create a policy that was exported, then those templates must remain when importing a policy.
  • You can import and export several policies in one operation.

Import and Export Orchestrated Configuration

To export a policy:

  1. In the Policies page, select the policy that must be exported.
  2. Select Actions and click Export Policy. The policy is downloaded as an YAML file.
  3. Save the file to the required location.

To import a policy:

  • In the Policies page, select Actions and click Import Policy.
  • Browse to the folder that has the required policy file in YAML format.
  • Select the file and click Open. The Import button gets activated.
  • Click Import and refresh the page.