Change to default wipe-out of rules in IC2 management of outbound policies


#1

I like the move to Outbound IC2 policy management .

However it has one killing user interface flaw (IMHO).

Scenario: a reasonably sized organization with quite a few balance and max units. Some are naturally grouped, with similar deployments and similar (or identical) policy rules. Some are stand-alone and singular in their policy architecture.

Objective: Deploy outbound policies for a group of routers (call them G1). Leave the rest untouched.

The seemingly obvious tactic is to (1) turn on the IC2 policy control, (2) tag all the members of G1 with a unique tag (e.g., “G1”)), (3) create the policy set for G1, using the “any of the following tags” Device Selection with “G1” being the only tag, (4) hit “save.”

Problem: The policy rules of all the other routers (the ones without the G1 tag) get wiped out, replaced by the factory default set (the persistence policy all by itself).

Request:

(1) Please tell me that I am wrong - this is not how it works (in which case I must have done something incorrectly, and will have to be educated further)

If I am correct, then:
(2) Please change the behavior so that routers not covered by at least one ruleset Device Selection choice are simply left untouched. I.e., the default ruleset is to leave the on-board ruleset alone, to modify only the routers selected by at least one ruleset Device Selection.

To have a default action be to (essentially) perform a factory reset on the policies, and even without an “undo,” is not a good UI practice.


#2

This is not the expected behavior. Please open ticket for us to take a closer look.

Thanks.


#3

The scenario has been replicated (two devices, a new organization) and a ticket submitted.
Ticket #783667.