Removing Rule Settings from Multiple Layers
You can simultaneously remove a specific type of event filter, dynamic state, or alerting from multiple layers in your intrusion policy. The system removes the selected setting and copies the remaining settings for the rule to the highest editable layer in the policy.
The system removes the setting type downward through each layer where it is set until it removes all the settings or encounters a layer where a rule state is set for the rule. In the latter case, it removes the setting from that layer and stops removing the setting type.
When the system encounters the setting type in a shared layer or in the base policy, and if the highest layer in the policy is editable, the system copies the remaining settings and rule state for the rule to that editable layer. Otherwise, if the highest layer in the policy is a shared layer, the system creates a new editable layer above the shared layer and copies the remaining settings and rule state for the rule to that editable layer.
Note | Removing rule settings derived from a shared layer or the base policy causes any changes to this rule from lower layers or the base policy to be ignored. To stop ignoring changes from lower layers or the base policy, set the rule state to Inherit on the summary page for the topmost layer. |
Procedure
Step 1 | While editing your Snort 2 intrusion policy, click Rules immediately beneath Policy Information in the navigation panel. To access your Snort 2 policy, choose and then click Snort 2 against the policy you want to edit.
| ||
Step 2 | Choose the rule or rules from which you want to remove multiple settings:
| ||
Step 3 | Choose one of the following options:
| ||
Step 4 | Click OK. | ||
Step 5 | To save changes you made in this policy since the last policy commit, click Policy Information, then click Commit Changes. If you leave the policy without committing changes, changes since the last commit are discarded if you edit a different policy. |
What to do next
-
Deploy configuration changes.