Managing versions of a policy or a rule set

Several versions of policies or rule sets can coexist and you can choose which version to use at any time.

By managing several versions of a policy or rule set at the same time, you can set up pre-production and production policies and test how rule updates impact your pool. For example, your production policy can use a stable, i.e., tested and validated, version of rule sets while your pre-production policy uses a trial version that is more recent.

This feature also makes it possible to undo changes by redeploying an older version that worked correctly. E.g.: if you encounter a deployment issue in the environment, or if the deployment of a policy or rule set in your pool did not produce the expected results.

You can give your policies and rule sets accurate descriptions so that you can identify the various versions more easily.

When you export a policy or rule set, you export it in the version selected in the right side of the panel. For more information on importing and exporting policies and rule sets, refer to Importing and exporting policies and rule sets.

In the general panel of a policy, version numbers are shown in the path of the policy at the top of the page, and in the right column. The last version deployed in your environment appears in blue. The version you are currently working on appears in green, or yellow if it is being edited.

After a policy is deployed in your environment, the version number automatically increments whenever you modify it again, which means that you are working on a new version. The version of a deployed policy is always the latest version that was modified and saved.

For the latest version of the policy, successive changes are considered revisions of the same version of the policy. Click on a revision to go back to it at any time.

The icon indicates the revision you are currently working on.

Only the latest version of a policy can be modified. Earlier versions must be restored before they can be modified.

Restoring a version of the policy:

  1. Click on the desired version of the policy. The background will turn green.
  2. Click on to restore this version. A new version will automatically be created with the content from this restored version, which therefore becomes the most recent. If the policy contains several revisions, you can restore a particular revision.
  3. Make your changes and save them. If you deploy the policy in the environment, this is the version that will be deployed.

For more information on deploying a policy in your environment, refer to Deploying the SES Evolution environment.

In the general panel of a rule set, version numbers are shown in the path of the rule set at the top of the page, and in the right column. The last version deployed in your environment appears in blue. The version you are currently working on appears in green, or yellow if it is in edit mode.

After a policy is deployed in your environment, the version number automatically increments whenever you modify it again, which means that you are working on a new version.

For the latest version of the rule set, successive changes are considered revisions of the same version of the policy. Click on a revision to go back to it at any time.

The icon indicates the version you are currently working on.

Only the latest version of a rule set can be modified. Earlier versions must be restored before they can be modified.

Restoring a version of a rule set:

  1. Click on the desired version of the rule set. The background will turn green.
  2. Click on to restore this version. A new version will automatically be created with the content from this restored version, which therefore becomes the most recent. If the set contains several revisions, you can restore a particular revision.
  3. Make your changes and save them.

Manually creating a new version of a rule set:

  • Click on Create new version at the top on the right.

The General tab of a rule set shows the policies in which the rule set is used and the version number of the rule set for each policy.

Selecting the version of a rule set to use in a policy:

  1. Go to the main panel of the policy:
  2. Click on Edit in the upper banner.
  3. Select the version for each rule set from the drop-down list.

Multiple policies can therefore use various versions of the same rule set.

However, we recommend that you use a stable version of a rule set in your production environment.

If you have selected Always use latest version for a rule set, after a policy is deployed, the version number of the deployed rule set appears in the drop-down list. When you click on Edit, the Always use latest version parameter remains selected.

Updating policies with the latest version of a rule set:

Perform this operation only after the rule set has been tested and validated.

  • In the General tab of a rule set, click on Update policies of the same version button to update all policies that use the same version of a rule set or Update all button to update all policies with the latest version of the rule set.

Versions of policies and rule sets can be deleted, including those provided by Stormshield. However, a version currently being deployed, identified by the Icon deployed policy icon, cannot be deleted.

  1. Go to the main panel of a policy or rule set.
  2. Click on the Delete icon icon of the version that you wish to delete and confirm.
    When a version of the policy is deleted, all versions of private rule sets used in this version will also be deleted. No versions of shared rule sets will be deleted.

The indicator may appear in a policy's general panel:

  • next to the version of a rule set , when the selected version is not the most recent,

  • next to the icon for rules regarding threats , when at least one enabled advanced protection mode in the set is not using its latest version.

If you only wish to update the rule set in question:

  1. Click on Edit in the upper banner.

  2. Click on on the row of the rule set to update advanced protection or the rule set, as the case may be.