10.6 Assigning a Policy to the Zone

You can assign security policies to the Management Zone. When determining the effective policies to be enforced on a device, the Zone policies are evaluated after all user-assigned and device-assigned policies. Consider the following situations:

  • No Firewall policies are assigned to a device or the device’s user (either directly or through a group or folder). The Zone Firewall policy becomes the effective policy for the device and is enforced on the device.

  • Firewall policies are assigned to a device and the device’s user. Both policies are evaluated and merged to determine the effective Firewall policy to apply to the device. After the effective policy is determined from the user-assigned and device-assigned policies, the Zone Firewall policy is used to supply any values that 1) are unset in the effective Firewall policy and 2) are additive (such as the multi-valued Port/Protocol Rules tables).

You can define Zone policies at three levels. This enables you to assign different Zone policies to different devices within your Management Zone.

  • Management Zone: The policies you assign at the Management Zone become the Zone policies for all devices, unless you specify different Zone policies at the device folder or device level.

  • Device Folder: The policies you define at a device folder override the Management Zone (and any parent device folders) and become the Zone policies for all devices contained within the folder structure, unless you specify different Zone policies for a subfolder or an individual device.

  • Device: The policies you define for an individual device override the Management Zone and device folder and become the Zone policies for the device.

The following steps provide instructions for assigning policies at the Management Zone.

  1. In ZENworks Control Center, click Configuration to display the Configuration page.

  2. In the Management Zone Settings panel, click Endpoint Security Management.

  3. Click Zone Policy Settings to display the Zone Policy Settings page.

  4. Click Add, browse for and select the policies you want to assign to the zone, then click OK to add them to the list.

  5. When you are finished adding policies, click OK.