Because of the flexibility in assigning security policies (see Section 4.0, User, Device, and Zone Policy Assignments), it is possible for multiple security policies of the same type to be applied to a device through different sources. For example, one Firewall policy might be assigned to a workstation device, a second Firewall policy to the device’s user, and a third Firewall policy to a device group in which the device is a member. Because of multiple assignments, the ZENworks system must determine the policy for the device. The Endpoint Security Agent can then enforce the one effective policy on the device.
Determination of the effective policy is based on ordering and merging rules. These are discussed in the following sections: