Edit Alert Policy rules

Alert Policy rule settings include the Alert Sender, the Alert and Situation, Time, and Severity.

For more details about the product and how to configure features, click Help or press F1.

Steps

Select Configuration, then browse to Administration.
Browse to Alert Configurations > Alert Policies.
Right-click an Alert Policy, then select Edit <name>.
Add a rule:
- In an empty Alert Policy, right-click the rule table, then select Rule > Add Rule.
- In an Alert Policy with existing rules, right-click a rule ID, then select Rule > Add Rule Before or Rule > Add Rule After.
Specify the rule settings.
Select which Alert Chain is processed when an alert event matches this rule.
Click Save.

Alert Policy Editing view

Use this view to edit Alert rules in an Alert Policy element.

Option	Definition
Resources	Use this pane to create and add elements to a policy.
Search	Opens a search field for the selected element list.
Up (Backspace)	Returns to the previous folder.
New	Opens the associated dialog box to create an element.
Tools	Show Deleted Elements — Shows elements that have been moved to the Trash.

Option	Definition
Policy Toolbar
Save	Saves the changes.
Save and Install	Saves the changes and installs the policy on the target engine.
Undo operation	Undoes the last change made.
Redo operation	Redoes the last change that was undone.
Tools
Validate	Validates the rules in the policy. Opens the Validate Policy dialog box in which you can select which issues are checked in the rules.
Compare to Policy Snapshot	Compares the policy with a previously created snapshot of the policy.
Expand Rule Sections	If you have added Rule Sections, they are all expanded.
Collapse Rule Sections	If you have added Rule Sections, and they are expanded, they are all collapsed.
Target selector	Selects the target Domain for the Validate action.

Option	Definition
Rules table
ID	(Not editable) Automatically assigned ID number that indicates the order of the rules in the policy. The rules are matched against traffic in the order of the ID numbers. For example, the rule 14.3 is the third rule added in this policy to the insert point that is the fourteenth rule in the upper-level template. Right-clicking this type of cell opens these menu items: Properties — Opens the Rule Properties dialog box. Cut Rule — Copies the rule to the clipboard and deletes the rule from the policy. Copy Rule — Copies the rule from the policy. Paste — Pastes the rule into the policy. Delete Rule — Deletes the rule from the policy. Disable Rule — Temporarily disables the rule without deleting it. Add Rule Before — Adds the new rule before the selected rule or section. Add Rule After — Adds the new rule after the selected rule or section. Add Rule Section Before — Creates a collapsible section before the selected rule or section. Add Rule Section After — Creates a collapsible section after the selected rule or section. Move Rule Up — Moves the rule position up on the list. Move Rule Down — Moves the rule position down on the list. Show Related Logs — Filters the logs based on the identifier.
Sender	Drag and drop elements from the Resources pane to specify the Alert Sender or keep the option Set to ANY.
Alert and Situation (Optional)	Specifies the Alert and Situation that the rule matches.
Time	Allows you to specify when the rule starts being enforced, when the rule automatically expires, and when the rule is active. By default, rules start being enforced when you install the policy, never expire automatically, and are always active. Drag and drop a Rule Validity Time element to the cell.
Severity	Double-click and specify the Severity value or the range of Severity values that this rule matches. The Select Severity dialog box opens. To define a single Severity value, select Severity and one of the options. If you want the rule to match a range of Severities, select Severity Range and define the range in the From and To lists.
Chain (Optional)	Specifies which Alert Chain is processed when an alert event matches this rule.
Rule Name	Contains a rule tag and optionally a rule name. Name (Optional) — Name or description for the rule. Displayed alongside the rule tag. Tag (Not editable) — Automatically assigned unique identification for the rule. Works as a link between the log entries and the rule that has generated the log entries. The rule tag consists of two parts (for example, @20.1). The first part of the tag is permanent and belongs to only that rule. The second part changes when the rule is changed. The first part and the second part are separated by a period. Right-clicking this type of cell opens these menu items: Edit Rule Name — Opens a text area that allows you to edit the rule name. Clear Cell — Removes the cell content. Remaining list items are the same as for the ID cell.
Comment	An optional comment for your own reference.

Option	Definition
General tab
Name	Specifies the element name.
Rule Tag	Rule tag of the rule.
Comment	An optional comment for your own reference.
Rule Info tab	The rule cells and their values. Right-clicking the ID cell opens the following menu items: Preview Alert Rule — Opens the Alert rule for preview. Lock — Prevents edits until the rule is explicitly unlocked. Opens the Lock Properties dialog box.

Option	Definition
History tab
Creator	Shows the administrator who created the rule.
Created	Shows the time when the rule was created.
Modifier	Shows the administrator who modified the rule.
Modified	Shows the time when the rule was modified.
Audit History	Opens the Logs view and displays the audit log data for traffic that matches the rule.

Rule Validity Time Properties dialog box

Use this dialog box to create and modify Rule Validity Time elements.

Option	Definition
Name	The name of the element.
Time Zone	UTC — When selected, the times are specified in UTC time. Note: UTC time does not adjust for Daylight Saving Time (summer time). Secure SD-WAN Engine Local Time — When selected, the times are specified in the local time zone of the Secure SD-WAN Engine.
Enable Starting From (Optional)	The date when the rule starts being enforced. By default, the rule is enforced starting from the next policy installation.
Automatically Disable (Optional)	The date when the rule automatically expires. When a rule automatically expires, traffic can no longer match the rule. By default, the rule never expires.
Active	Specifies when the rule is active: Always — The rule is always active. Between These Times of the Day — The rule is active between the times specified in the Start Time and End Time fields. On These Days of the Week — The rule is active on the selected days of the week between the times specified in the Start Time and End Time fields. On These Days of the Month — The rule is active on the selected days of the month between the times specified in the Start Time and End Time fields. On These Dates of the Year — The rule is active on the specified dates of the year between the times specified in the Start Time and End Time fields.
Start	(When On These Dates of the Year is selected) The date on which the rule becomes active.
End	(When On These Dates of the Year is selected) The date on which the rule stops being active.
Start Time	(Either Start Time or End Time is required when Between These Times of the Day is selected. Optional for all other selections.) The time of day when the rule becomes active.
End Time	(Either Start Time or End Time is required when Between These Times of the Day is selected. Optional for all other selections.) The time of day when the rule stops being active.
Comment (Optional)	A comment for your own reference.

Select Severity dialog box

Use this dialog box to define the severity of an Alert rule in an Alert Policy element.

Option	Definition
Severity	Severity value or the range of Severity values that this rule matches. Severity — Select to define a single Severity value, then select one of the Severity options. Severity Range — Select if you want the rule to match a range of Severities, then define the range in the From and To lists.
Information	Alerts that are meant for information only. Corresponds to numeric alert value 1.
Low	The alerts that have a low severity. Corresponds to numeric alert values 2–4.
High	The alerts that have a high severity. Corresponds to numeric alert values 5–7.
Critical	Alerts that have the highest severity. Corresponds to numeric alert values 8–10.
From	The start value of a Severity Range.
to	The end value of a Severity Range.