Policies

The Policies page provides a unified space for administrators to define and manage rules from a single page and apply them to more than one network or application at the same time. The task of firewall configuration, blocking application access and wireless network availability schedules are managed as policies. You can create a maximum of 32 policies for an Instant On site. If more than once policy is created and activated, the policy with the higher priority will be applied first on the site. If there are many rules about the same element, the rule with the highest priority is applied and the remaining policies are discarded, using the smallest common factor:

  • A category for an application policy.
  • A network for a network schedule policy.

Instant On supports policy creation using the following methods:

  • Manual policy creation—Sites without a secure gateway supports only the manual policy creation. You need to manually define the required parameter to configure the policy. Manual policy creation supports network and application policy. For more information, see Manual Policy Creation.
  • AI-Assisted policy creation—Policies are created using prompts in an interactive, text based format. AI-assisted policy creation is the only available method for sites provisioned with a secure gateway. It supports site policy, client policy, network policy and application policy. For more information, see AI Assisted Policy Creation.

Policy Deployment

In HPE Networking Instant On network, policies are dynamically applied based on the site’s topology, ensuring rules, configurations and settings are optimized based on network infrastructure and operational requirement. Wherever possible, the system is designed to automatically enforce the policies on the Instant On edge devices—devices situated at the periphery of the network topology. This automated enforcement enhances efficiency and responsiveness by minimizing latency and reducing reliance on centralized Instant On devices.

The system intelligently balances policy enforcement between edge and centralized devices through techniques such as tiered enforcement, lightweight processing, and cloud-assisted solutions. This approach ensures that each site operates optimally within its unique environment while maintaining a balance between performance and resource utilization.

The HPE Networking Instant On network applies the configured rules for a site in the following order:

  1. Configured Policies—These are the custom rules defined by administrators within the Policies section. They are applied first, following the priority order specified in the policy list.

  2. Default rules—Applicable only to sites with a deployed secure gateway, a set of default rules is automatically enforced. These rules are not visible in the user interface and includes the following rules:

    • All LAN ports are granted access to the internet by default.
    • Communication between LAN networks are blocked by default.
    • All application categories are permitted on all networks by default.
  3. Network Access Controls—Within the Access Control section, administrators can configure network access restrictions for wired or wireless clients based on destination IP addresses. For detailed instructions, refer to the Networks documentation.

Overview

The Policies > Overview section displays the list of policies created for the site, in order of their highest to lowest priority. The policy details are categorized under the following fields:

Table 1: Policy Details

Field

Description

Priority

Denotes the order in which the policies are to be executed. The policy list is displayed in decreasing order of its priority, number 1 being the highest.

Policy

Denotes the set of rules created to govern the applications usage and networks schedule.

Action

Denotes the action to be performed by the policy:

  • Activate—Makes an entity type available or active.
  • Deactivate—Makes an entity type unavailable or inactive
  • Allow—Allows an entity type.
  • Block—Blocks an entity type.

Rule

Defines the action that needs to be carried out by the policy. A rule determines the action on a policy that must be performed and on which entity.

Schedule

Denotes the time and duration for which the policy needs to take effect on the entity.

State

Denotes the current state of the policy.

Type

Denotes the policy type. The available types are Network activation and Application Access.

The following table explains about the supported combination of the valid action and entity types.

Table 2: Combinations of policies actions and entity types
Action Entity Type Schedule Support Firewall Support Wireless Networks Support Devices Support Clients Support Application Categories Support

Activate

Wireless network

Yes (mandatory)

No

Yes

No

No

No

Deactivate

Wireless network

Yes (mandatory)

No

Yes

No

No

No

Allow

Application

No

Yes

Yes

No

No

Yes

Block

Application

No

Yes

Yes

No

No

Yes

Restrict

No

No

Yes

No

No

No

No

Reorder Priority

The list of policies are displayed in order of their highest to lowest priority. To change the order of the priority, follow these steps:

  1. Under Policies > Overview, click the Reorder button.
  2. Use the and icons displayed under the Schedule field, to reorder the priorities for the policies.
  3. Click Update.

Deleting a Policy

  1. Click the Policies tile on the Instant On web application home page, or click Policies from the navigation pane on the left.
  2. Under Policies > Overview, hover the cursor over the network you want to delete, click the button, and select Delete from the drop-down list.
  3. Click Delete Policy from the popup window.