• Capture Client
• Overview
  • Description
  • Navigation
  • Guide Conventions
• Scopes and Policies
  • Introducing Scope of Operations
  • Using Scope Selector
  • Policy Management
    • Inheritance
    • Policy Types
      • Client Policies
      • Threat Protection Policies
      • Trusted Certificate Policies
      • Web Content Filtering Policies
      • Managing Blacklist
      • Exclusions
        • Hashes
        • Paths
        • Signer Identity
        • File Types
        • Browsers
    • Replicating Policies
    • Group Ranking Policy
    • Creating Custom Policies for Device Groups
    • Device Control
• Protection
  • Tenant Token
  • Installation for the New Clients
  • Migrating Clients Across Regions
  • Protecting Devices
  • Reviewing Registered Devices
    • List View
    • Unmanaged List View
    • Map
  • Active Users
  • Performing System Scan
• Groups
  • Creating a Static User Group
  • Creating Static Device Groups
  • Creating Dynamic Device Groups
  • Creating Custom Rules for Dynamic Groups
• SonicWall Support
  • About This Document

Inheritance

With this new hierarchy of scope, Capture Client 3.7 also introduces a concept of policy inheritance. Inheritance refers to the ability to configure a policy at a child scope to be automatically inherited from the policy of a parent scope. For example: If an MSSP has a baseline policy for Threat Protection, they can configure it at the Account level and enable inheritance for every new tenant they provision. If inheritance is enabled, any changes to the policy at the parent level are automatically propagated to child scopes.

Inheritance propagates from Accounts to Tenants and from Tenants to Groups. And if inheritance is enabled at the Tenant and Group level, the account policy is effectively applied to the Group level.

Policy Inheritance is applicable at an individual policy type and there are different rules for how inheritance works:

Policy Type	Inheritance Rules
Capture Client, Threat Protection, Trusted Certificates and Web Content Filtering	Inheritance can either be Enabled or Disabled. With inheritance enabled in a particular scope, the policy for that scope cannot be modified.
Blacklists & Exclusions	Inheritance is always enabled and cannot be disabled. But you also can create scope-specific configurations.
Device Control	Inheritance can either be Enabled or Disabled. In either case, you can also add scope-specific rules. And the priority of rules will always be in the reverse order of inheritance – the inherited rules from the highest scope is at the bottom of the list.

You can create several kinds of policies that can be effectively leveraged through inheritance. These include: Client, Threat Protection, Trusted Certificates, Web Content Filtering, Blacklist, Exclusions, and Device Control. You can choose to either inherit policies or create custom policies for each tenant.

Blacklists and Exclusions are forced on tenants: You cannot disable inheritance of Blacklist and Exclusions items on to the tenants, instead you can add blacklist and exclusion items for tenants as required.

The following is an example of creating a policy for Capture Client version management and enabling inheritance across selected tenants.

To create a Capture Client base policy and enable inheritance tenants

1. Log into the Client Management Console and select the master account in the Scope Selector at the top of the page.
2. Navigate to Policies > Capture Client.
3. Configure the required Capture Client version management settings.
4. Click Update to save the base Capture Client policy.
5. From the Scope Selector at the top of the page, select any tenant that you want to inherit the parameters of this core Capture Client policy.

6. Navigate to Policies > Client and select the Inheritance option to green.

   

7. Provide confirmation.

Repeat steps 4 through 6 for other tenants if you wish to copy this Capture Client policy to other tenants too. If inheritance is enabled, any changes to the policy at the parent level are automatically propagated to child scopes.