I would like to have two policies:
* Live - settings proven and stable
* Testing - sandbox for testing various blocking detections and behaviours
I want to test the effects of certain policy settings, with a simple on/off toggle for the "Testing" policy instead of going into the Live policy and editing its settings.
Unfortunately, I can't enable the Testing policy. If I try to enable it, I see the warning:
Error (200)
Policy with same configuration already exists
(Live policy Reason: Networks, MAC
Addresses,Devices,Device
Categories,VLANS,Interfaces,Users,Groups,Pac
ket Direction,Decision Block, Schedules)
Both Testing and Live are bound to the same interfaces; experimentation has shown that if I untick one entry in the policy's Interfaces section then that is sufficient to allow both policies to coexist. But as soon as I try to tick the entry for the final interface, the error shown above appears.
What needs to be done to allow two policies to be active on the same interfaces? Googling and searching this forum for the exact phrase "policy with same configuration already exists" have turned up no results.
Hi,
Policies should not have identical settings. To enable both, you can differentiate them by assigning specific IP blocks in the IP section or configuring a 24/7 schedule for one. Once configured, both can be active; however, please note that the policy positioned at the top will take precedence and be applied to the traffic.
The policies don't have identical settings; that's the point of differentiating between a testing policy and a live policy.
However, as a workaround for this flaw I have created an empty, unused interface in OPNsense and attached it to the Testing policy in Sensei. That then lets me enable both policies at the same time.