Event: Configuration package too large
The event message "Configuration package too large" appears after applying a change to a policy. This is usually due to having too many intrusion prevention rules manually assigned to a policy.
To resolve this issue, you need to unassign the manually assigned intrusion prevention rules and run a recommendation scan on the computer and then apply the recommended rules only.
- In the Deep Security Manager, on the Computers tab, locate the computer with the error message.
- Double-click the computer to open the Computer editor.
- On the general tab, next to Policy, click Edit to edit the policy.
- On the left, click Intrusion Prevention.
- In the Assigned Intrusion Prevention Rules area, click Assign / Unassign.
- Set the filter for IPS Rules: All, Assigned, and No Grouping.
- For each page, right-click Select All (refer to the image below) and select Unassign Rule(s).
Create a new policy for the computer based on a recommendation scan
- Back in the Computer editor, on the left click Intrusion Prevention and on the General tab select Clear Recommendations.
- Select Scan For Recommendations.
- When the scan is completed, go to the Policies page.
- Click New to display the New Policy wizard.
- Follow the steps in the wizard. When prompted, select Base this Policy on an existing Computer's current configuration.
- On the Select which Computer properties to base the new Policy on: select the following:
- Recommended Application Types and Intrusion Prevention Rules
- Recommended Integrity Monitoring Rules
- Recommended Log Inspection Rule
The policy will consist of recommended rules only, regardless of what other rules are currently assigned to that computer.
- After reviewing the policy and updating as appropriate, apply the new policy to the computer. (Go to the Computer editor page and select the new policy from the Policy.)