An Enforcer profile is a configuration that can be applied to multiple instances of the Aporeto enforcer using an enforcer profile mapping policy.
The tags of each Aporeto enforcer should match only one profile. To avoid any confusion, the enforcer will refuse to start otherwise.
Default enforcer profile
Your account comes with a default enforcer profile and enforcer profile mapping policy. It matches all enforcer instances unless a more specific one is available.
In the majority of the cases, you should not need to create your own unless you need to use advanced features like:
- Secure selected system daemons
- Protect an individual host (see Protecting individual hosts)
- Enable advanced audit rules
- Ignore some processing units
- Change very advanced networking configuration