Policy Change Propagation
When you click Deploy in the Policy tab of the tCell console after updating a policy, the tCell cloud backend generates a new policy to deliver to the agent. This usually takes a few seconds.
When the generated policy is ready, it is immediately delivered to the agent, with the only delay during this process being download time and updating the agent's internal model to reflect the policy change. This usually takes under a second. (The agent uses a 60s long-poll to ensure timely delivery of the policy.)
After the agent has updated its policy, your application is immediately protected according to that new policy.
If you see behavior that suggests the policy is not updated, there are a few likely culprits:
- Browser caching. You can reload the page after clearing your cache to eliminate this possibility.
- Server-side caching. CDNs, proxies, and similar services can cache content according to their own TTL. tCell has no control over this. You can wait until all TTLs have expired, or manually clear caches to eliminate this possibility.
- Interruptions in tCell service. If the policy generation service is not operating normally, there could be a delay in policy delivery; check for known tCell cloud outages at https://status.rapid7.com/. Agent logs will log any errors communicating with the backend service.
- Bug in the agent. Agent logs (ideally at debug level -- see Server agent options for information on log level settings) should help engineering determine if there is a bug.
Did this page help you?