Skip to main content

Illumio Security Policy Guide 25.4

Scope-based and Scopeless Policies

This section explains the differences between scopeless and scope policies.

Scopeless Policies

Scopeless policies are used broadly across diverse workloads. Require caution to prevent unintended communications. For example, a Default policy may open specific ports for all workloads.

Scope-based Policies

Scope-based policies can be broad or specific and are the preferred method for writing policy rules.

Scope-based policies restrict the broad application of rules, thereby limiting the impact of mistakes. However, the restrictive scope also limits the scope of how broadly rules can be written.

Single Scope Policies

Single-scope policies are preferable for rule-writing, balancing restrictions with flexibility. Enhance precision and decrease the risk of broad impact from errors.

Advanced Scope Policies

Advanced scope policies can be grouped into multi-scope policies and single-scope policies.

  • Multi-Scope Policies

    Apply rules to multiple workload groups in stages, ensuring policy application to one scope before moving to the next.

  • Single-scope Policies

    Refine rule application to specific workloads, promoting communication within a chosen scope.