Applies To:

Show Versions Show Versions

Manual Chapter: Managing Change Verifications
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

About change verifications

Use change verifications to ensure that the changes you have made to a firewall security policy in BIG-IQ® Network Security are compatible with the specified BIG-IP® devices before attempting to deploy those changes.

In some environments, the person who edits the firewall policy is not the same person as the one who deploys that policy. The person who edits the firewall policy can use the change verifications feature to make sure their changes to the firewall are compatible with the BIG-IP devices before someone else deploys those policy changes.

Firewall policy changes can be verified against either the working configuration or a configuration snapshot. In either case, the entire configuration is verified, not just the latest changes to that configuration. If the working configuration is used, make sure that while the verification is processing, other users are not changing the working configuration by changing address lists, rule lists and so on.

You create, view, and delete change verifications in the Policy Editor by selecting Change Verifications from the navigation list on the left. This displays the list of change verifications, including these details:

  • The name of the change verification.
  • The status of the change verification.
  • When the change verification was created.
  • What BIG-IQ system user created the change verification.
  • What non-critical and critical errors were encountered during the change verification. If the number of errors is not zero, the number of errors are links that you can click for more detailed error information.

To view the properties of a change verification, click the change verification name.

To create a new change verification, click Create.

To delete one more change verifications, select the check box to the left of one or more change verifications and click Delete.

To filter which change verifications are displayed, use the Policy Editor filter fields.

Adding change verifications

You add change verifications in the BIG-IQ® Network Security Policy Editor to ensure that the changes you have made to a firewall security policy are compatible with the specified BIG-IP® devices before attempting to deploy those changes.
  1. Log in to BIG-IQ Network Security with an account with the appropriate role assigned to it.
    Valid roles for adding change verifications are: Administrator, Security_Manager, Network_Security_Deploy, Network_Security_Edit, Network_Security_Manager, and Network_Security_View.
  2. From the main BIG-IQ list, select Security, then click Network Security > Policy Editor .
  3. From the Policy Editor navigation list, select Change Verifications to display the Change Verifications screen.
  4. Click Create.
    The Change Verifications - New Item screen opens.
  5. In the Name field type a name for the change verification.
  6. In the Description field type a description of the change verification.
  7. Specify a source for the change verification.
    • Select Working Config to use the current working configuration as the source. Be sure that the working configuration does not change while the change verification process is occurring. There could be unexpected results in the verification if other users are editing and changing any part of the current configuration, including address lists, rule lists and so on.
    • Select Snapshot to use a specified snapshot as the source. Click Select Snapshot to display the list of available snapshots, click the name of the snapshot to use, and then click Select. The selected snapshot is displayed.
  8. From Available Devices, select one or more devices to verify the source against.
    • Choose devices by selecting the check box to the left of each device to use for verification.
    • Choose a group of devices by selecting the check box to the left of View by groups to display devices organized by group, and then selecting the check box to the left of the group name to choose all devices in that group for verification.
  9. Click Verify.
    The selected source is verified against each selected device and the change verification is shown in a list with the results. If there are errors in the verification, the number of errors are shown as links that can be clicked for more detail.

Viewing change verification properties

You view change verifications in the BIG-IQ® Network Security Policy Editor to ensure that the changes you have made to a firewall security policy are compatible with the specified BIG-IP® devices before attempting to deploy those changes.
  1. Log in to BIG-IQ Network Security with an account with the appropriate role assigned to it.
    Valid roles for viewing change verifications are: Administrator, Security_Manager, Network_Security_Deploy, Network_Security_Edit, Network_Security_Manager, and Network_Security_View.
  2. From the main BIG-IQ list, select Security, then click Network Security > Policy Editor .
  3. From the Policy Editor navigation list, select Change Verifications to display the list of change verifications on the Change Verifications screen.
  4. Click the name of a change verification to view the properties, the device used, and the number of errors.
  5. Click Cancel to exit the Change Verifications properties screen.
    If there are errors in the change verification, the number of errors are shown as links that you can click for more detail on the error.

Change verification properties

This table lists the properties of a change verification and any associated devices.

Table 1. Change verification properties
Property Description
Name Name of the change verification.
Description Optional description of the change verification.
User The BIG-IQ® system user who performed the change verification.
Snapshot Name The name of the snapshot used. If the working configuration was used instead of a snapshot, this field is blank.
Task Status The status of the change verification task.
Start Time When the change verification process started.
End Time When the change verification process completed.
Table 2. Change verification device properties
Property Description
Device Name of the BIG-IQ device.
Verification Errors The number of non-critical verification errors. If this number is greater than zero, it is a link which can be clicked to get more details on the errors.
Critical Errors The number of critical errors. If this number is greater than zero, it is a link which can be clicked to get more details on the errors.
Status The status of the change verification.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)