Applies To:

Show Versions Show Versions

Manual Chapter: Deploying
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Deploying configuration changes to devices

When firewall policy edits are complete, you can deploy (to a target device) any change that occurred to any configuration object. Deployments are managed from the Deploy Changes panel.

Click the down arrow on the Deploy Changes panel to display the Evaluate button.

Click Evaluate to display all discovered devices whether or not changes are pending. By selecting individual device check boxes, you can pick the devices you want changes deployed to. Selecting the Devices check box (at top of screen) results in changes being deployed to all devices. Selecting Cancel cancels the deployment.

Note: Added, removed or edited rules are all included in the count for a modified rule list or firewall. They do not show up as added or removed individual rules. Multiple rule changes within a single rule list or firewall are counted as a single modification. The analogy is that the operation is like adding, removing, or changing ports in a port list or addresses in an address list.

When you click Evaluate, BIG-IQ Security:

  1. Reads the current working configuration for all devices from the BIG-IQ database.
  2. Takes a snapshot of the firewall policy set on BIG-IQ Security.
  3. Calculates the set of changes that need to be deployed and displays a count of the number and type of differences between the two configurations (BIG-IQ Security working configuration and BIG-IP current configuration).

For example, a list and count of differences would appear as follows: ADD(12), MOD(4), DEL(2). In the example:

  • ADD. New objects added to a rule and called by an existing rule list or firewall are counted as ADDs. In this example, there are 12 added objects.
  • MOD. Existing objects already used by an existing rule list or firewall and subsequently edited are counted as MODs. In this example, there are 4 modified objects.
  • DEL. Existing objects used by an existing rule list or firewall and subsequently removed are counted as DELs. In this example, 2 objects are deleted. Deleted objects can also be counted as MODs. For example, a deleted rule is a MOD to the firewall. However, if the rule calls an address list, that address list deletion counts as a DEL. However (again), if that address list is used by another rule, it is not deleted and does not increment the DEL count.
Note: Added, edited, or removed rules are not counted as individual added, edited, or removed items. These changes are rolled up within a single rule list or firewall and are counted as a single modification to the rule list or firewall. If you add a shared object (schedule, port list, address list, rule list) and reference that object from a firewall (or through a rule list referenced from a firewall), then the added shared object is counted as an ADD.

During deployment, the Deploy Changes panel collapses. After deployment, you can click the down arrow on the left side of the panel to view a deployment history. You can delete the deployment history by clicking the X to the left of the line.

Deployment states are displayed during the deployment process. For details, see the section about Support and Maintenance.

Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)