When firewall policy edits are complete, you can deploy (to a target device) any change that
occurred to any configuration object. Deployments are managed from the Deploy Changes panel.
Click the down arrow on the Deploy Changes panel to display the
Click Evaluate to display all discovered devices whether or not changes
are pending. By selecting individual device check boxes, you can pick the devices you want
changes deployed to. Selecting the Devices check box (at top of screen)
results in changes being deployed to all devices. Selecting Cancel cancels
Note: Added, removed or edited rules are all included in the count for a
modified rule list or firewall. They do not show up as added or removed individual rules.
Multiple rule changes within a single rule list or firewall are counted as a single
modification. The analogy is that the operation is like adding, removing, or changing
ports in a port list or addresses in an address list.
When you click Evaluate, BIG-IQ Security:
- Reads the current working configuration for all devices from the BIG-IQ database.
- Takes a snapshot of the firewall policy set on BIG-IQ Security.
- Calculates the set of changes that need to be deployed and displays a count of the number
and type of differences between the two configurations (BIG-IQ Security working configuration
and BIG-IP current configuration).
For example, a list and count of differences would appear as follows: ADD(12), MOD(4),
DEL(2). In the example:
- ADD. New objects added to a rule and called by an existing rule list or firewall
are counted as ADDs. In this example, there are 12 added objects.
- MOD. Existing objects already used by an existing rule list or firewall and
subsequently edited are counted as MODs. In this example, there are 4 modified objects.
- DEL. Existing objects used by an existing rule list or firewall and subsequently
removed are counted as DELs. In this example, 2 objects are deleted. Deleted objects can
also be counted as MODs. For example, a deleted rule is a MOD to the firewall. However,
if the rule calls an address list, that address list deletion counts as a DEL. However
(again), if that address list is used by another rule, it is not deleted and does not
increment the DEL count.
Note: Added, edited, or removed rules are not counted as individual added,
edited, or removed items. These changes are rolled up within a single rule list or firewall
and are counted as a single modification to the rule list or firewall.
If you add a shared object (schedule, port list, address list, rule list) and reference
that object from a firewall (or through a rule list referenced from a firewall), then the
added shared object is counted as an ADD.
During deployment, the Deploy Changes panel collapses. After deployment, you can click
the down arrow on the left side of the panel to view a deployment history. You can delete
the deployment history by clicking the X to the left of the line.
Deployment states are displayed during the deployment process. For details, see the section
about Support and Maintenance.