Use change verifications to ensure that the changes you have made to a firewall security policy in BIG-IQ® Network Security are compatible with the specified BIG-IP® devices before attempting to deploy those changes.
In some environments, the person who edits the firewall policy is not the same person as the one who deploys that policy. The person who edits the firewall policy can use the change verifications feature to make sure their changes to the firewall are compatible with the BIG-IP devices before someone else deploys those policy changes.
Firewall policy changes can be verified against either the working configuration or a configuration snapshot. In either case, the entire configuration is verified, not just the latest changes to that configuration. If the working configuration is used, make sure that while the verification is processing, other users are not changing the working configuration by changing address lists, rule lists and so on.
You create, view, and delete change verifications in the Policy Editor by selecting Change Verifications from the navigation list on the left. This displays the list of change verifications, including these details:
To view the properties of a change verification, click the change verification name.
To create a new change verification, click Create.
To delete one more change verifications, select the check box to the left of one or more change verifications and click Delete.
To filter which change verifications are displayed, use the Policy Editor filter fields.
This table lists the properties of a change verification and any associated devices.
|Name||Name of the change verification.|
|Description||Optional description of the change verification.|
|User||The BIG-IQ® system user who performed the change verification.|
|Snapshot Name||The name of the snapshot used. If the working configuration was used instead of a snapshot, this field is blank.|
|Task Status||The status of the change verification task.|
|Start Time||When the change verification process started.|
|End Time||When the change verification process completed.|
|Device||Name of the BIG-IQ device.|
|Verification Errors||The number of non-critical verification errors. If this number is greater than zero, it is a link which can be clicked to get more details on the errors.|
|Critical Errors||The number of critical errors. If this number is greater than zero, it is a link which can be clicked to get more details on the errors.|
|Status||The status of the change verification.|