Manual Chapter :
Managing Change Verifications
Applies To:
Show VersionsBIG-IQ Centralized Management
- 6.0.1
Managing Change Verifications
About change verifications
Use change verifications to ensure that the changes you have made to a firewall security
policy in BIG-IQ® Network Security are compatible with the
specified BIG-IP® devices before attempting to deploy those
changes.
In some environments, the person who edits the firewall policy is not the same person as
the one who deploys that policy. The person who edits the firewall policy can use the
change verifications feature to make sure their changes to the firewall are compatible
with the BIG-IP devices before someone else deploys those policy changes.
Firewall policy changes can be verified against either the working configuration or a
configuration snapshot. In either case, the entire configuration is verified, not just
the latest changes to that configuration. If the working configuration is used, make
sure that while the verification is processing, other users are not changing the
working configuration by changing address lists, rule lists and so on.
You create, view, and delete change verifications in the Policy Editor by selecting
Change Verifications
from the navigation list on the left.
This displays the list of change verifications, including these details:- The name of the change verification.
- The status of the change verification.
- When the change verification was created.
- What BIG-IQ system user created the change verification.
- What non-critical and critical errors were encountered during the change verification. If the number of errors is not zero, the number of errors are links that you can click for more detailed error information.
To view the properties of a change verification, click the change verification name.
To create a new change verification, click
Create
.To delete one more change verifications, select the check box to the left of one or more
change verifications and click
Delete
. To filter which change verifications are displayed, use the Policy Editor filter
fields.
Adding change verifications
You add change verifications to
ensure that the changes you have made to a firewall security policy are compatible with
the specified BIG-IP® devices before attempting to deploy those
changes.
- Click.The Change Verifications screen opens.
- ClickCreate.
- In theNamesetting, type a name for the change verification.
- In theDescriptionsetting, type a description of the change verification.
- Specify a source for the change verification.
- SelectWorking Configto use the current working configuration as the source. Be sure that the working configuration does not change while the change verification process is occurring. There could be unexpected results in the verification if other users are editing and changing any part of the current configuration, including address lists, rule lists and so on.
- SelectSnapshotto use a specified snapshot as the source. ClickSelect Snapshotto display the list of available snapshots, click the name of the snapshot to use, and then clickSelect. The selected snapshot is displayed.
- FromAvailable Devices, select one or more devices to verify the source against.
- Choose devices by selecting the check box to the left of each device to use for verification.
- Choose a group of devices by selecting the check box to the left ofView by groupsto display devices organized by group, and then selecting the check box to the left of the group name to choose all devices in that group for verification.
- ClickVerify.The selected source is verified against each selected device and the change verification is shown in a list with the results. If there are errors in the verification, the number of errors are shown as links that can be clicked for more detail.When creating change verifications, you may encounter a critical error dialog box that indicates that an object, such as a logging profile, does not exist on a BIG-IP device. This critical error dialog box also contains aPin Objectbutton. ClickPin Objectto correct the error by pinning the object to the BIG-IP device pinning policy.
Viewing change verification properties
You view change verifications to
ensure that the changes you have made to a firewall security policy are compatible with
the specified BIG-IP® devices before attempting to deploy those
changes.
- Click.The Change Verifications screen opens.
- Click the name of a change verification to view the properties, the device used, and the number of errors.If there are errors in the change verification, the number of errors are shown as links that you can click for more detail on the error.
Change verification properties
This table lists the properties of a change verification and any associated devices.
Property | Description |
---|---|
Name | Name of the change verification. |
Description | Optional description of the change verification. |
User | The BIG-IQ® system user who performed the change
verification. |
Snapshot Name | The name of the snapshot used. If the working configuration was used instead of a
snapshot, this field is blank. |
Task Status | The status of the change verification task. |
Start Time | When the change verification process started. |
End Time | When the change verification process completed. |
Property | Description |
---|---|
Device | Name of the BIG-IQ device. |
Verification Errors | The number of non-critical verification errors. If this number is greater than
zero, it is a link which can be clicked to get more details on the errors. |
Critical Errors | The number of critical errors. If this number is greater than zero, it is a link
which can be clicked to get more details on the errors. |
Status | The status of the change verification. |