Home > Articles > Certification > Cisco Certification > CCNP Security / CCSP

  • Print
  • + Share This
This chapter is from the book

Administration Tasks

The administration tasks fall into the following categories:

  • Workflow Setup

  • Maintenance

  • Support

Workflow Setup

The Firewall MC software enables you to configure firewalls as well as groups of firewalls. By default, when you make changes, they are propagated to your firewalls as soon as you save and deploy the changes. If you enable workflow (by selecting Admin > Workflow Setup), however, there is a distinct process that you must follow to deploy your changes to the appropriate firewalls. This process allows you to track changes down to the individual user that performed the changes. The workflow process establishes the following three distinct steps in the configuration process:

  1. Define configuration changes.

  2. Approve configuration changes.

  3. Deploy configuration changes.

A separate person can be in charge of each step, thus dividing the responsibility for updating the configuration on the managed firewalls.

When using workflow, policy changes (known as activities and jobs) regulate the deployment of configuration files. You can require formal approval for activities, jobs, or both. The Firewall MC interface also changes. The Deployment configuration tab is replaced with a Workflow configuration tab (see Figure 14-30).

Figure 30Figure 14-30 Firewall MC Interface with Workflow Enabled

Through workflow, you regulate activities (configuration changes) by using the following options:

  • Add—Creates a new activity

  • Open—Opens an existing activity to add more configuration changes

  • Close—Changes the state of the activity so that it can be submitted

  • Status—Displays the status of an activity

  • Info—Displays the changes that make up the activity

  • Submit—Submits an activity for approval

  • Undo—Rolls back activity changes

  • Approve—Approves the changes in an activity

  • Reject—Rejects the changes in an activity

  • Cancel—Cancels an active import or any generate actions currently in operation for the activity

NOTE

The various activity options are unavailable unless they are valid for the activity selected. For instance, you cannot approve an activity that has not been submitted.

Creating a job to deploy configuration changes (from specified activities) involves the following steps:

  1. Specify a job name.

  2. Select the activities to be deployed.

  3. Select the devices to receive the changes.

  4. Review the devices selected.

  5. Change the job state.

  6. Examine summary information.

You regulate and manage jobs using the following options:

  • Add—Creates a new job

  • Status—Displays detailed status of a job

  • Submit—Submits a job for approval

  • Rollback—Enables you to roll back the configuration on a firewall to a previous version

  • Approve—Approves the job for deployment

  • Reject—Rejects the job

  • Deploy—Deploys the changes in an approved job

  • Cancel—Cancels the deployment or rollback operation that is currently in process

NOTE

The various job options are unavailable unless they are valid for the activity selected. For instance, you cannot approve a job that has not been submitted.

Maintenance

Depending on how frequently you perform configuration updates, you may want to remove old activity and job records periodically. Select Admin > Maintenance to configure how often activity and job records are automatically purged from the database (see Figure 14-31). For both activities and jobs, you can specify how old an entry must be before it is automatically removed from the database (the default is 30 days).

Figure 31Figure 14-31 Maintenance Window

Support

When debugging your system, you may need to obtain some important operational information about your system. Select Admin > Support to run a program specifically designed to collect information to assist in troubleshooting the operation of your Firewall MC system.

  • + Share This
  • 🔖 Save To Your Account