Change validation parameters

Configuring Advanced Change Validation Strictness

When FireFlow performs advanced change validation, and the work order/ policy comparison determines a rule is a perfect match or more permissive, the change validation additionally verifies whether all object names used in the work order recommendation’s fields are the objects used in the matched rule’s fields. By default, a discrepancy in object names will not cause validation to fail. If desired, you can change this. Also, you can disable work order/ policy comparison altogether, leaving change validation to only consist of traffic simulation queries.

Configuration Parameter Name Value
ChangeRequestValidateObjectNames

0. To set validation to pass when there is an object name discrepancy. (Default)

1. To set validation to fail when there is an object name discrepancy.

2. To disable work order/ policy comparison altogether.

Configuring the Change Validation Timeout Period

When a change request enters the Validate stage, FireFlow attempts to verify that the changes in the work order have been implemented correctly. FireFlow can only detect the change once the device is analyzed or monitored by AFA, after the change is made.

In an environment with scheduled monitoring, the default timeout period is set to the same period as the monitoring cycle. If FireFlow fails to retrieve the monitoring frequency, the timeout period is set to 15 minutes (the default monitoring frequency). Manually analyzing the device in AFA will not cause change validation to proceed. If a monitoring cycle does not occur in this period, appears.

In an environment without scheduled monitoring, the default timeout period is 24 hours. If the device is not manually analyzed in AFA during that time, appears.

If desired, you can customize the timeout period (for both monitoring and non-monitoring environments).

Configuration Parameter Name Value
AsyncValidationTimeout

The desired timeout period, in seconds.

The default value is 0, which causes the default behaviors described above.

Configuring Change Validation Results for F5 BIG-IP

See Configuring Initial Plan Results for F5 BIG-IP.