Manage re-certification requests

This topic describes how to manage recertification requests using the default workflow.

For more details, see Re-certification workflow.

Do the following:

User type Step Reference
Network operations user Create a recertification request for an expired traffic change request that added Allow traffic. Re-certify traffic
Network operations user Search for change requests whose traffic intersects that of the Allow traffic added by the expired traffic change request. Find related change requests
Network operations user Notify the requestors of these change requests that the Allow traffic is slated for removal. Notify change requestors
Network operations user

FireFlow sends an email to the selected requestors. The requestors have until the recertification request's due date to respond.

 
Requestor

Respond via an email message.

Note: Responding via the web interface is not an option for recertification requests.

Respond to change requests
Network operations user

Do any of the following:

Extend the due date of the request, giving users more time to respond.

  • Re-notify the requestors.
  • View responses received from requestors
  • Manage requestor notifications
    Network operations user

    Once the requestors responses have been received, do one of the following:

    • If the requestors' responses indicate that the Allow traffic should be removed, plan the rule's removal.

      FireFlow creates a work order that consists of a list of recommendations for implementing the requested change.

    • If the requestors' responses indicate that the Allow traffic should not be removed, certify the traffic.

      An email message is sent to the requestor, indicating that the request is denied. The change request's lifecycle is ended, and no further user action is required.

    Certify or plan traffic removal
    Network operations user Edit the work order. Edit work orders
    Network operations user Implement the requested changes on the security device according to the work order, by using the relevant management system (for example, Check Point Dashboard or Juniper NSM) to implement the changes. Implement changes
    Network operations user

    FireFlow initiates validation of the implemented device policy changes against the change request.

    Verify change request results
    Network operations user

    Do one of the following:

    • If validation indicates that the Allow traffic was removed, resolve the change request.
    • If validation indicates that the Allow traffic was not removed, re-initiate the Implement stage and repeat change validation until the change is successful.
    Resolve or return change requests