Manage rule removal requests

This topic describes how to manage rule removal requests in FireFlow or from AFA.

Manage rule removal requests from FireFlow

This procedure describes how to manage rule removal requests using the default workflow.

For more details, see Rule removal workflow.

Do the following:

User type Step Reference
Any privileged user

Do one of the following:

  • Submit a rule removal request in AlgoSec Firewall Analyzer.

  • Create a change request using the 140: Rule Removal Request template.

Submit a rule removal request from AFA

Request changes

Network operations user Search for change requests whose traffic intersects that of the rules selected for removal/disablement. Find related change requests
Network operations user

Notify the requestors of these change requests that the rules are slated for removal/disablement.

FireFlow sends an email to the selected requestors. The requestors have until the rule removal request's due date to respond.

Notify change requestors
Requestor Respond via email message or via the requestors web interface. Respond to change requests
Network operations user

Do one of the following:

  • Extend the due date of the change request, giving users more time to respond.

  • Re-notify the requestors.

  • View responses received from requestors.

Manage requestor notifications
Network operations user

Once the requestors responses have been received, do one of the following:

  • Approve the change request and send it on to the next stage.

    FireFlow creates a work order that consists of a list of recommendations for implementing the requested change.

  • Reject and close the change request.

    An email message is sent to the requestor, indicating that the request is denied. The change request's lifecycle is ended, and no further user action is required.

 

 

Approve planned changes
Network operations user

Edit the work order.

Edit work orders
Network operations user Implement the requested changes on the security device according to the work order, by using the relevant management system (for example, Check Point Dashboard or Juniper NSM) to implement the changes.

Implement changes

Implement changes with ActiveChange

Network operations user

FireFlow initiates validation of the implemented device policy changes against the change request.

Validate changes
Network operations user

Do one of the following:

  • If validation indicates that the specified rules were removed/disabled, resolve the change request.
  • If validation indicates that the specified rules were not removed/disabled, re-initiate the Implement stage and repeat change validation until the change is successful.
Resolve or return change requests

Submit a rule removal request from AFA

When viewing the PolicyOptimization page of a device report in AFA, you can submit a Rule Removal request to disable redundant, unused, covered, and unrouted rules in the device's policy.

Do the following:

  1. If you're currently in FireFlow, switch to AFA. For details, see Logins and other basics.
  1. Browse to and view your device's device report. For details, see View AFA device data.
  2. Click the Policy Optimization tab.

    The Policy Optimization page is displayed.

  3. Click on one of the supported rule categories (Unused rules, Covered rules, Redundant special case rules, and Unrouted rules).

    The rules in the selected category are displayed.

  4. Do one of the following:

    • In the first column, select the check boxes next to the rules you want to disable.
    • To select all rules, select Select All Covered Rules / Select All Unused Rules / Select All Special Case Rules.
  5. Click Disable Selected Rules.

    A confirmation message appears with a link to the change request.

    Note: A single change request is created to handle all rules selected for disabling. To modify the change request's fields, see For details, see Advanced change request edits.

  6. Click OK.