On This Page
Creating a Custom Workflow
This topic is intended for SecureChange workflow owners, who are responsible for creating and maintaining workflows. |
Overview
A workflow is a defined process for a request. When you initially create an empty workflow, it initially has a single step called Open Request which does not contain any fields. This gives you the flexibility to create as many steps as you need and to add required fields to each step. Each step includes a task that a user must do before the request moves to the next step.
These custom workflows require a SecureChange license. Users with SecureChange Basic can only create workflows from a pre-defined template.
The list of available fields is based on the type of workflow that you are creating, all workflows have access to Generic Fields and most workflows have a workflow-specific field. The following workflow types are available:
Workflow Type |
Typical Use |
Workflow-Specific Fields |
---|---|---|
Access Request |
Design changes to firewall policies. Typically this workflow would require a user to enter details of the target, source, and destination of the access request. The workflow could also require the user to enter a business justification or other information required to approve the request. |
|
Access Request & Modify Group |
A single workflow which users can use to request access or modify groups. This allows you to create a single workflow with these two commonly used capabilities available. The access request and modify group request must be in separate steps. |
|
Clone Network Object Policy |
Clone server policies, objects, and all the existing connections of the original server to one or more servers. For example, this workflow is useful if you are decommissioning a server and need to clone its settings to a new server. |
|
Generic |
Workflows that do not have to be connected to your network configuration, for example you could create a generic workflow to monitor support tickets. |
|
Modify Group |
Design a group object change and apply the change to a policy. Users are able to select a group of network objects from a device and select objects to add or remove from the group, or the ability to create new groups. The template could include the ability to add multiple Modify Group fields in a ticket in order to change multiple groups in the same ticket. If the selected group is from a supported device, you can also implement the changes directly to the policy. For tickets related to a Modify Group workflow, Tufin recommends that the number of groups in one ticket does not exceed 20 groups.
|
|
Rule Decommission |
Decommission a rule that is no longer needed, for example a rule that is shadowed by a different rule. |
|
Rule Modification |
Update objects in the Source, Destination, or Service fields of a firewall rule for quick remediation. |
|
Rule Recertification |
Document and verify the need for a rule. |
|
Decommission Network Object |
Remove specified servers or other network objects from all firewall rules. |
What Can I Do Here?
Create a New Empty Workflow
-
Click New Workflow. The Workflow Properties dialog appears.
-
Enter a name and description for the workflow. The name and description will be displayed in the list of workflows.
-
Select a workflow Type. The type ensures that when you add fields to the workflow, only relevant fields will be available.
-
Click OK. The workflow page appears.
-
Set Workflow Properties, see Configuring Workflow Properties.
-
Design your workflow, see Configuring Workflow Steps.
How do I Get Here?
SecureChange > Workflows
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague