Rule Decommission Field

Workflow Owner This topic is intended for SecureChange workflow owners, who are responsible for creating and maintaining workflows.

When you configure workflow steps, the rule decommission field lets you manage the process of removing the selected rules from supported devices. When you configure the rule decommission field in a workflow step, the Display name and Description are the same for every step that the field is added to. All other settings apply only to the current step.

In a Rule Decommission workflow, when multiple tasks are opened on the same step by Dynamic Assignment, no changes can be made to the rules or objects within the rules, and all tools (such as Designer and provisioning) are disabled for the handlers, even if the same handler is configured for all the tasks in the step.

Topology and Auto Close are not available for workflows that include the rule decommission field.

General

  • Read-only - The handler of this step can view the contents but not edit values of the field.

Show

  • Designer tool - Lets the handler of the step use the Designer tool, which gives more precise recommendations for how to change a rulebase by using topology information and current rulebase data in SecureTrack. In the properties of the step, you can set the Designer to run as an auto step for supported devices. You cannot enable the Designer tool for the first step of a workflow.

    For each step that you enable the Designer tool, you can allow the handler to:

    • Allow all: Allow all Designer capabilities supported by this workflow.

    • Allow design only: View the Designer recommendations for policy updates.

    • Allow update only: Provision the Designer recommendations by saving the policy updates to devices. (For devices where Provisioning is supported)

    • Allow commit only: Commit the current policy from the management device onto associated child firewall devices. (For management devices where Committing Changes is supported)

    • Allow design and update only: View the Designer recommendations for policy updates and then provision the Designer recommendations by saving the policy updates to devices. (For devices where Provisioning is supported)

    • Allow update and commit only: Perform both update and commit processes.

  • Verifier tool - Lets the handler of the step use the Verifier tool, which shows the handler whether the request patterns in the field are implemented in actual device policies. In the properties of the step, you can set the Verifier to run as an auto step.