Change Windows

What are Change Windows?

Change windows are recurring time slots that you configure into commit policy changes which have been provisioned to management devices. The change window automatically commits the changes to the managed firewalls according to the schedule you created. Change windows are configured in SecureTrack.

See What is Provisioning and Commit Policy Changes in SecureChange for more information.

Change windows let you:

  • Aggregate network policy changes for management devices—such as Panorama Advanced mode, FortiManager Advanced mode, and Check Point R80.x CMA and MDS devices—and then automatically commit those changes.
  • Schedule change commit windows for off hours.
  • Monitor the success or failure of the policy commit processes in real time for the current, next, and last policy commit processes.

What am I looking at?

This page displays a list of all your change windows for committing changes. The table lists the Recurrence, Status, Next and Previous Window for each change window. If available, a link is displayed for a report on the status, next scheduled window, and results of the previous window. The following information is displayed in the Change Windows table for each change window:

Change Window field

Description

Title

Name of the configured change window

Click the link to edit the change window fields

Domain

For multi-domain environments, displays the domain name

Recurrence

The day and time the change window is configured to run

Description

Optional text

Status
  • Idle - The change window is not currently running
  • - The change window is not available for scheduling
  • Commit in progress - Click the link to view the Change Window Progress Report for the change window
  • - Errors encountered: Some actions failed during the commit process

Next Window

Date and time for the next configured change window - Click the link to view the Next Change Window Report for the change window

Previous Window

For the previous change window, displays the date and time and summarizes the execution results

  • - All policies successfully installed on the selected firewalls
  • - Some actions not completed
  • - Did not start or timed out

Click the link to view the Commit Status Report for the change window

Prerequisites

To access the Change Windows tab, you must have the following licenses and user privileges/roles defined:

  • Licenses for SecureTrack, SecureChange, and Provisioning for all relevant devices
  • User privileges/roles:
    • Non-managed security service provider (non-MSSP) mode: administrator user
    • MSSP mode:
      • SecureTrack super admin (can create change windows in any domain)
      • multi-domain admin privileges (can create change windows in specified domains)

What can I do on this page

  • Create a change window - Click .

    You must add at least one device, enter a title, and configure at least a single recurrence for the change window.

  • View/update a change window - View a change window and update the configured Status (Enable/Disable), Devices,and Settings.
  • Delete a change window - Select the change window in the Change Windows table, click , and click OK to confirm the DELETE CHANGE WINDOW action.
  • View change window reports - View the progress of a running change window, the details of the next configured change window, and the results of the last change window.

    The reports include information such as the change window title, start and end date/time, relevant manufacturer and device names, status, warnings, errors, and elapsed time.

    The details shown in the Commit Status Report display the returned results exactly as received from the vendor, including the status, warning, error data, duplicated object names, and so on. Duplicated results or unexpected names may be caused by specific vendor limitations.

How Do I Get Here?

In SecureTrack, go to Monitoring > Change Windows