View and Update a Change Window

During the configured change window, Tufin automatically commits the saved policies on the relevant firewalls. Each change window can be configured for multiple devices and a device can be configured in multiple change windows. The commit process only occurs for devices that are online, enabled, and running within the change window.

Support for automatic policy commit is provided for the following management systems/devices:

  • Panorama Advanced mode (includes Device Groups at any level)
  • FortiManager Advanced mode (ADOMs)
  • Check Point R80.x CMA and MDS devices

When a change window runs, the latest policy version of each device is committed on the relevant firewalls:

  • For a selected Device Group, the policy is installed on all the firewalls associated with that Device Group.
  • For a selected management device–for example, a FortiManager device in Advanced mode–all of an ADOM's policies are installed on all the firewalls associated with that policy.
  • For a selected CMA device, its policies are installed on all the firewalls associated with each policy.

Best Practices

Change window creation date and recurrence

Change window duration

What am I looking at?

What can I do on this page?

Configure a change window for a firewall management console or per specific device:

  1. Select devices to add or remove them from a change window.
  2. Configure the Settings for a change window - Title, Description, and Recurrence.
  3. Configure the Status - Enable or Disable a change window.

To Update a Change Window

  1. In Devices, add or remove devices:

    • To add a device, select an available device for the Change Window and click to move it to the list of Devices included in this change window.

    • To remove a device from the list of Devices included in this change window, select the device and click .

    In MSSP mode, select a Domain and then add the relevant devices.

    Use Ctrl + Shift to select multiple devices.

  2. In Settings, configure the following parameters:

    Change Window field

    Description

    Title

    Mandatory text for the change window name

    Description

    Optional text

    Recurrence

    The change window will recur on the selected days of the week. A week is defined as Monday-Sunday.

    Start time and End time

    Recurrence: The day(s) of the week and time to start and end the change window execution

    Day

    The day(s) of the week to start or end the change window

    Time

    The time of day to start or end the change window

    Start from

    The starting date for the change window

    Recur every_week(s)

    Configure (in weeks) how frequently to run the change window

    Time zone

    Select the UTC time zone for the change window

    Alerts Notification

    Alerts are sent when the execution is completed and include a link to the SecureTrack report

    Send when

    Select Execution completed to enable email notifications

    Alert severity

    Select the severity for the alert: Low, Medium (default), High

    Email addresses

    Only SecureTrack users are allowed to access the link provided in the alert email
    Only valid email addresses are accepted

  3. Status: Select Enabled or Disabled (default option) when you finish creating the new change window.

    • Enabled - The change window is active and will be executed at the relevant date and time

    • Disabled - The change window is not active and will not be executed

  4. Click or to save your changes.

The change window is displayed as a row in the Change Windows table.

How Do I Get Here?

  1. In SecureTrack, go to Monitoring > Change Windows

  2. Click New Change Window or click the title of an existing change window