Configuring Rule Recertification and Expiration

There are several rule recertification and expiration parameters that the App Administrator configures in the Rule Lifecycle Management App (RLM) Settings () > Setup menu. These parameters determine, for example, which rules to retrieve, the duration of the recertification, and how often RLM refreshes the status of rules that are in-progress.

In this section, configure the following rule certification parameters:

  • Recertification Trigger: RLM retrieves rules for recertification with an expiration that matches this value.
  • Certification Lifespan: Duration of the rule recertification. For example, set this value to 365 days to renew the certification for another year.
    This value must be greater than the value for Recertification Trigger.
  • Auto Decertify: Enable the toggle to automatically decertify rules. RLM opens a decertification ticket if all of these criteria are met:
    • Owner response time has expired.
    • Rule is expired.
    • Rule log (on the firewall device) is enabled.
    • Rule last hit (timestamp when traffic was matched to the rule) is none or greater than 365 days.
    • Rule was not modified in the last year.
    • Rule will be disabled only if the Rule Decommission Workflow toggle is enabled.