Change Management

You can enable Change Management if your organization needs to implement more formal processes for configuration changes, including audit tracking and official approval before changes are deployed.

When you enable Change Management, the system adds the Ticket (Ticket icon) shortcut to the menu bar, and Change Management Workflow to the System (system gear icon) menu. Users can manage tickets using these methods.

For details about how to use Change Management, see Change Management

On the System (system gear icon) > Configuration page, you can configure the following settings. Click Save to save your changes.

  • Enable Change Management—Turn on ticketing and the Change Management workflow. Once enabled, you must approve or discard all tickets to turn off Change Management.

    To disable the feature, deselect the option. All tickets must be approved or discarded to disable Change Management. You cannot disable Change Management if any ticket is in the In Progress, On Hold, Rejected, or Pending Approval state.

  • Number of approvals required—How many administrators must approve the change for the ticket to be approved and deployable. The default is 1, but you can require up to 5 approvers per ticket. Users can override this number when creating tickets.

    Note

    When Change Management is enabled and in use, you cannot change the number of approvers if at least one ticket is in the In Progress, On Hold, Rejected, or Pending Approval state. All tickets must be approved or discarded to change the required number of approvers.

  • Ticket Purge Duration—The number of days to keep approved tickets, from 1-100 days. The default is 5 days.

  • Email Notification (Optional)—Enter the Reply to Address and the email addresses for the List of Approver Addresses. You must also configure the Email Notification system settings for email to work.

    For Cloud-delivered Firewall Management Center, the reply to address does not appear. Instead, configure this address in the Email Notification system settings.

Notes

There are several system processes that prevent you from enabling/disabling change management. If any of the following are in process, you need to wait for them to complete before changing these settings: backup/restore; import/export; domain movement; upgrade; Flexconfig migration; device registration; high-availability registration, creation, break, or switch; cluster create, registration, break, edit, add or remove nodes; EPM break out or join.

An access control policy cannot be locked when you change these settings. If a policy is locked, you must wait for the lock to be released before enabling/disabling this feature.