Resolve Inconsistent Object Issues
Inconsistent objects are objects with the same name, but different values, on two or more devices. Sometimes users create objects in different configurations with the same name and content, but over time the values of these objects diverge, which creates the inconsistency.
Note: To resolve inconsistent object issues in bulk, see Resolve Object Issues in Bulk.
You can perform the following on inconsistent objects:
-
Ignore: Security Cloud Control ignores the inconsistency between objects and retains their values. The objects will no longer be listed under the inconsistency category.
-
Merge: Security Cloud Control combines all selected objects and their values into a single object group.
-
Rename: Security Cloud Control allows you to rename one of the inconsistent objects and give it a new name.
-
Convert Shared Network Objects to Overrides: Security Cloud Control allows you to combine inconsistent shared objects (with or without overrides) into a single shared object with overrides. The most common default value from the inconsistent objects is set as a default in the newly formed object.
NoteIf there are multiple common default values, one of them is selected as the default. The remaining default values and override values are set as overrides of that object.
-
Convert Shared Network Group to Additional Values: - Security Cloud Control allows you to combine inconsistent shared network groups into a single shared network group with additional values. The criteria for this functionality is that the inconsistent network groups to be converted must have a minimum of one common object with the same value. All default values that match this criterion becomes the default values, and the remaining objects are assigned as additional values of the newly formed network group.
For example, consider two inconsistent shared network groups. The first network group 'shared_network_group' is formed with 'object_1' (192.0.2.x) and 'object_2' (192.0.2.y). It also contains additional value 'object_3' (192.0.2.a). The second network group 'shared_network_group' is formed with 'object_1' (192.0.2.x) and additional value 'object_4' (192.0.2.b). On converting the shared network group to additional values, the newly formed group 'shared_network_group' contain 'object_1' (192.0.2.x) and 'object_2' (192.0.2.y)' as default values and 'object_3' (192.0.2.a) and 'object_4' (192.0.2.b) as additional values.
NoteWhen you create a new network object, Security Cloud Control auto assigns its value as an override to an existing shared network object with the same name. This is also applicable when a new device is onboarded to Security Cloud Control.
The auto-assignment happens only when the following criteria are met:
-
The new network object must be assigned to a device.
-
Only one shared object with the same name and type must be existing in the tenant.
-
The shared object must already contain overrides.
To resolve inconsistent object issues:
Procedure
Step 1 | In the Security Cloud Control navigation bar on the left, click Objects and choose an option. |
Step 2 | Then filter the objects to find inconsistent object issues. |
Step 3 | Select an inconsistent object. In the objects details panel, you will see the INCONSISTENT field with the number of objects affected: |
Step 4 | Click Resolve. Security Cloud Control displays inconsistent objects for you to compare. |
Step 5 | You now have these options:
|
Step 6 | After resolving the inconsistencies, review and deploy now the changes you made, or wait and deploy multiple changes at once. |