Automate Network Object Changes

After you have created a network group or service group object change, you can automate the object change tasks for Palo Alto, Fortinet, and Cisco devices. When you use the automation tool, Policy Planner will automatically implement an object change.

To automate an object change, complete the following steps.

Note: For Fortinet objects to appear in Security Manager, they need to be associated to an existing rule.

  1. Select a ticket in the Design task.
  2. If necessary, click AssignAssign to Me.
  3. On the Change Plan tab, click Add ChangeNative Object Change.
  1. On the Define Properties page, complete the following steps.
    1. In the Summary field, enter a summary of the object change.
    1. Under Task Type, select either Create New Object or Modify Existing Object.
    2. Under Device, select an object that allows automation.
    3. Under Object Type, select an object type.
    4. If you selected Modify Existing Object, select the network object to modify.
  2. Click Next.
  3. On the Configure Object page, complete the following steps.

    1. If the Name field hasn't been filled in automatically enter a network object name.

    1. In the Comment field, enter a comment.
    2. If the IP/IP Range field hasn't been filled in automatically, enter an IP/IP address range for the network object.
  4. Click Save.

 

Automate Service Object Changes

After you have created a service object change, you can automate the object change tasks for Palo Alto, Fortinet, and Cisco devices. When you use the automation tool, Policy Planner will automatically implement an object change. To automate an object change, complete the following steps.

Note: For Fortinet objects to appear in Security Manager, they need to be associated to an existing rule.

  1. Select a ticket in the Design task.
  2. If necessary, click AssignAssign to Me.
  3. On the Change Plan tab, click Add ChangeNative Object Change.
  1. On the Define Properties page, complete the following steps.
    1. In the Summary field, enter a summary of the object change.
    1. Under Task Type, select either Create New Object or Modify Existing Object.
    2. Under Device, select an object that allows automation.
    3. Under Object Type, select an object type.
    4. If you selected Modify Existing Object, select the service object to modify.
  2. Click Next.
  3. On the Configure Object page, complete the following steps.

    1. If the Name field hasn't been filled in automatically enter a network object name.

    1. In the Comment field, enter a comment.
    2. If the IP/IP Range field hasn't been filled in automatically, enter an IP / IP address range for the network object.
  4. If you chose a service object service group type, on the Configure Object page, complete the following steps.
    1. In the Name field, enter a name.
    2. In the Comment field, enter a comment.
    3. In the Service Type drop-down, select a service type and then fill in the details for that type.
  5. Click Save.

 

Automate Group Object Changes

After you have created an network group or service group object change, you can automate the object change tasks for Palo Alto, Fortinet, and Cisco devices. When you use the automation tool, Policy Planner will automatically implement an object change. To automate an object change, complete the following steps.

Note: For Fortinet objects to appear in Security Manager, they need to be associated to an existing rule.

  1. Select a ticket in the Design task.
  2. If necessary, click AssignAssign to Me.
  3. On the Change Plan tab, click Add ChangeNative Object Change.
  1. On the Define Properties page, complete the following steps.
    1. In the Summary field, enter a summary of the object change.
    1. Under Task Type, select either Create New Object or Modify Existing Object.
    2. Under Device, select an object that allows automation.
    3. Under Object Type, select an object type.
    4. If you selected Modify Existing Object, select the object or group to modify.
  2. Click Next.
  3. On the Configure Object page, complete the following steps.
    1. In the Name field, enter a name.
    2. In the Comment field, enter a comment.
  4. If you chose a network object or network groups object type, on the Configure Object page, complete the following steps.

    1. To add a network group or service group, double-click an object in the All Service Objects, All Service Groups, All Network Objects, or All Network Groups tables.

    1. To add all network objects or groups, click Add All.
    2. To remove all network objects or groups, click Remove All.
  5. Click Save.
  6. Click Complete.

 

Stage an Object Change

After you have created the object change, Policy Planner must push it to the device, at which point its status is set to "Staged."

Note: In some cases, such as on Fortinet devices, you may have to access a management station to push staged changes from the parent device to the child device. In other cases, such as on Cisco devices, object changes are applied immediately.

Note: If Policy Planner fails to push the object change to the device, the Comment field will include a message explaining the failure.

  1. Open the relevant ticket in the Review task.
  2. If necessary, click AssignAssign to Me.
  3. Under the requirement, click Approve.
  4. On the toolbar at the top of the page, click Approve.
  5. On the Automation Assistance table, the Status column value changes to "Pending".
  6. Click AssignAssign to Me again.
  7. On the Automation Assistance table, click the check box beside the object change.
  8. Click Run Selected.

The status column value changes to "Running."

  1. After several moments, click Refresh Statuses.

If the rule automation was successful, the Status column value will change from "Running" to "Staged". The object has now been added to the policy for the selected devices.