Configure applications
This topic describes how AppViz administrators can configure AppViz applications.
Decommission an Application: Watch to learn how decommission a AppViz application.
Manage application expiration
You may set applications to expire on a particular day and notify all users when the expiration will take place using:
- Email notifications: Additional notifications may be different number of days before expiration than first notification.
- GUI Alerts
-
Advance notification - 'Expires in 2 days' is displayed on Dashboard if application is expiring in 2 days.
-
Notice on day of expiration.
- Alert in Activity Log on day of expiration.
To manage application expiration:
- Enable expiration date field in applications. See Enabling Application Expiration (see Enable application expiration).
- Set the desired email notifications.
To set default or custom notification settings for all users and applications, or for a specific user (for administrators, only), see AppViz users, permissions, and roles.
Verify that Application expiration is selected in the Application Events section, otherwise only notification will be in Activity Log on day of expiration.
Enable application expiration
The expiration date field is an optional system field. When enabled, the field appears in application screens along. If an application is set to expire within a short time, alerts are presented on relevant screens.
To enable application expirations:
- Log into AppViz as an administrator.
-
In the toolbar, click your username.
A drop-down list appears.
-
In the drop-down list, select Administration.
Click the Customization tab.
-
Next to Custom Fields, click Manage.
The Manage Custom Fields page appears with the Application fields area open.
- Enabled fields are marked with .
- Disabled fields are marked with .
-
To enable the Expiration Date field, on the right side, click .
The Enable field confirmation dialog box appears.
- Click OK to enable.
-
To disable the field and remove it from all applications, click .
The Disable field confirmation dialog box appears.
- Click OK to disable.
Manage application labels
AppViz provides two different types of application labels:
- User-defined labels. Basic labels that can be created and added to any application as a way of organizing applications in groups.
- System labels. Labels that are automatically assigned to an application as the result of a system function. Applications with system labels include critical process applications and PCI applications.
User-define labels can be managed with the following actions:
- Add. Create a label and optionally assign it to one or more applications. See Adding a Label (see Add a label ).
- Edit. Modify the name of a label and the assigned applications. See Editing a Label (see Edit a label ).
- Replace. Replace a label (for all applications assigned to the label) with a different existing label. See Replacing a Label (see Replace a label )
- Delete. Delete a label from the system and all its associations with applications. See Deleting a Label (see Delete a label ).
The PCI label can be edited by modifying the applications assigned to it. See Customizing Applications Assigned to the PCI Label (see Customize applications assigned to the PCI label ).
Critical Process labels are managed in the critical process manager. For details, see Critical processes.
Note: Only users with administrative permission can manage application labels. In order to allow users without administrative permissions to create new labels while managing applications, see AppViz users, permissions, and roles. All users can search for applications by label by performing an advanced or simple search in the Application area menu.
Add a label
To add a label :
-
In the toolbar, click your username.
A drop-down list appears.
- In the drop-down list, select Administration.
-
Click the Customization tab.
-
In the Application Labels area, click Manage.
The Manage Application Labels page appears.
-
Click Add Label.
The New Label area appears.
- In the Label Name field, type the name of the label.
- To assign applications to the label, do the following:
Click +Add Applications.
The Add Applications wizard opens.
Select applications using the information in Using the Add Applications Wizard (see Use the Add Applications wizard).
The selected applications are added to the list.
- To revoke the label from an application, click next to the application's name in the Assigned Applications area.
- Click Save Changes.
Edit a label
To edit labels:
-
In the toolbar, click your username.
A drop-down list appears.
- In the drop-down list, select Administration.
- Click the Customization tab.
-
In the Application labels area, click Manage.
The Manage Application Labels page appears.
- Do one of the following:
- Select the label in the list.
- Search for the desired label by doing the following:
- In the search box, type part of the label name.
- Click .
Select the label in the results list.
The label appears with its list of associated applications.
- To edit the label's name, type the new name in the Label Name field.
- To assign applications to the label, do the following:
Click +Add Applications.
The Add Applications wizard opens.
Select applications using the information in Using the Add Applications Wizard (see Use the Add Applications wizard).
The selected applications are added to the list.
-
To revoke the label from an application, click next to the application's name in the Assigned Applications area.
The label is removed from the selected application without confirmation.
- Click Save Changes.
Replace a label
To replace a label:
-
In the toolbar, click your username.
A drop-down list appears.
- In the drop-down list, select Administration.
- Click the Customization tab.
-
In the Application labels area, click Manage.
The Manage Application Labels page appears.
- Do one of the following:
- Select the label in the list.
- Search for the desired label by doing the following:
- In the search box, type part of the label name.
- Click .
Select the label in the results list.
The label appears with its list of associated applications.
-
Click .
The Replace Label dialog box opens.
- In the Replace with field, start typing the existing label name, and select the label from the drop-down list.
-
Click OK.
The label name is replaced in each assigned application.
Delete a label
To delete a label:
-
In the toolbar, click your username.
A drop-down list appears.
- In the drop-down list, select Administration.
- Click the Customization tab.
-
In the Application labels area, click Manage.
The Manage Application Labels page appears, with a list of labels on the left.
-
In the list of labels, hover over the desired label and click .
A confirmation message appears.
- Click OK.
Customize applications assigned to the PCI label
All applications that include a network object that intersects the PCI zone are automatically assigned to the PCI system label. If desired, you can manually un-assign applications you do not want to be associated with the label. Un-assigning an application does nothing to affect its traffic flows; its network object(s) will still intersect the PCI zone, but the PCI label will not appear on the application's dashboard. Unassigned applications will not appear as PCI applications in the AFA PCI regulatory compliance report.
Note: The PCI zone is specified in AFA.
To customize applications assigned to the PCI label:
-
In the toolbar, click your username.
A drop-down list appears.
- In the drop-down list, select Administration.
- Click the Customization tab.
-
In the Application labels area, click Manage.
The Manage Application Labels page appears, displaying all user-defined labels.
-
Select the Show system labels check box.
All existing system labels appear at the top of the list.
-
Select the system label with the name PCI.
The label appears with its list of associated applications in the Assigned Applications list. All applications with an object that intersects the PCI zone are assigned to the label by default.
- To un-assign an application, click Un-assign next to the desired application.
-
To assign an application, click Assign next to the desired application.
Only applications that you previously un-assigned appear as options.
- Click Save Changes.
Manage application and user awareness
Note: This procedure is only relevant when AppViz is being used without FireFlow. When AppViz is being used with FireFlow, application and user awareness is controlled by FireFlow.
ASMS supports the User and Application traffic fields. When a Palo Alto Networks or Check Point device is defined in AFA, user and network application awareness is automatically enabled in AppViz. Both these fields will appear wherever traffic fields appear and will be considered in all traffic simulation queries, such as connectivity checks. If desired, you can manually enable or disable user and network application awareness in AppViz.
Note: In order to enable validation for the User field when using an LDAP authentication server, see Enabling Validation for the User Field (see Enable validation for the user field ).
To manage application and user awareness:
-
In the toolbar, click your username.
A drop-down list appears.
-
In the drop-down list, select Administration.
The administration page appears in the workspace.
-
Click Customization.
The Customization tab appears.
- To manage application awareness, do the following:
- To enable application awareness, in the Application Awareness Support area, click Turn On.
- To disable application awareness, in the Application Awareness Support area, click Turn Off.
- To manage user awareness, do the following:
- To enable user awareness, in the User Awareness Support area, click Turn On.
- To disable user awareness, in the User Awareness Support area, click Turn Off.
Enable validation for the user field
By default, the value of the User field is not validated. If ASMS is fetching data from an LDAP authentication server (enabled in AFA), and user awareness is enabled in AppViz, you can manually enable or disable validation of the User field in AppViz.
Note:
This procedure is only relevant when User Awareness Support is enabled for AppViz and fetching data from an LDAP is enabled in AlgoSec Firewall Analyzer. For more details, see Manage application and user awareness
To enable validation for the user field:
-
In the toolbar, click your username.
A drop-down list appears.
-
In the drop-down list, select Administration.
The administration page appears in the workspace.
-
Click Customization.
The Customization tab appears.
-
Do one of the following:
- To enable validation for the User field, in the User Awareness Support area, next to User validation via LDAP is currently turned off, click Turn On.
- To disable validation for the User field, in the User Awareness Support area, next to User validation via LDAP is currently on, click Turn Off.