Manage network / service objects

This topic describes how to manage network and service objects in AppViz. For more details, see Network objects and Service objects.

Some objects are not available for editing.

Edit a network or service object

This procedure describes how to edit a network or service object in AppViz, when AppViz / AppChange are not configured to open FireFlow change requests for changes to device network object definitions.

For more details, see Device objects.

Do the following:

  1. View the object you want to edit. For details, see View a network object or Service objects.

    Note: Some objects are not available for editing. For details, see Objects with read-only permissions.

  2. In the Actions area of the Dashboard tab, click .

    The Object details, and if relevant, the Affected Applications appear.

    The Affected Applications area lists the applications that contain the object. View any affected flows by clicking .

  3. Edit the fields as needed. Device object names remain read-only.

    For more details, see Add and edit network objects or Service objects.

  4. Click Apply. One of the following occurs, depending on whether the object is used in an active application:

    For objects used in an active application, the Apply Change dialog is displayed. For example:

    This dialog box organizes the traffic included in the change request into the following categories:

    Flows to be added The change request will allow this traffic.
    Flows to be removed

    The change request will deny this traffic.
    Flows used by other applications The change request will not include this traffic as it is necessary for other applications.

    Note: Not all categories are relevant to every object edit.

    If needed, edit the text in the Change Request Summary field at the top, and then click Apply.

    For objects not used in an active application, the Save Object dialog is displayed.

    For example:

    Click OK to save your changes. No new change request is opened.

One of the following occurs:

If the object you are editing is used in an active application, the following occurs:

  1. A traffic change request is opened in FireFlow to implement the changes made to the object, such as to allow any traffic now required or remove traffic no long needed.

    Note: Traffic is only removed if it is no longer needed for any other AppViz applications.

  2. The object's status is changed to In Change Process, and no other edits are allowed.
  3. Any applications using the object and automatically updated with the new object value. AppViz uses the new definition, without waiting for the change request to be resolved.

  4. When the change request is resolved in FireFlow, the object leaves the In Change Process change status, and becomes editable again.

    If the change request is rejected in FireFlow, the object moves from the In Change Process status to a status of Rejected.

If the object you are editing is not used in an active application, your changes are saved, but no change request is opened.

You can only edit objects for which you have editing permissions. Additionally, the following objects cannot be edited by anyone:

  • Objects in use by applications for which you do not have editing permissions
  • Objects that are involved in a pending application. For example if you change an application to include a new object, and the application is now pending implementation, you cannot edit that object.
  • Objects that are part of a group that currently has the In Change Process status.

Back to top

Clone an object

Cloning an object creates a new object with the same content as the original object.

Note: You cannot clone a group object if any member of the group has a change status (Rejected, In Change Process, etc.).

To clone an object:

  1. View the object you want to edit. For details, see View a network object or Service objects.

  2. In the Actions area of the Dashboard tab, click .

    The Object Details appear.

  3. Edit the fields as needed. For details, see Add and edit network objects or Service objects.

    If you are cloning an object that originated in AppViz, you must edit the Name field.

  4. Click Save Changes.

    The Save Object dialog is displayed.

  5. Click OK.

    The object is created.

Back to top

Delete an object

Note: You cannot delete objects that are currently in use in an application, a member of a group object, or in use in a project with the status In Progress. Additionally, you must have permission to edit the object.

Note: You cannot delete any device objects when AppViz manages objects with its default behavior (device object definitions are not changed on their devices).

Note: This procedure is not relevant when AppViz is configured to open a FireFlow object change request via AppChange to change device network object definitions.

For more details, see Device objects.

To delete an object:

  1. View the object you want to edit. For details, see View a network object or Service objects.

  2. In the Actions area of the Dashboard tab, click .

    The Delete Object dialog is displayed.

  3. Click OK.

    The object is deleted and the Home page appears.

    Note: The history of deleted network objects can be viewed in the activity logs. For details, see Network object activity logs.

Back to top

Replace an abstract network object

There are two options for replacing an abstract network object with a regular network object:

  • From Applications
  • From Network Objects

Abstract network objects can be replaced with a new object or an existing one.

When you replace an abstract object, the following occurs:

  • A change request opens in FireFlow to modify the relevant traffic for the object's new flow(s). The change request appears in the change request tab of the abstract object, not the real object.
  • Affected applications behave the same as for other edited network objects.

To replace an abstract network object:

  1. To replace from an Application:

    1. View the application with the abstract object. For details, see Business applications.

    2. Click the Flows tab.

    3. In the flow, click an abstract object.

      The abstract network object information dialog is displayed.

    4. At the bottom of the dialog box, click Replace this object.

      The Replace Abstract object page appears in the workspace.

  2. To replace from a Network Object:

    1. View the abstract network object. For details, see View a network object.

    2. In the Actions area of the Dashboard tab, click .

      The Replace Abstract object page appears in the workspace.

  3. To replace with a new object, see Replace with a new object.
  4. To replace with an existing object, see Replace with an existing object.

To replace with a new object:

  1. Click the New Object tab.

    The Replace abstract object page appears, displaying the New Object tab.

    The abstract object fields, except for Type and Address, are pre-populated.

  2. Select the network object Type.
  3. Type the appropriate Address value for the network object type.
  4. In the Affected Applications area, do the following:
    • Select the check box next to existing drafts you wish to update.
    • Select the check box next to applications that you want to create a new draft for with the replaced object.

  5. Click Replace Object.

    The Apply Change dialog is displayed.

    The dialog box organizes the traffic included in the change request into the following categories:

    • Flows to be added. The change request will allow this traffic.
    • Flows to be removed. The change request will deny this traffic.
    • Flows used by other applications. The change request will not include this traffic as it is necessary for other applications.

    Not all categories are relevant to every object edit.

  6. (Optional) In the Change Request Summary field, edit the subject for the change request.

  7. Click Apply.

    The abstract object is replaced with the specified network object. A change request opens in FireFlow to modify the relevant traffic relating to this object's new flow(s).

To replace with an existing object:

  1. Click the Existing Object tab.

    The Replace abstract object page appears, displaying the Existing Object tab.

  2. To select the existing object, click Network object lookup. For details, see Business applications.

    The fields are filled with the selected network object's information.

  3. In the Affected Applications area, select the check box next to existing applications you wish to update.

  4. Click Replace Object.

    The Apply Change dialog is displayed.

    The dialog box organizes the traffic included in the change request into the following categories:

    • Flows to be added. The change request will allow this traffic.
    • Flows to be removed. The change request will deny this traffic.
    • Flows used by other applications. The change request will not include this traffic as it is necessary for other applications.

    Not all categories are relevant to every object edit.

  5. (Optional) In the Change Request Summary field, edit the subject for the change request.

  6. Click Apply.

    The abstract object is replaced with the specified network object. A change request opens in FireFlow to modify the relevant traffic relating to this object's new flow(s).

Back to top

Update an object's applications

Updating applications replaces an old revision of the object with the new revision of the object in any application flows using an outdated revision of the object. A change request opens in FireFlow to allow and/or deny any traffic necessary for applications as a result of the updated object. Traffic is only removed when it is not necessary for any other applications in AppViz.

Once applications are updated, the following occurs:

  • A FireFlow change request opens to modify the relevant traffic.
  • The applications are immediately updated with the new object value. AppViz does not wait for the change request to be resolved.

To update applications:

  1. View the object you want to edit. For details, see View a network object or Service objects.

  2. In the Actions area of the Dashboard tab, click .

    The Apply Change dialog is displayed.

    The dialog box organizes the traffic included in the change request into the following categories:

    • Flows to be added. The change request will allow this traffic.
    • Flows to be removed. The change request will deny this traffic.
    • Flows used by other applications. The change request will not include this traffic as it is necessary for other applications.

    Not all categories are relevant to every object edit.

  3. (Optional) In the Change Request Summary field, edit the subject for the change request.
  4. Click Apply.

Back to top

Discard changes made to objects

Discarding changes causes the object to revert to its previous revision in all relevant flows. Optionally, a change request opens in FireFlow to allow any traffic necessary as a result of discarding the object and remove any traffic that is no longer necessary. Traffic is only removed when it is not necessary for any other applications in AppViz.

Note: This action is only relevant for Rejected objects.

To discard changes:

  1. View the object you want to edit. For details, see View a network object or Service objects.

  2. In the Actions area of the Dashboard tab, click .

    The Discard Object Change dialog is displayed.

    The dialog box organizes the traffic included in the change request into the following categories:

    • Flows to be added. The change request will allow this traffic.
    • Flows to be removed. The change request will deny this traffic.
    • Flows used by other applications. The change request will not include this traffic as it is necessary for other applications.

    Not all categories are relevant to every object edit.

  3. (Optional) In the Change Request Summary field, edit the subject for the change request.

  4. To specify that a change request not be opened in FireFlow, check the Do not initiate a change request (all affected applications will be updated automatically).

    Note: Because the original change to the object was rejected (and not implemented on the security policy), opening a change request to discard the changes may not be necessary. But, it is possible that the security policy was changed if, for example, an affected application was edited with the new object definition. If you are certain that no change was implemented on the policy and you don't want to enter the process of submitting a change request, having the object enter the In Change Process state, etc, you can specify not to open a change request. In this case, we recommend you manually review any updated applications.

  5. Click Discard.

    The changes are rejected. The object reverts to its previous revision in all relevant flows, and if relevant, the FireFlow change request opens.

Back to top

Re-apply changes made to objects

Re-applying changes updates all relevant application flows with changes that have been made to the object since it was rejected in FireFlow. A change request opens in FireFlow to allow any traffic necessary as a result of the changes to the object and remove any traffic that is no longer necessary. Traffic is only removed when it is not necessary for any other applications in AppViz.

Note: This is action is only relevant for Rejected objects.

To re-apply changes:

  1. View the object you want to edit. For details, see View a network object or Service objects.

  2. In the Actions area of the Dashboard tab, click .

    The Apply Change dialog is displayed.

    The dialog box organizes the traffic included in the change request into the following categories:

    • Flows to be added. The change request will allow this traffic.
    • Flows to be removed. The change request will deny this traffic.
    • Flows used by other applications. The change request will not include this traffic as it is necessary for other applications.

    Not all categories are relevant to every object edit.

  3. (Optional) In the Change Request Summary field, edit the subject for the change request.

  4. Click Apply.

    The changes are applied and the change request opens.

Back to top