View matching results
Relevant for: Privileged users
This topic describes how to view the results of FireFlow's auto matching process, as well as any manual matching performed.
Access the Auto Matching page
In FireFlow's main menu on the left, click Auto Matching.
The Auto Matching page appears displaying lists of change requests and changes.
For example:
Items are organized into the following categories:
- Action Required. FireFlow could not find a perfect match automatically. You may need to manually match these items or otherwise understand the change that was made. For details, see Action required device changes.
- Matched. Items where FireFlow automatically found a perfect match, or a user has manually matched a change and change request. For details, see Matched device changes.
- Matching In Progress. Change requests that still require attention, either by FireFlow or manual changes by a user. For details, see Matching in progress device changes.
Tip: The number of rows displayed in each sub-list depends on your configured preferences.
Action required device changes
FireFlow defines the following sorts of device changes as Action Required:
For more details, see Resolve unmatched changes.
The Changes Without Request list includes all detected device changes where a matching change request was not found automatically.
Do any of the following:
- Click the rule to view the full rule change.
- Click the Summary or Content to modify the description.
For details, see View and edit change records.
The following lists include all devices where the changes detected do not match the changes approved.
Change <-> Change Request Mismatch | Includes all non-matching changes. |
Changes Wider than Request |
Includes all device changes that are more extensive than the changes approved in the linked change request. For example, when more services appear in the device change than appear in the approved change request. |
Change Requests Partially Implemented |
Includes instances where the change request calls for more extensive changes than were actually made. For example, when not all of the source IP addresses that appear in the change request appear in the updated device rule. |
Click a rule to view the full rule change. For details, see View and edit change records.
Note: Traffic change requests with requested traffic that is partially blocked may appear in the Change Requests Partially Implemented sub-list. Resolve these change requests manually.
For details, see Resolve unmatched changes.
Matched device changes
FireFlow marks all device changes that match approved change requests as Matched.
These do not require any additional action, and include the following types:
Note: Web filtering change requests and object change requests are automatically marked as Matched.
Change requests from a configurable number of days include the following types:
Perfect Auto Match, Last X Days | All change requests that were auto matched over a certain numbers of days. |
ID Match, Last X Days | All change requests that were auto matched by means of an ID match over a certain numbers of days. Note: This sub-list includes only change requests with multiple traffic requests and Palo Alto traffic change requests. |
Manual Match, Last X Days | All change requests that were manually matched over a certain numbers of days. |
Click a rule to view the full rule change. For details, see View and edit change records.
Approved changes are categorized as follows:
Changes Without Request - Approved |
All device changes for which a matching change request was not found, but which were manually approved regardless. |
Requests Without Change - Approved |
All change requests for which a matching device change was not found, but which were manually approved regardless. |
Change Requests that Already Work | All change requests for which the requested traffic is already allowed/blocked, and therefore no action is needed. |
Requests with Object Change | All object change requests. These change requests are automatically marked as matched. |
Recertification Requests | All recertification requests. These change requests are automatically marked as matched. |
Do any of the following, as relevant:
- Click a rule to view the full rule change. For details, see View and edit change records.
- Click a change request ID number or subject to view the change request.
Matching in progress device changes
FireFlow marks the following types of changes as Matching in Progress:
Change Requests Pending Auto Matching |
All change requests that are currently pending auto matching. |
Requests Pending Auto Matching |
All requests that are currently pending auto matching. |
Requests with Rule Removal Request Pending Auto Matching |
All rule removal requests that are currently pending auto matching. |
Changes Pending Auto Matching |
All changes that are currently pending auto matching. |
These items still require attention, either by FireFlow or manual changes by users. For details, see Resolve unmatched changes.
Depending on the matching type, click a change request ID number, subject, or device or policy specific request ID to view the change request.