Traffic field parameters

Enable / disable multiple traffic rows in change requests

By default, FireFlow allows users to add more traffic rows to a change request, by clicking Add More Traffic. If desired, you can disable this option and remove the Add More Traffic button.

Configuration Parameter Name Value
EnableMultipleTraffic

0. To disable multiple traffic rows.

1. To enable multiple traffic rows. (Default)

Enable / disable application or service translation for Palo Alto devices

When a change request is submitted for a Palo Alto device, the requestor may define the traffic using a service, even when it would be better to define the traffic with an application.

If desired, you can enable automatic translation of services to their relevant applications. After initial planning, the sub-requests will be created with the service "application-default" and the relevant application. Services will only be translated into an application if they match an application's default service exactly and uniquely.

Note: AppViz users should not enable this configuration option as it will cause flows to fail validation.

Note: This configuration option is only relevant when application awareness is enabled. See Enabling/Disabling User and Network Application Awareness (see Enable / disable user and network application awareness).

Note: The maximum number of services translated per traffic line is three. If more than three services appear in a single traffic line, the services in that line will not be translated into applications.

Configuration Parameter Name Value
PanoramaServicesTranslation

0. To disable application/service translation. (Default)

1. To enable application/service translation.

Enable / disable user and network application awareness

ASMS supports the User traffic field for Check Point devices and the User and Application traffic fields for Palo Alto and Cisco Firepower devices.

If desired, you can manually enable or disable user and network application awareness in FireFlow and AppViz.

Network application awareness parameter must be manually enabled. When application awareness is enabled, the Application field will appear wherever traffic fields appear and will be considered in traffic simulation queries, initial planning, risk checks, and connectivity checks.

ASMS assigns a default service (ports and protocols) to each application. This default service appears as the value application-default in the Service field. The default service may vary depending on the application in question

Tip: To view the default service (ports and protocols) assigned by ASMS to a specific application, in FireFlow hover over the "application-default" value in the Service field. The ports and protocols used by ASMS for the application is displayed.

Note: After changing either of these parameters, you must restart AppViz in addition to restarting FireFlow.

Note: Disabling this support discards all user and/or network application data in FireFlow and AppViz.

Configuration Parameter Name Value
ShowApplicationFieldInCreateForm

0. To disable network application awareness in FireFlow and AppViz. (default)

1. To enable network application awareness in FireFlow and AppViz.

ShowUserFieldInCreateForm

0. To disable user awareness in in FireFlow and AppViz. (default)

1. To enable user awareness in in FireFlow and AppViz.

Enable / disable inclusion of user-defined custom traffic fields in flat tickets

By default, FireFlow automatically includes all user-defined custom traffic fields (traffic fields, source fields, user fields, destination fields, service fields, and application fields) in the XML of a change request (a flat ticket). If desired, you can disable inclusion of such fields in flat tickets.

Configuration Parameter Name Value
IncludeUserDefinedTrafficCustomFieldsInXML

0. To disable inclusion of user-defined custom traffic fields in flat tickets.

1. To enable inclusion of user-defined custom traffic fields in flat tickets. (Default)