Traffic field parameters

Enable / disable multiple traffic rows in change requests

By default, FireFlow allows users to add more traffic rows to a change request, by clicking Add More Traffic. If desired, you can disable this option and remove the Add More Traffic button.

Configuration Parameter Name	Value
EnableMultipleTraffic	0. To disable multiple traffic rows. 1. To enable multiple traffic rows. (Default)

Configuration Parameter Name

Value

EnableMultipleTraffic

0. To disable multiple traffic rows.

1. To enable multiple traffic rows. (Default)

Enable / disable application or service translation for Palo Alto devices

When a change request is submitted for a Palo Alto device, the requestor may define the traffic using a service, even when it would be better to define the traffic with an application.

If desired, you can enable automatic translation of services to their relevant applications. After initial planning, the sub-requests will be created with the service "application-default" and the relevant application. Services will only be translated into an application if they match an application's default service exactly and uniquely.

Note: AppViz users should not enable this configuration option as it will cause flows to fail validation.

Note: This configuration option is only relevant when application awareness is enabled. See Enabling/Disabling User and Network Application Awareness (see Enable / disable user and network application awareness).

Note: The maximum number of services translated per traffic line is three. If more than three services appear in a single traffic line, the services in that line will not be translated into applications.

Configuration Parameter Name	Value
PanoramaServicesTranslation	0. To disable application/service translation. (Default) 1. To enable application/service translation.

Configuration Parameter Name

Value

PanoramaServicesTranslation

0. To disable application/service translation. (Default)

1. To enable application/service translation.

Enable / disable user and network application awareness

You can manually enable or disable user and network application awareness in FireFlow.

Traffic fields and supported devices:

The User traffic field is supported for Panorama, and FortiManager devices.
The Application traffic fields supported for Panorama and Cisco Firepower devices.

Upon enabling User and/or Network application awareness, the corresponding traffic fields (User, Application) are displayed in all locations where traffic fields are present. These fields are incorporated into traffic simulation queries, initial planning, risk assessments, and connectivity verifications.

Once user and network application awareness are enabled in FireFlow, the associated traffic fields are available in AppViz and can be set there to be visible or hidden. See Manage application and user awareness .

By default, ASMS assigns service (ports and protocols) to each application. This default service appears as the value application-default in the Service field. The default service may vary depending on the application in question

Tip: To view the default service (ports and protocols) assigned by ASMS to a specific application, in FireFlow hover over the "application-default" value in the Service field. The ports and protocols used by ASMS for the application is displayed.

Note: After changing either of these parameters, you must restart AppViz in addition to restarting FireFlow.

Note: Disabling this support discards all user and/or network application data in FireFlow and AppViz.

Configuration Parameter Name	Value
ShowApplicationFieldInCreateForm	0. To disable network application awareness in FireFlow and AppViz. (default) 1. To enable network application awareness in FireFlow and AppViz.
ShowUserFieldInCreateForm	0. To disable user awareness in FireFlow and AppViz. (default) 1. To enable user awareness in FireFlow and AppViz.

Configuration Parameter Name

Value

ShowApplicationFieldInCreateForm

0. To disable network application awareness in FireFlow and AppViz. (default)

1. To enable network application awareness in FireFlow and AppViz.

ShowUserFieldInCreateForm

0. To disable user awareness in FireFlow and AppViz. (default)

1. To enable user awareness in FireFlow and AppViz.

Enable / disable inclusion of user-defined custom traffic fields in flat tickets

By default, FireFlow automatically includes all user-defined custom traffic fields (traffic fields, source fields, user fields, destination fields, service fields, and application fields) in the XML of a change request (a flat ticket). If desired, you can disable inclusion of such fields in flat tickets.

Configuration Parameter Name	Value
IncludeUserDefinedTrafficCustomFieldsInXML	0. To disable inclusion of user-defined custom traffic fields in flat tickets. 1. To enable inclusion of user-defined custom traffic fields in flat tickets. (Default)

Configuration Parameter Name

Value

IncludeUserDefinedTrafficCustomFieldsInXML

0. To disable inclusion of user-defined custom traffic fields in flat tickets.

1. To enable inclusion of user-defined custom traffic fields in flat tickets. (Default)

Yes No

Send Feedback

Sorry about that

Why wasn't this helpful? (check all that apply)

Couldn't find what I was looking for

Instructions confusing or unclear

Instructions didn't work

Thanks for your feedback!

Great!

Thanks for taking the time to give us your feedback.