Traffic field parameters
Enable / disable multiple traffic rows in change requests
Configuration Parameter Name | Value |
---|---|
EnableMultipleTraffic |
0. To disable multiple traffic rows. 1. To enable multiple traffic rows. (Default) |
Enable / disable application or service translation for Palo Alto devices
When a change request is submitted for a Palo Alto device, the requestor may define the traffic using a service, even when it would be better to define the traffic with an application.
If desired, you can enable automatic translation of services to their relevant applications. After initial planning, the sub-requests will be created with the service "application-default" and the relevant application. Services will only be translated into an application if they match an application's default service exactly and uniquely.
Note: AppViz users should not enable this configuration option as it will cause flows to fail validation.
Note: This configuration option is only relevant when application awareness is enabled. See Enabling/Disabling User and Network Application Awareness (see Enable / disable user and network application awareness).
Note: The maximum number of services translated per traffic line is three. If more than three services appear in a single traffic line, the services in that line will not be translated into applications.
Configuration Parameter Name | Value |
---|---|
PanoramaServicesTranslation |
0. To disable application/service translation. (Default) 1. To enable application/service translation. |
Enable / disable user and network application awareness
You can manually enable or disable user and network application awareness in FireFlow.
Traffic fields and supported devices:
-
The User traffic field is supported for Panorama, and FortiManager devices.
-
The Application traffic fields supported for Panorama and Cisco Firepower devices.
Upon enabling User and/or Network application awareness, the corresponding traffic fields (User, Application) are displayed in all locations where traffic fields are present. These fields are incorporated into traffic simulation queries, initial planning, risk assessments, and connectivity verifications.
Once user and network application awareness are enabled in FireFlow, the associated traffic fields are available in AppViz and can be set there to be visible or hidden. See Manage application and user awareness .
By default, ASMS assigns service (ports and protocols) to each application. This default service appears as the value application-default in the Service field. The default service may vary depending on the application in question
Tip: To view the default service (ports and protocols) assigned by ASMS to a specific application, in FireFlow hover over the "application-default" value in the Service field. The ports and protocols used by ASMS for the application is displayed.
Note: After changing either of these parameters, you must restart AppViz in addition to restarting FireFlow.
Note: Disabling this support discards all user and/or network application data in FireFlow and AppViz.
Configuration Parameter Name | Value |
---|---|
ShowApplicationFieldInCreateForm |
0. To disable network application awareness in FireFlow and AppViz. (default) 1. To enable network application awareness in FireFlow and AppViz. |
ShowUserFieldInCreateForm |
0. To disable user awareness in FireFlow and AppViz. (default) 1. To enable user awareness in FireFlow and AppViz. |
Enable / disable inclusion of user-defined custom traffic fields in flat tickets
By default, FireFlow automatically includes all user-defined custom traffic fields (traffic fields, source fields, user fields, destination fields, service fields, and application fields) in the XML of a change request (a flat ticket). If desired, you can disable inclusion of such fields in flat tickets.
Configuration Parameter Name | Value |
---|---|
IncludeUserDefinedTrafficCustomFieldsInXML |
0. To disable inclusion of user-defined custom traffic fields in flat tickets. 1. To enable inclusion of user-defined custom traffic fields in flat tickets. (Default) |
Allow / prevent modifying rules with user awareness for FortiManager
By default, FireFlow allows users to modify rules with user awareness for FortiManager devices using FireFlow. To prevent users from modifying rules with user awareness, set the following parameter to yes.
Configuration Parameter Name | Value |
---|---|
FMGR_Disable_Rule_Modification_With_Users |
(By default, this parameter is not defined) no: Allow users to modify rules with user awareness. (Default) yes: Prevent users from modifying rules with user awareness. |