Traffic field parameters

Enable / disable multiple traffic rows in change requests

By default, FireFlow allows users to add more traffic rows to a change request, by clicking Add More Traffic. If desired, you can disable this option and remove the Add More Traffic button.

Configuration Parameter Name Value

0. To disable multiple traffic rows.

1. To enable multiple traffic rows. (Default)

Enable / disable application or service translation for Palo Alto devices

When a change request is submitted for a Palo Alto device, the requestor may define the traffic using a service, even when it would be better to define the traffic with an application.

If desired, you can enable automatic translation of services to their relevant applications. After initial planning, the sub-requests will be created with the service "application-default" and the relevant application. Services will only be translated into an application if they match an application's default service exactly and uniquely.

Note: AppViz users should not enable this configuration option as it will cause flows to fail validation.

Note: This configuration option is only relevant when application awareness is enabled. See Enabling/Disabling User and Network Application Awareness (see Enable / disable user and network application awareness).

Note: The maximum number of services translated per traffic line is three. If more than three services appear in a single traffic line, the services in that line will not be translated into applications.

Configuration Parameter Name Value

0. To disable application/service translation. (Default)

1. To enable application/service translation.

Enable / disable user and network application awareness

You can manually enable or disable user and network application awareness in FireFlow.

Traffic fields and supported devices:

  • The User traffic field is supported for Panorama, and FortiManager devices.

  • The Application traffic fields supported for Panorama and Cisco Firepower devices.

Upon enabling User and/or Network application awareness, the corresponding traffic fields (User, Application) are displayed in all locations where traffic fields are present. These fields are incorporated into traffic simulation queries, initial planning, risk assessments, and connectivity verifications.

Once user and network application awareness are enabled in FireFlow, the associated traffic fields are available in AppViz and can be set there to be visible or hidden. See Manage application and user awareness .

By default, ASMS assigns service (ports and protocols) to each application. This default service appears as the value application-default in the Service field. The default service may vary depending on the application in question

Tip: To view the default service (ports and protocols) assigned by ASMS to a specific application, in FireFlow hover over the "application-default" value in the Service field. The ports and protocols used by ASMS for the application is displayed.

Note: After changing either of these parameters, you must restart AppViz in addition to restarting FireFlow.

Note: Disabling this support discards all user and/or network application data in FireFlow and AppViz.

Configuration Parameter Name Value

0. To disable network application awareness in FireFlow and AppViz. (default)

1. To enable network application awareness in FireFlow and AppViz.


0. To disable user awareness in FireFlow and AppViz. (default)

1. To enable user awareness in FireFlow and AppViz.

Enable / disable inclusion of user-defined custom traffic fields in flat tickets

By default, FireFlow automatically includes all user-defined custom traffic fields (traffic fields, source fields, user fields, destination fields, service fields, and application fields) in the XML of a change request (a flat ticket). If desired, you can disable inclusion of such fields in flat tickets.

Configuration Parameter Name Value

0. To disable inclusion of user-defined custom traffic fields in flat tickets.

1. To enable inclusion of user-defined custom traffic fields in flat tickets. (Default)

Allow / prevent modifying rules with user awareness for FortiManager

By default, FireFlow allows users to modify rules with user awareness for FortiManager devices using FireFlow. To prevent users from modifying rules with user awareness, set the following parameter to yes.

Configuration Parameter Name Value

(By default, this parameter is not defined)

no: Allow users to modify rules with user awareness. (Default)

yes: Prevent users from modifying rules with user awareness.