Firewall rule requests

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 4분

    • Use Service Catalog to request new firewall policies and rules.

    그림 1. Firewall rule request workflow
    Request new firewall rule

    Request new firewall rule

    Request a new firewall rule using Service Catalog to manage various IP addresses and enhance network security and accommodate evolving business requirements.

    시작하기 전에

    Ensure that the Firewall Audits and Reporting catalog is enabled.

    Role required: firewall_admin

    이 태스크 정보

    Administrators initiate tasks, which are automatically directed to the risk team for assessment and approval. Following approval, firewall admins smoothly implement changes, all orchestrated through automated workflows.

    프로시저

    1. Navigate to All > Service Catalog > Firewall Rules.
    2. Select Request Firewall Rule.
      그림 2. Request Firewall Rule
      Request firewall form.
    3. Enter the appropriate information for the following mandatory fields.
    • Source IP address
    • Destination IP address
    • Assignment Group

      Must have the sn_disco_firewall.firewall_user role.

    • Approval Group

      Must have the approver_user role.

    1. Enter or select any details that is required.
    2. Select Submit.
      The firewall rule task is created.

    다음에 수행할 작업

    To verify the new rule task, navigate to Rule Requests > Rule Requests Task. Your request should be visible in the list.

    Approve firewall requests

    Approval of firewall requests gives you controlled access and compliance. Members of the approver group can review and approve firewall audits and new firewall requests.

    시작하기 전에

    Role required: Members of the specified approver group approval_group specified in the rule task. The admin user can edit the approvers list in the Rule Request Task.

    프로시저

    1. Navigate to All > Self Service > My Approvals.
    2. Select the green checkmark to approve.

    결과

    • The Assignment group works on the request and marks it as Close Complete.
    • Once the assignment_group marks the request Close Complete, if the change request plugin is activated, a background sub-flow creates a change request.
      주:
      The change request is created only if the rule task is Approved and in Close Complete state.
    The Firewall rule task security policy M2M corresponds to the related list Security policies in Rule task. Firewall administrators can add description or tag fields in a security policy on a Panorama device. They can also add firewall rule task numbers or change request numbers while creating or modifying security policies on Panorama. When the next discovery runs, the M2M table populates the mapping between:
    • Firewall rule task and firewall security policy
    • Firewall security policy and business service if the business service is provided during the Firewall rule task request