Cisco Systems CL-28826-01 Validating an Activity/Ticket

4-18

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 4 Managing Activities

Working with Activities/Tickets

–

Blue—Indicates the new value of a changed item.

•Shared Policies section—Changes to all shared policies are displayed here.

•Policy Bundles—Changes to all policy bundles are displayed here.

•Policy Objects—Changes to all policy objects are displayed here.

•VPN—Changes to VPN topologies and policies are displayed here, including newly discovered

VPNs and deleted VPN topologies.

In non-Workflow mode with Ticket Management disabled, you can view change reports for closed

configuration sessions by selecting Manage > Change Reports and then selecting the session in the

Change Report dialog box.

In non-Workflow mode with Ticket Management disabled, a configuration session is considered

complete when you either submit or discard your changes. The Change Report dialog box lists all closed

sessions, showing the date and time the session was closed, the action that closed it (submitted or

discarded), and the user name associated with the session. These sessions are equivalent to activities in

Workflow mode. Select a session and click View Chang es to view the report. For information on reading

the report, see Viewing Change Reports, page 4-16.

Tip To view the report for the current configuration session, close this dialog box and select File > View

Changes.

Validating an Activity/Ticket

In Workflow mode, Security Manager validates activities when you submit them for approval, or you can

validate an activity at any time while you are creating and changing policies in an activity. After an

activity is submitted, the validation report remains static.

In non-Workflow mode, Security Manager validates policies when you submit them to the database,

when you try to deploy them, or when you validate them. The validation process reports on policy

changes that were made up until the changes are submitted or deployed.

The validation process checks the following areas. If there are errors, you can display a detailed

summary of the validation results.

•Policy integrity—There are no unresolvable references (for example, missing objects, unresolved

interface roles, overrides of mandatory settings, and so on).

•Policy deployability—The platform, operating system, and configured features are supported by the

target devices so that policies can be correctly translated into CLI commands.

If a policy contains options that require specific device types or operation system versions, you will

see validation warnings for non-supported devices, but Security Manager will not generate the

associated commands for unsupported devices. This allows you to create policies that apply to a

wide range of devices without having to create policies that are too device-specific.

•FlexConfig integrity—There are no corrupted FlexConfig objects. If corrupted objects are found, a

warning with a list of the corrupted FlexConfig objects results.

•FlexConfig syntax—If syntax errors are found, a warning with a list of affected FlexConfigs and

their syntax errors results.