Deployment Preview

Preview provides a snapshot of all the policy and object changes to be deployed on the device. The policy changes include the new policies, changes in the existing policies, and the deleted policies. The object changes include the added and modified objects which are used in policies. The unused object changes are not displayed because they are not deployed on the device.

On the Deployment page, the Preview column provides a Preview (preview icon) icon for each listed device. On clicking the preview icon, management center displays a UI page listing all the policy and object changes. The left pane on the preview page lists all the different policy types that have changed on the device, organized in a tree structure.

The Filter icon ( provided on the Preview page provides an option to filter the policies at the user level and policy level. Click the Filter icon (. Select the policy or user name, or both, and then click Apply to restrict the displayed listing to only the selected items. To view all the pending deployments, ensure that you click the Filter icon and select Reset.

The right pane lists all the additions, changes, or deletions in the policy, or the object selected in the left pane. The two columns on the right pane provide the last deployed configuration settings (in the Deployed Version column) versus the changes that are due for deployment (in the Version on Firewall Management Center column). The last deployed configuration settings are derived from a snapshot of the last saved deployment in the management center and not from the device. The background colors of the settings are color-coded as per the legend available on the top-right of the page.

The Modified By column lists the users who have modified, or added the configuration settings. At the policy level, the management center displays all the users who have modified the policy, and at the rule level, the management center displays only the last user who has modified the rule.

Deployment preview of changes to Security Intelligence, Geolocation, Sinkhole, and File List objects is supported. For an explanation of these and other reusable objects supported in the management center, see the chapter titled Reusable Objects.

You can download a copy of the change log by clicking the Download as PDF button.

Note

  • To preview the deploy changes, you require access from the REST API to the management center. To enable the REST API access, follow the steps in Enabling REST API Access.

  • The preview does not show the reordering of rules across policies.

    For DNS policies, reordered rules appear in the preview list as rule additions and deletions. For example, moving a rule from position 1 to position 3 in the rule order is displayed as if the rule was deleted from position 1 and added as a new rule in position 3. Similarly, when a rule is deleted, the rules under it are listed as edited rules as they have changed their positions. The changes are displayed in the final order in which they appear in the policy.

  • The preview shows all the default values, even when they are not altered, along with the other configured settings when an interface or a platform settings policy is added for the first time. Similarly, the high availability-related policies and default values for settings are shown, even when they are not altered, in the first preview after a high availability pair is configured or disrupted.

  • Preview is not supported for some objects.

  • Object additions and attribute changes are displayed in the preview only if the objects are associated with any device or interface. Object deletions are not displayed.

  • Preview is not supported for the following policies:

    • High availability

    • Network discovery

    • Network analysis

    • Device settings

  • The change log is not supported on NGIPS devices.

  • User information at rule level is not available for intrusion policies.

  • The management center displays the username as system for the following operations:

    • Rollback

    • Upgrade

    • FTD backup and restore

    • SRU update

    • LSP update

    • VDB update

  • If you change the management center name in System > Configuration > Information, the deployment preview does not specify this change, yet it requires deploy.