Guidelines and Limitations for Change Management

When operating in change management mode, users can make changes to supported policies, but they cannot save the changes. For example, you could go through the dialog box to create a new Platform Settings policy without an open ticket, but when you click OK to actually create the policy, you will get an error and the policy will not be created.

The following activities require that all tickets be in a terminal state, that is, approved or discarded: backup/restore, moving a device between domains, upgrading Management Center.

Deleting a device from the inventory requires that all tickets involving that device be approved or discarded.

Some processes, such as deployment and backup/restore, prevent you from changing the Change Management mode. Wait until the process completes to change the mode.

Your ability to create objects while configuring a feature is constrained based on whether the feature and objects are all supported by change management. For example, importing a configuration is not supported by change management. Therefore, you cannot create security zone objects, which are supported, during the import. On the other hand, you can create new objects while configuring access control rules, because both are supported.

When you create an object from CDO, the system automatically creates a ticket internally and allows the object to be associated with the cloud-delivered Firewall Management Center. You do not have to create or have an open ticket to do this. However, when you want to create an object from the cloud-delivered Firewall Management Center, you need an existing ticket or create one. The object is synchronized to CDO only after the ticket is approved.

When using cloud-delivered Firewall Management Center, a user defined in Cisco Defense Orchestrator is available to be assigned tickets only after the user cross-launches cdFMC at least once. Until the first cross-launch, the user does not exist in cdFMC.