Enforce an approval workflow
You can optionally enable an approval workflow in which an administrator must approve changes before they are committed and transferred to the engines.
Administrators with the following permissions can view the changes, approve the changes, and transfer the configurations to the engines:
- Administrators that have the Approve Changes permission
- Administrators with unrestricted permissions (superusers)
By default, the same administrator who made the changes cannot approve the changes. You can optionally allow administrators to approve their own changes.
For more details about the product and how to configure features, click Help or press F1.
Steps
-
Select
Menu > System Tools > Global System Properties.
- On the Change Management tab, select Require Approval for Changes in NGFW Engine Configuration.
- Click OK.
Global System Properties dialog box — Change Management tab
Use this tab to enforce an approval workflow for all engines.
| Option | Definition |
|---|---|
| Require Approval for Changes in NGFW Engine Configuration | When selected, all changes to engine configurations and policies must be approved before the changes are committed and transferred to the engines. Administrators with permissions to approve changes and administrators with unrestricted permissions (superusers) can approve changes. |
| Allow Administrators to Approve Their Own Changes | When selected, the same administrator who made the changes can approve the changes. |