Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Use of MGMT_CLI - 4 eyes review

Hi,

I have been doing some work on the use of the MGMT_CLI API as a means of creating objects, rules & services etc. We have a process whereby changes an admin makes have to get reviewed by another admin in the team before they are published.

Is there a way how I can get changes reviewed easily by a fellow administrator before they are published via the GUI or would it be  case of publishing the changes then discarding them via 'Revisions' in SmartConsole. Just trying to work out if there is a better way.

We used to use SmartWorkflow and understand this may be reintroduced in future versions.

Thanks

Paul Norman

0 Kudos
4 Replies
Highlighted

session changes can be kept unpublished and then somebody else from your team can takeover your session and publish those changes.
In our team we had process that one person edited and published rules and second person on team just verified and install policies..
Highlighted
Admin
Admin

R80.40 has SmartTasks, which could be used to potentially automate some of these "four eyes" checks.
As for something built in, not yet.
0 Kudos
Highlighted

Thanks all, I shall test this.

0 Kudos
Highlighted
Employee+
Employee+

@pnorman821 

Hi Paul et al,

We recently released a solution that allows 4 eyes review, it consists of two elements:

1. Changes Report - developed using our new SmartConsole Extensions technology, this feature allows review of changes before publishing and comparison between revisions.

2. Approval Cycle (4 eyes principal) - Peer review before publishing the session.

This release is focused on SmartConsole changes and once turned on, it blocks admin from publishing until another admin approves the session
Behavior is similar for API sessions:
If user A does API changes, he/she will have to have another user B to tag their session, user B can use "show-changes" API to view the changes.

In order to get this solution, please approach Solution Center via your account team. Should you have any question or feedback, please feel free to contact me directly mailto:dimam@checkpoint.com