This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vincent_Bacher
Advisor
‎2018-06-12 04:24 AM

Will (Smart)Workflow come back?

Jump to solution

Hello together,

i am wondering if there are any news, if and when (Smart)Workflow will come back.

Does anybody have news about that?

Best regards

Vincent

and now to something completely different
2 Solutions

Accepted Solutions
Tomer_Sole
Employee Alumnus
Employee Alumnus
‎2018-06-12 04:53 AM

Jump to solution

Hi, 

The plan is to incorporate the feature set of SmartWorkflow without calling it "an extra blade". 

The R80.10 security management platform it built for team work and change management. The session name and description appear in the audit logs (and you can mark them as mandatory for users to fill in). When installing a policy, you get the list of changes that will be installed. As you make changes, the Session pane on the right-side shows you which changes were made. And with SmartView you can make audit overview reports and charts for change management. Every publish operation creates a revision automatically, allowing you to log-in to that old revision with read-only permissions, or install that previous revision on your gateway if something goes wrong.

The new Permission Profiles let you segregate the install policy permission from the rest of the permissions, and create a new working model in which the person that makes the management changes is not allowed to deploy them. Session Take-Over lets you approve, discard or change pending changes on behalf of your teammates (if you have the permission for it). 

All of the following can help you make effective change management and approval cycle. Even though R80.10 does not yet have an "approve changes" button, you might be able to utilize these features above for this purpose. 

The next step with change approval is to automate approval or denial of certain changes, if they don't meet your criterias. Management API commands such as show-changes and show-sessions can help you automate the approval cycle. With SmartEvent you can create an Automatic Reaction whenever someone publishes changes or installs a policy and send it over email or run a custom script. Compliance Blade shows you a dashboard of misconfigurations and security alerts in case your administrators do not follow some of the best practices.  And we are interested to know what automated checks you guys have - so that we can extend the platform to allow you to run those checks automatically in our next releases.

View solution in original post

PhoneBoy
Admin
Admin
‎2020-08-24 12:46 PM

Jump to solution

Just to add a couple of things to this thread:

  • Diff Report for changes between two revisions is available as a SmartConsole Extension for R80.30 and R80.40.
  • Four-eyes approval workflow is currently a customer release on top of R80.40. While it was planned for R81, it is currently planned for a post-R81 release.

View solution in original post

29 Replies
Tomer_Sole
Employee Alumnus
Employee Alumnus
‎2018-06-12 04:53 AM

Jump to solution

Hi, 

The plan is to incorporate the feature set of SmartWorkflow without calling it "an extra blade". 

The R80.10 security management platform it built for team work and change management. The session name and description appear in the audit logs (and you can mark them as mandatory for users to fill in). When installing a policy, you get the list of changes that will be installed. As you make changes, the Session pane on the right-side shows you which changes were made. And with SmartView you can make audit overview reports and charts for change management. Every publish operation creates a revision automatically, allowing you to log-in to that old revision with read-only permissions, or install that previous revision on your gateway if something goes wrong.

The new Permission Profiles let you segregate the install policy permission from the rest of the permissions, and create a new working model in which the person that makes the management changes is not allowed to deploy them. Session Take-Over lets you approve, discard or change pending changes on behalf of your teammates (if you have the permission for it). 

All of the following can help you make effective change management and approval cycle. Even though R80.10 does not yet have an "approve changes" button, you might be able to utilize these features above for this purpose. 

The next step with change approval is to automate approval or denial of certain changes, if they don't meet your criterias. Management API commands such as show-changes and show-sessions can help you automate the approval cycle. With SmartEvent you can create an Automatic Reaction whenever someone publishes changes or installs a policy and send it over email or run a custom script. Compliance Blade shows you a dashboard of misconfigurations and security alerts in case your administrators do not follow some of the best practices.  And we are interested to know what automated checks you guys have - so that we can extend the platform to allow you to run those checks automatically in our next releases.

Vincent_Bacher
Advisor
‎2018-06-12 05:11 AM
In response to Tomer_Sole

Jump to solution

Hi Tomer,

thank you for info and suggestions

Cheers

Vincent

and now to something completely different
0 Kudos
Danny
Champion
Champion
‎2018-06-12 06:43 AM
In response to Tomer_Sole

Jump to solution

This is so important it should be announced more publicly.

0 Kudos
S_E_
Advisor
‎2018-06-18 05:51 AM
In response to Tomer_Sole

Jump to solution

 Hi

...When installing a policy, you get the list of changes that will be installed. As you make changes, the Session pane on the right-side shows you which changes were made....

You get the list but it is definitely not helpful like the graphical output of the SmartWorkFlow. It is simply not 'readable/visible if it is more than 1 object change.

And with SmartView you can make audit overview reports and charts for change management. Every publish operation creates a revision automatically, allowing you to log-in to that old revision with read-only permissions, or install that previous revision on your gateway if something goes wrong.

After someone published it. If there is a misconfiguration done by other admin, it is already to late. 

  

All of the following can help you make effective change management and approval cycle. Even though R80.10 does not yet have an "approve changes" button, you might be able to utilize these features above for this purpose. 

Yes, but is is still a step back if you are using SmartWorkflow for approval/4-eye principal changes.

The next step with change approval is to automate approval or denial of certain changes, if they don't meet your criterias. Management API commands such as show-changes and show-sessions can help you automate the approval cycle.

Are the plans to migrate it back to SmartConsole? 

Or do you recommend only API and third party tools?

Regards

5 of 5 people found this helpful

0 Kudos
Tomer_Sole
Employee Alumnus
Employee Alumnus
‎2018-06-18 09:59 AM
In response to S_E_

Jump to solution

Hi,

SmartWorkflow reports worked post-save. Audit overviews work post-publish. We are aware that both of those would be more useful doing pre-publish and we plan to do that in our next releases.

As well as a simple approval cycle.

Luis_Miguel_Mig
Advisor
‎2019-03-05 07:44 AM
In response to Tomer_Sole

Jump to solution

As far as I know, you get the Smartflow reports before the changes have been pushed to the gateway.

0 Kudos
Cristobal_Johns
Employee
Employee
‎2019-07-15 01:10 PM
In response to Tomer_Sole

Jump to solution

I think these sessions is not deleted and they are filling my hard drive

0 Kudos
Mahipal_Singh
Employee
Employee
‎2019-08-14 02:16 AM
In response to Tomer_Sole

Jump to solution

if we enable session pane from admin does that enabled for all the users or it is per user setting. if it is per user setting then user can disable it anytime. Can we control the publishing right for user same a policy install rights?

0 Kudos
Nurit_Gr
Employee Alumnus
Employee Alumnus
‎2019-08-14 03:39 AM
In response to Mahipal_Singh

Jump to solution

If you are referring to the new solution, then no - the enforcement will be central. Meaning that once the feature is installed / enabled, no user will be able to publish his session without going through the change management flow.

0 Kudos
Mahipal_Singh
Employee
Employee
‎2019-08-14 11:42 AM
In response to Nurit_Gr

Jump to solution
Can you explain in detail.
0 Kudos
Emre_Can_Lekesi
Explorer
‎2018-09-27 03:29 AM

Jump to solution

So is it coming back with r8x or not? Just a simple yes or no is much obliged thanks.

Tomer_Sole
Employee Alumnus
Employee Alumnus
‎2018-09-27 04:49 AM
In response to Emre_Can_Lekesi

Jump to solution

It is 80% there.

15% will make its way to our next releases.

The remaining 5% are the fact that it has a distinguished name, the extra cost, and enabling it on the object editor and those will not come back.

If your upgrade to R80.10 fails due to "your SmartWorkflow blade is enabled", please read my response above about Change Management features for R80.10 and make a decision whether simply turning off this "extra blade" and using the Change Management features that exist in R80.10 are sufficient.

Luis_Miguel_Mig
Advisor
‎2019-03-05 07:46 AM
In response to Tomer_Sole

Jump to solution

Can you set expectations on when the remaining features  will be available in R80.20?

0 Kudos
S_E_
Advisor
‎2019-03-13 05:29 AM
In response to Luis_Miguel_Mig

Jump to solution
@Luis_Miguel_Mig wrote:

Can you set expectations on when the remaining features  will be available in R80.20?

Hm,

even in R80.30 EA there is no SmartWorkflow mentioned.

No graphical report, no 4-eye approval stuff.

So, still stuck in R77.30 until this feature is available.

Regards

 

0 Kudos
Johnny_Wong
Ambassador
Ambassador
‎2019-03-19 07:49 AM
In response to S_E_

Jump to solution

Agree with Nickel, can we simply to ask a question do we going to support SmartWorkflow features to R80.x? The R77.30 going to EOL......

0 Kudos
Ron_Izraeli
Employee
Employee
‎2019-03-19 08:23 AM
In response to S_E_

Jump to solution

Changes Report (which was presented at the CPX 2019) will be released this year and will be supported in the upcoming R80.30 SmartConsole.

diff.png

Johnny_Wong
Ambassador
Ambassador
‎2019-04-02 07:23 AM
In response to Ron_Izraeli

Jump to solution

Thanks.

0 Kudos
GlennF
Explorer
‎2019-05-13 09:03 AM
In response to Ron_Izraeli

Jump to solution

The Change Summary report is going to be built in to R80.30 SmartEvent, or is there something that needs to be added?

0 Kudos
Tal_Paz-Fridman
Employee
Employee
‎2019-08-14 02:24 AM
In response to GlennF

Jump to solution

It will be added as an Extension into SmartConsole (and not related to SmartEvent)

 

0 Kudos
Tomer_Noy
Employee
Employee
‎2019-08-14 01:41 PM

Jump to solution

I will try to add some more info and explanations about what we are doing with Workflow.

In R77.x, Workflow was an additional blade that was purchased on top of the Management license. It had various features, but from our talks with customers the following two were most prominent:

  1. Changes diff report to see what changes were done before pushing to the gateway, or saving to the DB. The vast majority of users purchased Workflow for this feature.
  2. Approval cycle, most commonly a simple 4-eye-principal, where another person is needed to approve the changes. For some of the Workflow customers, this was also an important feature.

To a certain extent, the above can be achieved with existing R80.x features such as the sessions management and the change summary before pushing a policy. However, the usability and clarity when doing so, is not at the level that we want to reach.

Workflow has additional features (that some use), but we made a decision to focus on the two main features instead of implementing a replica of the R77.x design into R80.x. Also, we decided that these two features will be included in the product and will not require another license that needs to be purchased.

The Change Diff report was implemented using our new SmartConsole Extensions technology. The cool thing about that is that we can provide the feature over R80.30, even though the development continued after R80.30 was closed for new content. This was used by multiple customers as part of our EA process and we can provide it to additional customers on demand. We still have a few kinks and bugs that we want to squash before we declare it public for everyone.

The 4-eye approval is developed using new I/S (SmartTasks) that we've added in R80.40. It's possible that it will be a "soft launch" in R80.40 and a quick RFE request will be needed to get it. We want to get some feedback on usage and perhaps do some more development on that before we open it up more publicly.

Feel free to reach out to me or @Amir_Jaron about this.

GlennF
Explorer
‎2019-09-09 08:51 AM
In response to Tomer_Noy

Jump to solution

How do we get the extension for the Diff report to be added to SmartEvent R80.30?

 

0 Kudos
Dima_M
Employee
Employee
‎2019-09-09 10:27 AM
In response to GlennF

Jump to solution

Hey Glenn,

Change Report is generated per session and reflects changes to objects and rules before pushing policy.

It's still in development, please send me an email if you want to get your hands on EA for testing.

S_E_
Advisor
‎2019-11-22 05:22 AM
In response to Tomer_Noy

Jump to solution
@Tomer_Noy wrote:

I will try to add some more info and explanations about what we are doing with Workflow.

In R77.x, Workflow was an additional blade that was purchased on top of the Management license. It had various features, but from our talks with customers the following two were most prominent:

  1. Changes diff report to see what changes were done before pushing to the gateway, or saving to the DB. The vast majority of users purchased Workflow for this feature.
  2. Approval cycle, most commonly a simple 4-eye-principal, where another person is needed to approve the changes. For some of the Workflow customers, this was also an important feature.

 

And compared to other solutions, you were able to see other changes as well, e.g. change of property settings, parameter changes...

Easy comparison of different policies versions.

Approval cycle with mail notifications, Emergency changes....

 

Really waiting to have this feature back.

Not sure why a decisions was made not to re-develop the tool. Isn't it a unique feature ? (unique selling point)

Looking forward to see the first EA and hope that it will travel into main release. (Not just RFE)

 

Regards

 

 

0 Kudos
Haichao_Xie
Employee Alumnus
Employee Alumnus
‎2020-07-09 07:57 PM
In response to Tomer_Noy

Jump to solution

Hi Tomer, Does "The 4-eye approval" support in R80.40 now? Thanks!

0 Kudos
Tomer_Noy
Employee
Employee
‎2020-07-11 11:23 PM
In response to Haichao_Xie

Jump to solution

The 4-eye approval support is available as an RFE addon on top of R80.40. 

If you'd like to get it, reach out to Solution Center and they should be able to help.

0 Kudos
Garrett_DirSec
Advisor
‎2021-12-07 08:30 AM
In response to Tomer_Noy

Jump to solution

Hello @Tomer_Noy and @PhoneBoy  -- thanks for info on re-introduction of SmartWorkflow.

I'm following up on this thread to confirm everything in Tomer's post still accurate for discuss with customer. 

Basic highlights to pass to customer:

  1. Smartworkflow re-developed using new SmartTasks mechanism.  provide 4-eyes approval process.
  2.  Smartworkflow "four eyes approval" is soft launched with R80.40 and available upon request via Solution Center.
  3. Both R81 and R81.10 do not have option for Smartworkflow "four eyes approval".
  4. R81.20 will include Smartworkflow "four eyes approval". 
  5. Whether in R80.40 or R81.20+, the new Smartworkflow "four eyes approval" feature is free.

Please confirm.   thanks -Garrett

Tomer_Noy
Employee
Employee
‎2021-12-07 11:05 PM
In response to Garrett_DirSec

Jump to solution

Hi @Garrett_DirSec,

Please see comments inline with your notes:

Basic highlights to pass to customer:

1. Smartworkflow re-developed using new SmartTasks mechanism.  provide 4-eyes approval process.

SmartWorkflow was indeed re-developed and relies on SmartTasks mechanism behind the scenes. The development was beyond the scope of just SmartTasks and includes various other improvements and changes in the Management server code.

2. Smartworkflow "four eyes approval" is soft launched with R80.40 and available upon request via Solution Center.

We developed some SmartWorkflow capabilities as an RFE over R80.40 for a few customers that requested it. I'm not sure I would call that a "soft launch".
In full transparency, we were not satisfied with the way it worked and there were various limitations that were difficult to resolve in that design. Therefore we decided to re-implement it differently for R81.20.

3. Both R81 and R81.10 do not have option for Smartworkflow "four eyes approval".

Indeed, it was decided not to port the R80.40 Workflow RFE to later versions because of the re-implementation plans for R81.20.

4. R81.20 will include Smartworkflow "four eyes approval". 

We are in process of approving this content into R81.20. It looks like we're on track, but it will be easier to give a final confirmation in a few weeks.

5. Whether in R80.40 or R81.20+, the new Smartworkflow "four eyes approval" feature is free.

Workflow required a paid license in R77.30. In R80.40 we gave it to a few customers as part of the RFE process and in such cases we usually don't open up the licensing / cost discussion.
Now that Workflow is coming back as a full feature in R81.20, Product Management are evaluating the model for releasing it to customers. This will be cleared up by the release date.

 

Garrett_DirSec
Advisor
‎2021-12-08 02:10 PM
In response to Tomer_Noy

Jump to solution

Hello @Tomer_Noy  -- sincere thanks for the update and insight on Smartworkflow.     

This information is very helpful for customer and how to focus effort on near term upgrades.      With the information that Smartworkflow will change between R80.40 and R81.20, customer has opted to wait until R81.20 to re-adopt Smartworkflow into their FW administration procedure.    They have already been approach for private EA of R81.20. 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-08-24 12:46 PM

Jump to solution

Just to add a couple of things to this thread:

  • Diff Report for changes between two revisions is available as a SmartConsole Extension for R80.30 and R80.40.
  • Four-eyes approval workflow is currently a customer release on top of R80.40. While it was planned for R81, it is currently planned for a post-R81 release.