Client Firewall Service (CFS) enabled and includes a number of non default policies.
Internal change control process followed when any CFS policy changes are applied.
With no recent policy changes applied, Cloud SWG admin noticed that there are apparent policy that need to be committed - there is an * next to CFS-G2 where we added rules.
Why would we report that changes need to be 'activated' when no changes were made?
Client Firewall Service.
Cloud SWG.
A comment was added to a rule, without any changes in the actual policy.
Two options exist to address this issue for now.
All Portal admin changes are logged to the audit logs.
In the above scenario, we clearly saw that there were no policy changes between the last 'update' operation with CFS (which applied all the 'saved' operation rules) and the pending request.
Adding a comment to a rule does not trigger a 'save' operation to the audit logs, but does confirm that no policy rules were updated.
Broadcom is planning a Portal update that will NOT trigger a policy change event when a command is added to an existing rule.