Sometimes it seems as if not all needed options are available when defining a Workflow in Tufin SecureChange.
Since many versions of SecureChange, some templates are available that might help administrators to create Workflows:

  • Access Request Template
  • Group Change Template
  • Generic Template
  • Remove Access Template

If the requirement allows to use such a Template as basis for a new, own Workflow it's ok to use them.

If there are further requirements like e.g. Removal of a rule, a "new" Workflow should be defined.
This is done by clicking on the corresponding button (required: Correct right from Role in SecureChange, otherwise this option might not be available).

After clicking on New Workflow some basic things like Name of the Workflow needs to be configured. Besides this, the Type of Workflow is required. Please be aware that this type can’t be changed later on.

Available options are:

  • Access Request
    Users need this type of Workflow to request access to some hosts or networks using “Source-Destination-Service”
  • Access Request & Modify Group
    Besides requesting access this type allows to request a change of a group of firewall objects, e.g. a group of Hosts or Networks
  • Generic
    A very flexible Workflow allowing e.g. the management of holidays (which isn’t the real purpose of SecureChange…)
  • Modify Group
    This Workflow allows to change Groups of e.g. hosts or networks defined in Firewall configuration. It’s mostly used by people having access to Firewall configuration files. Please be aware that since R17-3 also new Groups can be defined here.
  • Rule Decommission
    If a rule needs to be removed, this type of Workflow should be used. It’s triggered from SecureTrack > Menu > Policy Browser. Please find further information about this topic here.
  • Server Decommission
    For removing Servers this is the Type of Workflow that should be selected.

Be sure that you select the correct type for the Workflow you need. Please consider the fact that changing the type isn’t possible when copying a Workflow as a base for a new Workflow.