Home
> Forefront TMG 2010, Threat Management Gateway > Forefront TMG 2010 Configuration Change Description Survey
Forefront TMG 2010 Configuration Change Description Survey
December 19, 2011
When making changes to the Forefront TMG 2010 firewall, by default the administrator is prompted to enter a description of the configuration changes made before they are applied. For those TMG administrators that use this facility, what kind of information do you put in this change description box? A verbose explanation of changes made? Details about why the change was made? Your name, network ID, or initials? Is it helpful to provide reference to a help desk ticket or a change request?
Tell me how you use this feature and what kind of information you typically provide by commenting on this post. I’ll approve the most interesting and useful ones as they come in. Thanks in advance for participating!
From a PCI compliance perspective we have to be able to reference all firewall changes to a change request. Since the data logged is quite detailed including the person making the changes the only real bit that is missing is the request number.
On a side note, it pays to spend some time to learn how to read an interpret the log before something goes wrong and then you start looking for answers
Hey Rich,
A lot of detail is already recorded in the change log already, so with some customers we just use this to record the Change Number or Change Reference. This way a change number can be tracked back to the actual TMG changes.
Sometimes it is also useful for a real world comments like “Added URL filtering exception to keep CIO happy” 🙂
Cheers
JJ
Usually a reference to a help desk ticket, explaining what is the change, who requested it and who approved it.
As a consultant I try to always use change number, my company name and initials if i am using a generic login detail. So to prove to the customer what changes I have made.
RFC Number (logged on our incident / change management system) the change title and implementing engineer.
When i make some change to the old ISA or now TMG 2010, always i use this feature. Which Admin use server, who make a changes, time and date, by whose order (CIO, CEO, etc.) is done, the work order number
This Change Tracking feature continues from ISA Server 2006 SP1 to TMG 2010. This feature is very powerful features because of the following reasons:
1. It automatically export the entire TMG configuration before we apply the new policy. So it will help us to revert back to previous configuration if we get any problem after applying the new policies.
2. Second it helps to track the TMG administrator so that who will change or modify or delete the firewall policy at what time and date. Change Tracking will display the Time, User and Change summary. This is mainly for the TMG administrator for the tracking firewall rule modification by who the users at what time for which reasons.
I always provide a high-level reason a change was made along with a reference to a ticket number from our helpdesk system. This allows us to go back and audit changes with more granular detail tracked by our ticketing/change control system.