Minimize Risks Exposure with up-to-date intelligence and continous network visibility

Change Manager


View our Change Manager high-level demo


Firewall Change Made Easy

Managing and tracking firewall changes manually is costly, time consuming, and prone to human error. An enterprise with 50 firewalls may spend 100-200 firewall administration hours a month simply managing routine changes. With Skybox® Change Manager network managers have a powerful tool for complete firewall workflow management.  

An out-of-the-box workflow process plus easily customized policies help organizations gain control of their change process quickly.   With complete change life-cycle management, firewall administrators can ensure accurate firewall changes in a fraction of the time. Available as an add-on module for  Firewall Assurance.


  • Decrease costs associated with firewall management
  • Eliminate errors and misconfigurations during firewall changes
  • Optimize the change workflow process

Classic features

  • Web-based workflow application
  • Full ticketing system – including multiple phases, audit-log, comments, attachments etc.
  • Finds relevant firewalls for each source, destination and port by change specification
  • Checks actual connectivity by simulating the firewall access list
  • Checks policy compliance requests against out-of-the-box or customized policies
  • Automatic email notifications
  • Allows integration with 3rd party ticketing systems

Managing the large number of firewall change requests was proving to be a very difficult task for the firewall administration team. It took hours to manually check change requests against organizational best practices and change implementation was riddled with errors. Using Skybox Change Manager, this organization was able to centrally manage change requests, allowing users to check the request against the organization network policy and quickly identify any deviations from the policy.

  • Customizable centralized workflow system for firewall change request
  • Automatic policy compliance testing of requests against the organization network policy
  • Change request testing in virtual environment prior to deployment
  • Interoperability with Skybox Firewall Assurance to support monitoring of actual firewall changes

Step 1 – Capture information. The user submits a short description of the change request and business requirements. The user submits the list of sources, destinations or services that are covered by the change request.

Step 2 – Technical specifications. The  firewall specialist reviews and completes the source-destination-port list. Then Change  Manager finds the relevant firewalls and checks whether the connectivity is already permitted or not.

Step 3 – Validation. Change Manager analyzes the change request and validates that changes are in compliance with pre-determined network policies.  Change Manager identifies any violations that will occur if the change is implemented as well as the associated risk level.

Step 4 – Review. The user reviews the analysis, formalizes the rule and object changes, and submits the final change request. 

Step 5 – Change verification. Change Manager determines if the change request has been submitted correctly. The user acknowledges the changes and closes the ticket.