Deploying configuration changes

After applying configuration changes to a location, policy, custom response, or custom list, you must deploy these changes to the Enterprise Threat Protector (ETP) network to make sure that they take effect. For example, when you add or modify a location, the configuration changes are not propagated to the ETP network until the deploy operation is completed.

Similarly, you must also deploy an identity provider (IdP) configuration. For more information, see Identity providers.

You can click the Pending Changes tab to show the changes that were applied to ETP since the last deploy operation was completed. This window shows the configuration changes that are currently pending deployment.

The Pending Changes window includes this information:

  • Specific settings that were added or modified. Depending on the modification, the Pending Changes window shows the original and new setting values.
  • The user who created or modified the setting.
  • Configuration changes that are related to the applied settings. For example, if you modify a policy and associate a new location to the policy, this change also impacts a location configuration. As a result, a change to the specific location is also visible in the list of pending changes.

If you're a super administrator, you can deploy all configurations changes or a specific change. For example, you could deploy changes associated with a component such as locations or you can select a specific change.

If you're a delegated or tenant administrator, you can deploy configuration changes related to the locations, policies, and custom lists that you added or that you have permission to manage. However, if the pending change list includes custom list changes that a delegated or tenant administrator did not make, the delegated or tenant administrator cannot deploy their custom list modifications. To deploy these changes, the delegated or tenant administrator must contact an ETP super administrator.

The deploy operation for a location, policy, and custom list typically completes in 20-30 seconds. If you are deploying an IdP, the deploy operation for the IdP takes three to five minutes. A progress bar appears when deploying an IdP.

A super administrator can revert changes to return to the settings that were previously deployed. A delegated or tenant administrator can revert changes for the locations, policies, and custom lists they created or are allowed to manage. Keep in mind that if multiple administrators modified the same item, such as a specific policy or location, a revert operation automatically removes all pending changes that are associated with it.

As part of the deployment process, administrators must confirm their changes. This process involves commenting on the deployed changes. These comments are logged on the Deployment History tab where an administrator and any ETP user can track the changes that were deployed to the network.