Adding Comments to Rules in Policies and Rulesets

You can add comments to rules in FDM-managed device policies and rules in rulesets to document some characteristic of a rule. Rule comments are are only visible on Security Cloud Control; they are never written to the FDM-managed device nor are they visible in FDM.

Comments are added to rules after they are created and saved in Security Cloud Control. As rule comments are only a feature of Security Cloud Control, creating, changing, or deleting a rule comment does not change the configuration status of the device in Security Cloud Control to "Not Synced". You will not need to write changes from Security Cloud Control to the FDM-managed device to save a rule comment.

Comments associated with rules in an FDM-managed device policy can be viewed and edited on the device's policy page. Comments associated with rules in an FDM-managed device ruleset can be viewed and edited on the rulesets page. When a ruleset is used in a policy, any comments associated with any of the rules in the ruleset are displayed in the comments area of the policy. The comments are read-only.

When you search for a string in policies, rulesets, or the change log, Security Cloud Control will search the comments associated with a rule for that string along with the other attributes and values of a rule.

When a comment for a rule is added or edited, that action is recorded in the Change log. Because rule comments are only recorded and maintained in Security Cloud Control, they are labeled (Security Cloud Control-only change) in the change log.

Caution

If there is an out of band change to an FDM-managed device's configuration and Security Cloud Control reads that configuration into its database, the comments associated with any rules will be wiped out.