Resolve Inconsistent Object Issues

Inconsistent objects are objects with the same name, but different values, on two or more devices. Sometimes users create objects in different configurations with the same name and content, but over time the values of these objects diverge, which creates the inconsistency.

Note: To resolve inconsistent object issues in bulk, see Resolve Object Issues in Bulk.

You can perform the following on inconsistent objects:

  • Ignore: Security Cloud Control ignores the inconsistency between objects and retains their values. The objects will no longer be listed under the inconsistency category.

  • Merge: Security Cloud Control combines all selected objects and their values into a single object group.

  • Rename: Security Cloud Control allows you to rename one of the inconsistent objects and give it a new name.

  • Convert Shared Network Objects to Overrides: Security Cloud Control allows you to combine inconsistent shared objects (with or without overrides) into a single shared object with overrides. The most common default value from the inconsistent objects is set as a default in the newly formed object.

    Note

    If there are multiple common default values, one of them is selected as the default. The remaining default values and override values are set as overrides of that object.

  • Convert Shared Network Group to Additional Values: - Security Cloud Control allows you to combine inconsistent shared network groups into a single shared network group with additional values. The criteria for this functionality is that the inconsistent network groups to be converted must have a minimum of one common object with the same value. All default values that match this criterion becomes the default values, and the remaining objects are assigned as additional values of the newly formed network group.

    For example, consider two inconsistent shared network groups. The first network group 'shared_network_group' is formed with 'object_1' (192.0.2.x) and 'object_2' (192.0.2.y). It also contains additional value 'object_3' (192.0.2.a). The second network group 'shared_network_group' is formed with 'object_1' (192.0.2.x) and additional value 'object_4' (192.0.2.b). On converting the shared network group to additional values, the newly formed group 'shared_network_group' contain 'object_1' (192.0.2.x) and 'object_2' (192.0.2.y)' as default values and 'object_3' (192.0.2.a) and 'object_4' (192.0.2.b) as additional values.

    Note

    When you create a new network object, Security Cloud Control auto assigns its value as an override to an existing shared network object with the same name. This is also applicable when a new device is onboarded to Security Cloud Control.

The auto-assignment happens only when the following criteria are met:

  1. The new network object must be assigned to a device.

  2. Only one shared object with the same name and type must be existing in the tenant.

  3. The shared object must already contain overrides.

To resolve inconsistent object issues:

Procedure


Step 1

In the Security Cloud Control navigation bar on the left, click Objects and choose an option.

Step 2

Then filter the objects to find inconsistent object issues.

Step 3

Select an inconsistent object. In the objects details panel, you will see the INCONSISTENT field with the number of objects affected:

Step 4

Click Resolve. Security Cloud Control displays inconsistent objects for you to compare.

Step 5

You now have these options:

  • Ignore All:

    1. Compare the objects presented to you and on one of the objects, click Ignore. Or, to ignore all objects, click Ignore All.

    2. Click OK to confirm.

  • Resolve by merging objects:

    1. Click Resolve by Merging X Objects.

    2. Click Confirm.

  • Rename:

    1. Click Rename.

    2. Save your changes to affected network policies and devices and click Confirm.

  • Convert to Overrides (for inconsistent shared objects): When comparing shared objects with overrides, the comparison panel shows only the default values in the Inconsistent Values field.

    1. Click Convert to Overrides. All inconsistent objects will be converted to a single shared object with overrides.

    2. Click Confirm. You can click Edit Shared Object to view the details of the newly formed object. You can use up and down arrows to move the values between default and override.

  • Convert to Additional Values (for inconsistent network groups):

    1. Click Convert to Additional Values. All inconsistent objects will be converted to a single shared object with additional values.

    2. Save your changes to affected network policies and devices and click Confirm.

Step 6

After resolving the inconsistencies, review and deploy now the changes you made, or wait and deploy multiple changes at once.