A commit is the process of activating pending
changes to the firewall configuration. You can filter pending changes
by administrator or
location and then preview, validate,
or commit only those changes. The locations can be specific virtual
systems, shared policies and objects, or shared device and network
settings.
The firewall queues commit requests so that you
can initiate a new commit while a previous commit is in progress.
The firewall performs the commits in the order they are initiated
but prioritizes auto-commits that are initiated by the firewall
(such as FQDN refreshes). However, if the queue already has the
maximum number of administrator-initiated commits, you must wait
for the firewall to finish processing a pending commit before initiating
a new one. To cancel pending commits or view details about commits
of any status, see
Manage
and Monitor Administrative Tasks.
When you initiate
a commit, the firewall checks the validity of the changes before
activating them. The validation output displays conditions that
either block the commit (errors) or that are important to know (warnings).
For example, validation could indicate an invalid route destination
that you need to fix for the commit to succeed. The validation process
enables you to find and fix errors before you commit (it makes no
changes to the running configuration). This is useful if you have
a fixed commit window and want to be sure the commit will succeed without
errors.
When enabled and managed by a Panorama™ management
server, managed firewalls locally test the configuration committed
locally or pushed from Panorama to verify that the new changes do
not break the connection between Panorama and the managed firewall.
If the committed configuration breaks the connection between Panorama
and a managed firewall, then the firewall automatically fails the
commit and the configuration is reverted to the previous running
configuration. Additionally, firewalls managed by a Panorama management
server test their connection to Panorama every 60 minutes and if
a managed firewalls detects that it can no longer successfully connect
to Panorama, then it reverts its configuration to the previous running
configuration.
The commit, validate, preview, save,
and revert operations apply only to changes made after the last
commit. To restore configurations to the state they were in before
the last commit, you must
load a previously backed up configuration.