Manage Locks for Restricting Configuration Changes
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Manage Locks for Restricting Configuration Changes
You can use configuration locks to prevent
other administrators from changing the candidate configuration or
from committing configuration changes until you manually remove
the lock or the firewall automatically removes it (after a commit).
Locks ensure that administrators don’t make conflicting changes
to the same settings or interdependent settings during concurrent
login sessions.
The firewall queues commit requests
and performs them in the order that administrators initiate the
commits. For details, see Commit,
Validate, and Preview Firewall Configuration Changes. To view
the status of queued commits, see Manage
and Monitor Administrative Tasks.
- View details about current locks.For example, you can check whether other administrators have set locks and read comments they entered to explain the locks.Click the lockLock a configuration.
- Click the lock at the top of the web interface.The lock image varies based on whether existing locks areTake a Lock and select the lock Type:
- Config—Blocks other administrators from changing the candidate configuration.
- Commit—Blocks other administrators from committing changes made to the candidate configuration.
(Firewall with multiple virtual systems only) Select a Location to lock the configuration for a specific virtual system or the Shared location.(Optional) As a best practice, enter a Comment so that other administrators will understand the reason for the lock.Click OK and Close.Unlock a configuration.Only a superuser or the administrator who locked the configuration can manually unlock it. However, the firewall automatically removes a lock after completing the commit operation.- Click the lock at the top of the web interface.Select the lock entry in the list.Click Remove Lock, OK, and Close.Configure the firewall to automatically apply a commit lock when you change the candidate configuration. This setting applies to all administrators.
- Select DeviceSetupManagement and edit the General Settings.Select Automatically Acquire Commit Lock and then click OK and Commit.