Validate, and Preview Firewall Configuration Changes
A commit is the process of activating changes that you made to the firewall configuration. The firewall queues commit operations in the order you and other administrators initiate them. If the queue already has the maximum number of commits (which varies by platform), you must wait for the firewall to process a pending commit before initiating a new commit. To cancel pending commits or view details about commits of any status, see Manage and Monitor Administrative Tasks. To check which changes a commit will activate, you can run a commit preview.
For details on candidate and running configurations, see Manage Configuration Backups.
To prevent multiple administrators from making configuration changes during concurrent sessions, see Manage Locks for Restricting Configuration Changes.
When you initiate a commit, the firewall checks the validity of the changes before activating them. The validation output displays conditions that either block the commit (errors) or that are important to know but that do not block the commit (warnings). For example, validation could indicate an invalid route destination that you need to fix for the commit to succeed. To identify and fix configuration errors before initiating a commit, you can validate changes without committing. A pre-commit validation displays the same errors and warnings as a commit, including reference errors, rule shadowing, and application dependency warnings. Pre-commit validations are useful if your organization allows commits only within certain time windows; you can find and fix errors to avoid failures that could cause you to miss a commit window.
- Configure the commit, validation, or preview options.
- ClickCommitat the top of the web interface.
- (Optional) Exclude certain types of configuration changes. These options are included (enabled) by default.If dependencies between the configuration changes you included and excluded cause a validation error, perform the commit with all the changes included. For example, if your changes introduce a new Log Forwarding profile (an object) that references a new Syslog server profile (a device setting), the commit must include both the policy and object configuration and the device and network configuration.
- Include Device and Network configuration
- Include Policy and Object configuration—This is available only on firewalls for which multiple virtual systems capability is disabled.
- Include Shared Object configuration—This is available only on firewalls with multiple virtual systems.
- Include Virtual System configuration—This is available only on firewalls with multiple virtual systems.Select All virtual systems(default) orSelect one or more virtual systemsin the list.
- (Optional) Enter aDescriptionfor the commit. A brief summary of what changed in the configuration is useful to other administrators who want to know what changes were made without performing a configuration audit.
- (Optional) Preview the changes that the commit will activate. This can be useful if, for example, you don’t remember all your changes and you’re not sure you want to activate all of them.The firewall displays the changes in a new window that shows the running and candidate configurations side by side using colors to highlight the differences line by line.
- ClickPreview Changes.
- Select theLines of Context, which is the number of lines from the compared configuration files to display before and after each highlighted difference. These additional lines help you correlate the preview output to settings in the web interface.Because the preview results display in a new window, your browser must allow pop-up windows. If the preview window does not open, refer to your browser documentation for the steps to unblock pop-up windows.
- Close the preview window when you finish reviewing the changes.
- (Optional) Validate the changes before you commit to ensure the commit will succeed.
- ClickValidate Changes. The results display all the errors and warnings that an actual commit would display.
- Resolve any errors that the validation results identify.
- Commit your configuration changes.ClickCommit.
Recommended For You
Recommended videos not found.