1. Home
    2. PAN-OS
    3. PAN-OS® Administrator’s Guide
    4. Firewall Administration
    5. Use the Web Interface
    6. Commit, Validate, and Preview Firewall Configuration Changes

    Commit, Validate, and Preview Firewall Configuration Changes

    A commit is the process of activating pending changes to the firewall configuration. You can filter pending changes by administrator or location and then preview, validate, or commit only those changes. The locations can be specific virtual systems, shared policies and objects, or shared device and network settings.
    The firewall queues commit requests so that you can initiate a new commit while a previous commit is in progress. The firewall performs the commits in the order they are initiated but prioritizes auto-commits that are initiated by the firewall (such as FQDN refreshes). However, if the queue already has the maximum number of administrator-initiated commits, you must wait for the firewall to finish processing a pending commit before initiating a new one. To cancel pending commits or view details about commits of any status, see Manage and Monitor Administrative Tasks.
    When you initiate a commit, the firewall checks the validity of the changes before activating them. The validation output displays conditions that either block the commit (errors) or that are important to know (warnings). For example, validation could indicate an invalid route destination that you need to fix for the commit to succeed. The validation process enables you to find and fix errors before you commit (it makes no changes to the running configuration). This is useful if you have a fixed commit window and want to be sure the commit will succeed without errors.
    The commit, validate, preview, save, and revert operations apply only to changes made after the last commit. To restore configurations to the state they were in before the last commit, you must load a previously backed up configuration.
    To prevent multiple administrators from making configuration changes during concurrent sessions, see Manage Locks for Restricting Configuration Changes.
    1. Configure the scope of configuration changes that you will commit, validate, or preview.
      1. Click Commit at the top of the web interface.
      2. Select one of the following options:
        • Commit All Changes (default)—Applies the commit to all changes for which you have administrative privileges. You cannot manually filter the commit scope when you select this option. Instead, the administrator role assigned to the account you used to log in determines the commit scope.
        • Commit Changes Made By—Enables you to filter the commit scope by administrator or location. The administrative role assigned to the account you used to log in determines which changes you can filter.
        To commit the changes of other administrators, the account you used to log in must be assigned the Superuser role or an Admin Role profile with the Commit For Other Admins privilege enabled.
      3. (Optional) To filter the commit scope by administrator, select Commit Changes Made By, click the adjacent link, select the administrators, and click OK.
      4. (Optional) To filter by location, select Commit Changes Made By and clear any changes that you want to exclude from the Commit Scope.
        If dependencies between the configuration changes you included and excluded cause a validation error, perform the commit with all the changes included. For example, when you commit changes to a virtual system, you must include the changes of all administrators who added, deleted, or repositioned rules for the same rulebase in that virtual system.
    2. Preview the changes that the commit will activate.
      This can be useful if, for example, you don’t remember all your changes and you’re not sure you want to activate all of them.
      The firewall compares the configurations you selected in the Commit Scope to the running configuration. The preview window displays the configurations side-by-side and uses color coding to indicate which changes are additions (green), modifications (yellow), or deletions (red).
      Preview Changes and select the Lines of Context, which is the number of lines from the compared configuration files to display before and after each highlighted difference. These additional lines help you correlate the preview output to settings in the web interface. Close the preview window when you finish reviewing the changes.
      Because the preview results display in a new browser window, your browser must allow pop-ups. If the preview window does not open, refer to your browser documentation for the steps to allow pop-ups.
    3. Preview the individual settings for which you are committing changes.
      This can be useful if you want to know details about the changes, such as the types of settings and who changed them.
      1. Click Change Summary.
      2. (Optional) Group By a column name (such as the Type of setting).
      3. Close the Change Summary dialog when you finish reviewing the changes.
    4. Validate the changes before you commit to ensure the commit will succeed.
      1. Validate Changes.
        The results display all the errors and warnings that an actual commit would display.
      2. Resolve any errors that the validation results identify.
    5. Commit your configuration changes.
      Commit your changes to validate and activate them.
      To view details about commits that are pending (which you can still cancel), in progress, completed, or failed, see Manage and Monitor Administrative Tasks.

    Related Documentation

    Preview, Validate, or Commit Configuration Changes

    Preview, Validate, or Commit Configuration Changes You can perform Panorama Commit, Validation, and Preview Operations on pending changes to the Panorama configuration and then push ...

    Commit Changes

    Commit Changes Click Commit at the top right of the web interface and specify an operation for pending changes to the firewall configuration: commit (activate), ...

    Panorama Commit, Validation, and Preview Operations

    Panorama Commit, Validation, and Preview Operations When you are ready to activate changes that you made to the candidate configuration on Panorama or to push ...

    Panorama Commit Operations

    Panorama Commit Operations Click Commit at the top right of the web interface and select an operation for pending changes to the Panorama configuration and ...

    Revert Changes

    Revert Changes Select Config Revert Changes at the top right of the firewall or Panorama web interface to undo changes made to the candidate configuration ...

    Commit Configuration Changes

    Commit Configuration Changes Any change in the Palo Alto Networks device configuration is first written to the candidate configuration. The change only takes effect on ...

    Save and Export Firewall Configurations

    Save and Export Firewall Configurations Saving a backup of the candidate configuration to persistent storage on the firewall enables you to later revert to that ...

    Save Candidate Configurations

    Save Candidate Configurations Select Config Save Changes at the top right of the firewall or Panorama web interface to save a new snapshot file of ...

    Manage Panorama and Firewall Configuration Backups

    Manage Panorama and Firewall Configuration Backups The running configuration on Panorama comprises all the settings that you have committed and that are therefore active. The ...

    Manage Configuration Backups

    Manage Configuration Backups The running configuration on the firewall comprises all settings you have committed and that are therefore active, such as policy rules that ...

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo