Commitat the top right of the web interface and specify an operation for pending changes to the firewall configuration: commit (activate), validate, or preview . You can filter pending changes by administrator or
locationand then preview, validate, and commit only those changes. The location can be specific virtual systems, shared policies and objects, or shared device and network settings.
The firewall queues commit requests so that you can initiate a new commit while a previous commit is in progress. The firewall performs the commits in the order they are initiated but prioritizes auto-commits that are initiated by the firewall (such as FQDN refreshes). However, if the queue already has the maximum number of administrator-initiated commits, you must wait for the firewall to finish processing a pending commit before initiating a new one.
Use the Task Manager to cancel commits or see details about commits that are pending, in progress, completed, or failed.
The Commit dialog displays the options described in the following table.
Commit All Changes
Commits all changes for which you have administrative privileges (default). You cannot manually filter the scope of the configuration changes that the firewall commits when you select this option. Instead, the administrator role assigned to the account you used to log in determines the commit scope:
If you have implemented access domains, the firewall automatically applies those domains to filter the commit scope (see Device > Access Domain). Regardless of your administrative role, the firewall commits only the configuration changes in the access domains assigned to your account.
Commit Changes Made By
Filters the scope of the configuration changes the firewall commits. The administrative role assigned to the account you used to log in determines your filtering options:
Filter the commit scope as follows:
If you have implemented access domains, the firewall automatically filters the commit scope based on those domains (see Device > Access Domain). Regardless of your administrative role and your filtering choices, the commit scope includes only the configuration changes in the access domains assigned to your account.
When you commit changes to a virtual system, you must include the changes of all administrators who added, deleted, or repositioned rules for the same rulebase in that virtual system.
This column categorizes the locations of pending changes:
Include in Commit
Partial commit only)
Enables you to select the changes you want to commit. By default, all changes within the
Commit Scopeare selected. This column displays only after you choose to
Commit Changes Made Byspecific administrators.
There might be dependencies that affect the changes you include in a commit. For example, if you add an object and another administrator then edits that object, you cannot commit the change for the other administrator without also committing your own change.
Group by Location Type
Groups the list of configuration changes in the
Enables you to compare the configurations you selected in the
Commit Scopeto the running configuration. The preview window uses color coding to indicate which changes are additions (green), modifications (yellow), or deletions (red).
To help you match the changes to sections of the web interface, you can configure the preview window to display
Lines of Contextbefore and after each change. These lines are from the files of the candidate and running configurations that you are comparing.
Because the preview results display in a new browser window, your browser must allow pop-ups. If the preview window does not open, refer to your browser documentation for the steps to allow pop-ups.
Lists the individual settings for which you are committing changes. The
Change Summarylist displays the following information for each setting:
Optionally, you can
Group Bycolumn name (such as
Validates whether the firewall configuration has correct syntax and is semantically complete. The output includes the same errors and warnings that a commit would display, including rule shadowing and application dependency warnings. The validation process enables you to find and fix errors before you commit (it makes no changes to the running configuration). This is useful if you have a fixed commit window and want to be sure the commit will succeed without errors.
Allows you to enter a description (up to 512 characters) to help other administrators understand what changes you made.
The System log for a commit event will truncate descriptions longer than 512 characters.
Starts the commit or, if other commits are pending, adds your commit to the commit queue.