Click Commit at the top right of the web interface and specify an operation for pending changes to the firewall configuration: commit (activate), validate, or preview . You can filter pending changes by administrator or location and then preview, validate, and commit only those changes. The location can be specific virtual systems, shared policies and objects, or shared device and network settings.
The firewall queues commit requests so that you can initiate a new commit while a previous commit is in progress. The firewall performs the commits in the order they are initiated but prioritizes auto-commits that are initiated by the firewall (such as FQDN refreshes). However, if the queue already has the maximum number of administrator-initiated commits, you must wait for the firewall to finish processing a pending commit before initiating a new one.
Use the Task Manager to cancel commits or see details about commits that are pending, in progress, completed, or failed.
The Commit dialog displays the options described in the following table.
Commit All Changes
Commits all changes for which you have administrative privileges (default). You cannot manually filter the scope of the configuration changes that the firewall commits when you select this option. Instead, the administrator role assigned to the account you used to log in determines the commit scope:
If you have implemented access domains, the firewall automatically applies those domains to filter the commit scope (see Device > Access Domain). Regardless of your administrative role, the firewall commits only the configuration changes in the access domains assigned to your account.
Commit Changes Made By
Filters the scope of the configuration changes the firewall commits. The administrative role assigned to the account you used to log in determines your filtering options:
Filter the commit scope as follows:
If you have implemented access domains, the firewall automatically filters the commit scope based on those domains (see Device > Access Domain). Regardless of your administrative role and your filtering choices, the commit scope includes only the configuration changes in the access domains assigned to your account.
When you commit changes to a virtual system, you must include the changes of all administrators who added, deleted, or repositioned rules for the same rulebase in that virtual system.
Lists the locations that have changes to commit. Whether the list includes all changes or a subset of the changes depends on several factors, as described for Commit All Changes and Commit Changes Made By. The locations can be any of the following:
This column categorizes the locations of pending changes:
Include in Commit
(Partial commit only)
Enables you to select the changes you want to commit. By default, all changes within the Commit Scope are selected. This column displays only after you choose to Commit Changes Made By specific administrators.
There might be dependencies that affect the changes you include in a commit. For example, if you add an object and another administrator then edits that object, you cannot commit the change for the other administrator without also committing your own change.
Group by Location Type
Groups the list of configuration changes in the Commit Scope by Location Type.
Enables you to compare the configurations you selected in the Commit Scope to the running configuration. The preview window uses color coding to indicate which changes are additions (green), modifications (yellow), or deletions (red).
To help you match the changes to sections of the web interface, you can configure the preview window to display Lines of Context before and after each change. These lines are from the files of the candidate and running configurations that you are comparing.
Because the preview results display in a new browser window, your browser must allow pop-ups. If the preview window does not open, refer to your browser documentation for the steps to allow pop-ups.
Lists the individual settings for which you are committing changes. The Change Summary list displays the following information for each setting:
Optionally, you can Group By column name (such as Type).
Validates whether the firewall configuration has correct syntax and is semantically complete. The output includes the same errors and warnings that a commit would display, including rule shadowing and application dependency warnings. The validation process enables you to find and fix errors before you commit (it makes no changes to the running configuration). This is useful if you have a fixed commit window and want to be sure the commit will succeed without errors.
Allows you to enter a description (up to 512 characters) to help other administrators understand what changes you made.
The System log for a commit event will truncate descriptions longer than 512 characters.
Starts the commit or, if other commits are pending, adds your commit to the commit queue.
Commit, Validate, and Preview Firewall Configuration Change...
Commit, Validate, and Preview Firewall Configuration Changes A commit is the process of activating pending changes to the firewall configuration. You can filter pending changes ...
Revert Changes Select Config Revert Changes at the top right of the firewall or Panorama web interface to undo changes made to the candidate configuration ...
Preview, Validate, or Commit Configuration Changes
Preview, Validate, or Commit Configuration Changes You can perform Panorama Commit, Validation, and Preview Operations on pending changes to the Panorama configuration and then push ...
Panorama Commit Operations
Panorama Commit Operations Click Commit at the top right of the web interface and select an operation for pending changes to the Panorama configuration and ...
Save Candidate Configurations
Save Candidate Configurations Select Config Save Changes at the top right of the firewall or Panorama web interface to save a new snapshot file of ...
Save and Export Firewall Configurations
Save and Export Firewall Configurations Saving a backup of the candidate configuration to persistent storage on the firewall enables you to later revert to that ...
Revert Firewall Configuration Changes
Revert Firewall Configuration Changes Revert operations replace settings in the current candidate configuration with settings from another configuration. Reverting changes is useful when you want ...
Panorama Commit, Validation, and Preview Operations
Panorama Commit, Validation, and Preview Operations When you are ready to activate changes that you made to the candidate configuration on Panorama or to push ...
Lock Configurations To help you coordinate configuration tasks with other firewall administrators during concurrent login sessions, the web interface enables you to apply a configuration ...