Fortinet Document Library

Version:


Table of Contents

Related Videos

Workspace Mode for FortiOS Config

  • 721 views
  • 7 months ago

New Features

6.2.0
Download PDF
Copy Link

Workspace Mode

This feature adds a workspace mode to FortiOS, allowing administrators to make a batch of changes that are not implemented until the transaction is committed. Prior to committing, the changes can be reverted or edited as needed without impacting current operations.

When an object is edited in workspace mode it is locked, preventing other administrators from editing that object. A warning message will be shown to let the administrator know that the object is currently being configured in another transaction.

All administrators can use workspace mode; their permissions in workspace mode are the same as defined in their account profile.

A workspace mode transaction times out in five minutes if there is no activity. When a transaction times out, all changes are discarded. A warning message will be shown to let the administrator know that a timeout is imminent, or has already happened:

config transaction id=1 will expire in 30 seconds

config transaction id=1 will expire in 20 seconds

config transaction id=1 will expire in 10 seconds

config transaction id=1 has expired

The following configurations are not changeable in a workspace transaction:

system.console

system.resource-limits

system.elbc

config system global

set split-port

set vdom-admin

set management-vdom

set wireless-mode

set internal-switch-mode

end

config system settings

set opmode

end

system.npu

system.np6

config system wireless

set mode

end

system.vdom-property

system.storage

The execute batch command cannot be used in or to start workspace mode.

To use workspace mode:
  1. Start workspace mode:

    execute config-transaction start

    Once in workspace mode, the administrator can make configuration changes, all of which are made in a local CLI process that is not viewable by other processes.

  2. Commit configuration changes:

    execute config-transaction commit

    After performing the commit, the changes are available for all other processes, and are also made in the kernel.

  3. Abort configuration changes:

    execute config-transaction abort

    If changes are aborted, no changes are made to the current configuration or the kernel.

Diagnose commands

diagnose sys config-transaction show txn-meta

Show config transaction meta information. For example:

# diagnose sys config-transaction show txn-meta

txn_next_id=8, txn_nr=2

 

diagnose sys config-transaction show txn-info

Show config transaction information. For example:

# diagnose sys config-transaction show txn-info

current_jiffies=680372

 

txn_id=6, expire_jiffies=706104, clicmd_fpath='/dev/cmdb/txn/6_EiLl9G.conf'

txn_id=7, expire_jiffies=707427, clicmd_fpath='/dev/cmdb/txn/7_UXK6wY.conf'

 

diagnose sys config-transaction show txn-entity

Show config transaction entity. For example:

# diagnose sys config-transaction show txn-entity

vd='global', cli-node-oid=37(system.vdom), txn_id=7. location: fileid=0, storeid=0, pgnr=0, pgidx=0

vd='global', cli-node-oid=46(system.interface), txn_id=7. location: fileid=3, storeid=0, pgnr=0, pgidx=0

 

diagnose sys config-transaction show txn-lock

Show transaction lock status. For example:

# diagnose sys config-transaction show txn-lock

type=-1, refcnt=0, value=256, pid=128

 

diagnose sys config-transaction status

Show the transaction status in the current CLI.

Related Videos

Workspace Mode for FortiOS Config

  • 721 views
  • 7 months ago

Workspace Mode

This feature adds a workspace mode to FortiOS, allowing administrators to make a batch of changes that are not implemented until the transaction is committed. Prior to committing, the changes can be reverted or edited as needed without impacting current operations.

When an object is edited in workspace mode it is locked, preventing other administrators from editing that object. A warning message will be shown to let the administrator know that the object is currently being configured in another transaction.

All administrators can use workspace mode; their permissions in workspace mode are the same as defined in their account profile.

A workspace mode transaction times out in five minutes if there is no activity. When a transaction times out, all changes are discarded. A warning message will be shown to let the administrator know that a timeout is imminent, or has already happened:

config transaction id=1 will expire in 30 seconds

config transaction id=1 will expire in 20 seconds

config transaction id=1 will expire in 10 seconds

config transaction id=1 has expired

The following configurations are not changeable in a workspace transaction:

system.console

system.resource-limits

system.elbc

config system global

set split-port

set vdom-admin

set management-vdom

set wireless-mode

set internal-switch-mode

end

config system settings

set opmode

end

system.npu

system.np6

config system wireless

set mode

end

system.vdom-property

system.storage

The execute batch command cannot be used in or to start workspace mode.

To use workspace mode:
  1. Start workspace mode:

    execute config-transaction start

    Once in workspace mode, the administrator can make configuration changes, all of which are made in a local CLI process that is not viewable by other processes.

  2. Commit configuration changes:

    execute config-transaction commit

    After performing the commit, the changes are available for all other processes, and are also made in the kernel.

  3. Abort configuration changes:

    execute config-transaction abort

    If changes are aborted, no changes are made to the current configuration or the kernel.

Diagnose commands

diagnose sys config-transaction show txn-meta

Show config transaction meta information. For example:

# diagnose sys config-transaction show txn-meta

txn_next_id=8, txn_nr=2

 

diagnose sys config-transaction show txn-info

Show config transaction information. For example:

# diagnose sys config-transaction show txn-info

current_jiffies=680372

 

txn_id=6, expire_jiffies=706104, clicmd_fpath='/dev/cmdb/txn/6_EiLl9G.conf'

txn_id=7, expire_jiffies=707427, clicmd_fpath='/dev/cmdb/txn/7_UXK6wY.conf'

 

diagnose sys config-transaction show txn-entity

Show config transaction entity. For example:

# diagnose sys config-transaction show txn-entity

vd='global', cli-node-oid=37(system.vdom), txn_id=7. location: fileid=0, storeid=0, pgnr=0, pgidx=0

vd='global', cli-node-oid=46(system.interface), txn_id=7. location: fileid=3, storeid=0, pgnr=0, pgidx=0

 

diagnose sys config-transaction show txn-lock

Show transaction lock status. For example:

# diagnose sys config-transaction show txn-lock

type=-1, refcnt=0, value=256, pid=128

 

diagnose sys config-transaction status

Show the transaction status in the current CLI.