This feature adds a workspace mode to FortiOS, allowing administrators to make a batch of changes that are not implemented until the transaction is committed. Prior to committing, the changes can be reverted or edited as needed without impacting current operations.
When an object is edited in workspace mode it is locked, preventing other administrators from editing that object. A warning message will be shown to let the administrator know that the object is currently being configured in another transaction.
All administrators can use workspace mode; their permissions in workspace mode are the same as defined in their account profile.
A workspace mode transaction times out in five minutes if there is no activity. When a transaction times out, all changes are discarded. A warning message will be shown to let the administrator know that a timeout is imminent, or has already happened:
config transaction id=1 will expire in 30 seconds
config transaction id=1 will expire in 20 seconds
config transaction id=1 will expire in 10 seconds
config transaction id=1 has expired
The following configurations are not changeable in a workspace transaction:
config system global
config system settings
config system wireless
execute batch command cannot be used in or to start workspace mode.
To use workspace mode:
- Start workspace mode:
execute config-transaction start
Once in workspace mode, the administrator can make configuration changes, all of which are made in a local CLI process that is not viewable by other processes.
- Commit configuration changes:
execute config-transaction commit
After performing the commit, the changes are available for all other processes, and are also made in the kernel.
- Abort configuration changes:
execute config-transaction abort
If changes are aborted, no changes are made to the current configuration or the kernel.
diagnose sys config-transaction show txn-meta
Show config transaction meta information. For example:
# diagnose sys config-transaction show txn-meta
diagnose sys config-transaction show txn-info
Show config transaction information. For example:
# diagnose sys config-transaction show txn-info
txn_id=6, expire_jiffies=706104, clicmd_fpath='/dev/cmdb/txn/6_EiLl9G.conf'
txn_id=7, expire_jiffies=707427, clicmd_fpath='/dev/cmdb/txn/7_UXK6wY.conf'
diagnose sys config-transaction show txn-entity
Show config transaction entity. For example:
# diagnose sys config-transaction show txn-entity
vd='global', cli-node-oid=37(system.vdom), txn_id=7. location: fileid=0, storeid=0, pgnr=0, pgidx=0
vd='global', cli-node-oid=46(system.interface), txn_id=7. location: fileid=3, storeid=0, pgnr=0, pgidx=0
diagnose sys config-transaction show txn-lock
Show transaction lock status. For example:
# diagnose sys config-transaction show txn-lock
type=-1, refcnt=0, value=256, pid=128
diagnose sys config-transaction status
Show the transaction status in the current CLI.