Fortinet white logo
Fortinet white logo

Administration Guide

Workspace mode

Workspace mode

Workspace mode allows administrators to make a batch of changes that are not implemented until the transaction is committed. Prior to committing, the changes can be reverted or edited as needed without impacting current operations.

When an object is edited in workspace mode it is locked, preventing other administrators from editing that object. A warning message will be shown to let the administrator know that the object is currently being configured in another transaction.

All administrators can use workspace mode; their permissions in workspace mode are the same as defined in their account profile.

A workspace mode transaction times out after five minutes if there is no activity. When a transaction times out, all changes are discarded. A warning message will be shown to let the administrator know that a timeout is imminent, or has already happened:

config transaction id=1 will expire in 30 seconds

config transaction id=1 will expire in 20 seconds

config transaction id=1 will expire in 10 seconds

config transaction id=1 has expired

The following commands are not changeable in a workspace transaction:

config system console

config system resource-limits

config system elbc

config system global

set split-port

set vdom-admin

set management-vdom

set wireless-mode

set internal-switch-mode

end

config system settings

set opmode

end

config system npu

config system np6

config system wireless

set mode

end

config system vdom-property

config system storage

The execute batch command cannot be used in or to start workspace mode.

To use workspace mode:
  1. Start workspace mode:

    execute config-transaction

    Once in workspace mode, the administrator can make configuration changes, all of which are made in a local CLI process that is not viewable by other processes.

  2. Commit configuration changes:

    execute config-transaction commit

    After performing the commit, the changes are available for all other processes, and are also made in the kernel.

  3. Abort configuration changes:

    execute config-transaction abort

    If changes are aborted, no changes are made to the current configuration or the kernel.

Diagnose commands

diagnose sys config-transaction show txn-meta

Show config transaction meta information. For example:

# diagnose sys config-transaction show txn-meta

txn_next_id=8, txn_nr=2

diagnose sys config-transaction show txn-info

Show config transaction information. For example:

# diagnose sys config-transaction show txn-info

current_jiffies=680372

txn_id=6, expire_jiffies=706104, clicmd_fpath='/dev/cmdb/txn/6_EiLl9G.conf'

txn_id=7, expire_jiffies=707427, clicmd_fpath='/dev/cmdb/txn/7_UXK6wY.conf'

diagnose sys config-transaction show txn-entity

Show config transaction entity. For example:

# diagnose sys config-transaction show txn-entity

vd='global', cli-node-oid=37(system.vdom), txn_id=7. location: fileid=0, storeid=0, pgnr=0, pgidx=0

vd='global', cli-node-oid=46(system.interface), txn_id=7. location: fileid=3, storeid=0, pgnr=0, pgidx=0

diagnose sys config-transaction show txn-lock

Show transaction lock status. For example:

# diagnose sys config-transaction show txn-lock

type=-1, refcnt=0, value=256, pid=128

diagnose sys config-transaction status

Show the transaction status in the current CLI.

Related Videos

sidebar video

Workspace Mode for FortiOS Config

  • 1,542 views
  • 5 years ago

Workspace mode

Workspace mode

Workspace mode allows administrators to make a batch of changes that are not implemented until the transaction is committed. Prior to committing, the changes can be reverted or edited as needed without impacting current operations.

When an object is edited in workspace mode it is locked, preventing other administrators from editing that object. A warning message will be shown to let the administrator know that the object is currently being configured in another transaction.

All administrators can use workspace mode; their permissions in workspace mode are the same as defined in their account profile.

A workspace mode transaction times out after five minutes if there is no activity. When a transaction times out, all changes are discarded. A warning message will be shown to let the administrator know that a timeout is imminent, or has already happened:

config transaction id=1 will expire in 30 seconds

config transaction id=1 will expire in 20 seconds

config transaction id=1 will expire in 10 seconds

config transaction id=1 has expired

The following commands are not changeable in a workspace transaction:

config system console

config system resource-limits

config system elbc

config system global

set split-port

set vdom-admin

set management-vdom

set wireless-mode

set internal-switch-mode

end

config system settings

set opmode

end

config system npu

config system np6

config system wireless

set mode

end

config system vdom-property

config system storage

The execute batch command cannot be used in or to start workspace mode.

To use workspace mode:
  1. Start workspace mode:

    execute config-transaction

    Once in workspace mode, the administrator can make configuration changes, all of which are made in a local CLI process that is not viewable by other processes.

  2. Commit configuration changes:

    execute config-transaction commit

    After performing the commit, the changes are available for all other processes, and are also made in the kernel.

  3. Abort configuration changes:

    execute config-transaction abort

    If changes are aborted, no changes are made to the current configuration or the kernel.

Diagnose commands

diagnose sys config-transaction show txn-meta

Show config transaction meta information. For example:

# diagnose sys config-transaction show txn-meta

txn_next_id=8, txn_nr=2

diagnose sys config-transaction show txn-info

Show config transaction information. For example:

# diagnose sys config-transaction show txn-info

current_jiffies=680372

txn_id=6, expire_jiffies=706104, clicmd_fpath='/dev/cmdb/txn/6_EiLl9G.conf'

txn_id=7, expire_jiffies=707427, clicmd_fpath='/dev/cmdb/txn/7_UXK6wY.conf'

diagnose sys config-transaction show txn-entity

Show config transaction entity. For example:

# diagnose sys config-transaction show txn-entity

vd='global', cli-node-oid=37(system.vdom), txn_id=7. location: fileid=0, storeid=0, pgnr=0, pgidx=0

vd='global', cli-node-oid=46(system.interface), txn_id=7. location: fileid=3, storeid=0, pgnr=0, pgidx=0

diagnose sys config-transaction show txn-lock

Show transaction lock status. For example:

# diagnose sys config-transaction show txn-lock

type=-1, refcnt=0, value=256, pid=128

diagnose sys config-transaction status

Show the transaction status in the current CLI.