Fortinet black logo

Administration Guide

Locks for Restricting Configuration Changes

Locks for Restricting Configuration Changes

Workspace enables locking ADOMs, devices, or policy packages so that an administrator can prevent other administrators from making changes to the elements that they are working in. It can only be enabled or disabled from the CLI.

In Normal mode, ADOMs, or individual devices or policy packages must be locked before policy, object, or device changes can be made. Multiple administrators can lock devices and policy packages within a single, unlocked ADOM at the same time. When an individual device or policy package is locked, other administrators can only lock the ADOM that contains the locked device or policy package by disconnecting the administrator that locked it.

In Workflow mode, only the entire ADOM can be locked. The ADOM must be locked before changes can be made, and a workflow session must be started before policy changes can be made. See Workflow mode.

In both modes, the ADOM must be locked before changes can be made in AP Manager, FortiClient Manager, VPN Manager, and FortiSwitch Manager, and some settings in System Settings.

To enable or disable workspace:
  1. Go to System Settings > Dashboard.
  2. In the CLI Console widget enter the following CLI commands:

    config system global

    set workspace-mode {workflow | normal | disable}

    end

tooltip icon

A green padlock icon indicates that the current administrator locked the element. A red padlock icon indicates that another administrator locked the element.

Locks for Restricting Configuration Changes

Workspace enables locking ADOMs, devices, or policy packages so that an administrator can prevent other administrators from making changes to the elements that they are working in. It can only be enabled or disabled from the CLI.

In Normal mode, ADOMs, or individual devices or policy packages must be locked before policy, object, or device changes can be made. Multiple administrators can lock devices and policy packages within a single, unlocked ADOM at the same time. When an individual device or policy package is locked, other administrators can only lock the ADOM that contains the locked device or policy package by disconnecting the administrator that locked it.

In Workflow mode, only the entire ADOM can be locked. The ADOM must be locked before changes can be made, and a workflow session must be started before policy changes can be made. See Workflow mode.

In both modes, the ADOM must be locked before changes can be made in AP Manager, FortiClient Manager, VPN Manager, and FortiSwitch Manager, and some settings in System Settings.

To enable or disable workspace:
  1. Go to System Settings > Dashboard.
  2. In the CLI Console widget enter the following CLI commands:

    config system global

    set workspace-mode {workflow | normal | disable}

    end

tooltip icon

A green padlock icon indicates that the current administrator locked the element. A red padlock icon indicates that another administrator locked the element.