Fortinet black logo

Administration Guide

Lock an individual policy

Lock an individual policy

In normal workspace mode, administrators can lock individual policies.

If you want to modify a policy, you don't need to lock the entire policy package. Once you lock a policy, a padlock icon appears beside the policy. Others are now unable to modify your policy or lock the policy package where the locked policy is in, and unable to lock the ADOM.

If you move your cursor to the padlock icon, you can see who locked the policy and the time at which it was locked.

To enable per policy lock:

Per policy lock can only be enabled via the CLI.

  1. In the CLI Console widget enter the following CLI commands:

    config system global

    set per-policy-lock enable

    end

To lock a policy:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the policy package list, select the policy package, and right-click on the policy and select Edit.

    The Edit IPv4 Policy pane opens.

  4. In the Edit IPv4 Policy pane, modify the name and then click OK.

    A padlock icon in the locked state is shown next to the policy name to indicate that it is locked.

    You can still lock the policy package or the whole ADOM with confirmation.

    Other administrators are now unable to make changes to this policy or the policy package, and cannot lock the ADOM without first forcing you to disconnect.

  5. Click Save in the toolbar to save your changes.
tooltip icon

A green padlock icon next to the sequence number of the policy indicates that the current administrator locked the policy. A red padlock icon indicates that another administrator locked the policy.

Sequence lock:

If you add two or more policies, a sequence lock appears at the top. The sequence lock ensures that the order of the policies is managed by one administrator at any given time, other administrators see a red padlock icon at the top.

Once you save your changes, the sequence lock disappears allowing other administrators to change the order of the policies.

If an administrator sets up a sequence lock, other administrators can neither create a new policy nor insert a policy. They can however, edit an existing policy.

Lock an individual policy

In normal workspace mode, administrators can lock individual policies.

If you want to modify a policy, you don't need to lock the entire policy package. Once you lock a policy, a padlock icon appears beside the policy. Others are now unable to modify your policy or lock the policy package where the locked policy is in, and unable to lock the ADOM.

If you move your cursor to the padlock icon, you can see who locked the policy and the time at which it was locked.

To enable per policy lock:

Per policy lock can only be enabled via the CLI.

  1. In the CLI Console widget enter the following CLI commands:

    config system global

    set per-policy-lock enable

    end

To lock a policy:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the policy package list, select the policy package, and right-click on the policy and select Edit.

    The Edit IPv4 Policy pane opens.

  4. In the Edit IPv4 Policy pane, modify the name and then click OK.

    A padlock icon in the locked state is shown next to the policy name to indicate that it is locked.

    You can still lock the policy package or the whole ADOM with confirmation.

    Other administrators are now unable to make changes to this policy or the policy package, and cannot lock the ADOM without first forcing you to disconnect.

  5. Click Save in the toolbar to save your changes.
tooltip icon

A green padlock icon next to the sequence number of the policy indicates that the current administrator locked the policy. A red padlock icon indicates that another administrator locked the policy.

Sequence lock:

If you add two or more policies, a sequence lock appears at the top. The sequence lock ensures that the order of the policies is managed by one administrator at any given time, other administrators see a red padlock icon at the top.

Once you save your changes, the sequence lock disappears allowing other administrators to change the order of the policies.

If an administrator sets up a sequence lock, other administrators can neither create a new policy nor insert a policy. They can however, edit an existing policy.