Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Related Videos

sidebar video

FortiManager Policy Granularity

  • 357 views
  • 1 years ago
sidebar video

FortiManager Per Policy Lock

  • 643 views
  • 1 years ago

New Features

Download PDF
Copy Link

Per policy lock

In normal workspace mode, you can lock individual policies.

If you want to modify a policy, you don't need to lock the entire policy package. Once you lock a policy, a padlock icon appears beside the policy. Others are now unable to modify your policy or lock the policy package where the locked policy is located, and unable to lock the ADOM.

If you hover your cursor over the padlock icon, you can see who locked the policy and the time at which it was locked.

To enable per policy lock:
  1. Go to System Settings > Workspace.

    The Workspace Settings pane opens.

  2. In the Workspace Settings pane, select the Mode as Workspace and enable Per-Policy lock.
  3. Click Apply.
To enable per policy lock via the CLI:
  1. In the CLI Console widget enter the following CLI commands:

    config system global

    set workspace-mode normal

    set per-policy-lock enable

    end

To lock a policy:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the policy package list, select the policy package, and right-click on the policy and select Edit.

    The Edit IPv4 Policy pane opens.

  4. In the Edit IPv4 Policy pane, modify the policy and then click OK.

    A green padlock icon in the locked state is shown next to the policy name to indicate that it is locked by the current user.

    Others see a red padlock icon with details indicating that this policy was locked by some other user.

    Once you lock a policy, other users cannot modify this policy, but they can still modify other unlocked policies.

    For instance, here, user2 is unable to edit policy 2 as it was locked by the other user.

    You can still lock the policy package or the whole ADOM with confirmation.

    Other users are now unable to make changes to this policy package and cannot lock the ADOM.

  5. Click Save in the toolbar to save your changes.
Sequence lock:

A policy sequence can be locked by creating, deleting, moving, cloning, or inserting policies.

The sequence lock ensures that the order of the policies is managed by one user at any given time.

If you set up a sequence lock, you see a green padlock icon at the top.

Other users see a red padlock icon at the top and cannot create, delete, clone, or insert policies, but they can still modify existing unlocked policies.

Once a sequence is locked, others are unable to lock the related policy package and ADOM.

Related Videos

sidebar video

FortiManager Policy Granularity

  • 357 views
  • 1 years ago
sidebar video

FortiManager Per Policy Lock

  • 643 views
  • 1 years ago

Per policy lock

In normal workspace mode, you can lock individual policies.

If you want to modify a policy, you don't need to lock the entire policy package. Once you lock a policy, a padlock icon appears beside the policy. Others are now unable to modify your policy or lock the policy package where the locked policy is located, and unable to lock the ADOM.

If you hover your cursor over the padlock icon, you can see who locked the policy and the time at which it was locked.

To enable per policy lock:
  1. Go to System Settings > Workspace.

    The Workspace Settings pane opens.

  2. In the Workspace Settings pane, select the Mode as Workspace and enable Per-Policy lock.
  3. Click Apply.
To enable per policy lock via the CLI:
  1. In the CLI Console widget enter the following CLI commands:

    config system global

    set workspace-mode normal

    set per-policy-lock enable

    end

To lock a policy:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the policy package list, select the policy package, and right-click on the policy and select Edit.

    The Edit IPv4 Policy pane opens.

  4. In the Edit IPv4 Policy pane, modify the policy and then click OK.

    A green padlock icon in the locked state is shown next to the policy name to indicate that it is locked by the current user.

    Others see a red padlock icon with details indicating that this policy was locked by some other user.

    Once you lock a policy, other users cannot modify this policy, but they can still modify other unlocked policies.

    For instance, here, user2 is unable to edit policy 2 as it was locked by the other user.

    You can still lock the policy package or the whole ADOM with confirmation.

    Other users are now unable to make changes to this policy package and cannot lock the ADOM.

  5. Click Save in the toolbar to save your changes.
Sequence lock:

A policy sequence can be locked by creating, deleting, moving, cloning, or inserting policies.

The sequence lock ensures that the order of the policies is managed by one user at any given time.

If you set up a sequence lock, you see a green padlock icon at the top.

Other users see a red padlock icon at the top and cannot create, delete, clone, or insert policies, but they can still modify existing unlocked policies.

Once a sequence is locked, others are unable to lock the related policy package and ADOM.