Fortinet white logo
Fortinet white logo

Administration Guide

Locking an individual policy

Locking an individual policy

In workspace mode, administrators can lock individual policies, except for policies used by policy blocks. You cannot lock an individual policy when the policy is used in a policy block.

If you want to modify a policy, you don't need to lock the entire policy package. Once you lock a policy, a padlock icon appears beside the policy. Others are now unable to modify your policy or lock the policy package where the locked policy is in, and unable to lock the ADOM.

You cannot lock an individual policy when the policy it is used in a policy block.

If you move your cursor to the padlock icon, you can see who locked the policy and the time at which it was locked.

To enable per-policy lock in the GUI:
  1. Go to System Settings > Advanced > Workspace.
  2. Enable Workspace mode.
  3. Toggle the Per-Policy Lock setting to the ON position.
To enable per policy lock in the CLI:
  1. In the CLI Console widget enter the following CLI commands:

    config system global

    set per-policy-lock enable

    end

To lock a policy:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the policy package list, select the policy package, and right-click on the policy and select Edit.

    The Edit IPv4 Policy pane opens.

  4. In the Edit IPv4 Policy pane, modify the name and then click OK.

    A padlock icon in the locked state is shown next to the policy name to indicate that it is locked.

    You can still lock the policy package or the whole ADOM with confirmation.

    Other administrators are now unable to make changes to this policy or the policy package, and cannot lock the ADOM without first forcing you to disconnect.

  5. Click Save in the toolbar to save your changes.
tooltip icon

A green padlock icon next to the sequence number of the policy indicates that the current administrator locked the policy. A red padlock icon indicates that another administrator locked the policy.

Sequence lock:

If you add two or more policies, a sequence lock appears at the top. The sequence lock ensures that the order of the policies is managed by one administrator at any given time, other administrators see a red padlock icon at the top.

Once you save your changes, the sequence lock disappears allowing other administrators to change the order of the policies.

If an administrator sets up a sequence lock, other administrators can neither create a new policy nor insert a policy. They can however, edit an existing policy.

Locking an individual policy

Locking an individual policy

In workspace mode, administrators can lock individual policies, except for policies used by policy blocks. You cannot lock an individual policy when the policy is used in a policy block.

If you want to modify a policy, you don't need to lock the entire policy package. Once you lock a policy, a padlock icon appears beside the policy. Others are now unable to modify your policy or lock the policy package where the locked policy is in, and unable to lock the ADOM.

You cannot lock an individual policy when the policy it is used in a policy block.

If you move your cursor to the padlock icon, you can see who locked the policy and the time at which it was locked.

To enable per-policy lock in the GUI:
  1. Go to System Settings > Advanced > Workspace.
  2. Enable Workspace mode.
  3. Toggle the Per-Policy Lock setting to the ON position.
To enable per policy lock in the CLI:
  1. In the CLI Console widget enter the following CLI commands:

    config system global

    set per-policy-lock enable

    end

To lock a policy:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the policy package list, select the policy package, and right-click on the policy and select Edit.

    The Edit IPv4 Policy pane opens.

  4. In the Edit IPv4 Policy pane, modify the name and then click OK.

    A padlock icon in the locked state is shown next to the policy name to indicate that it is locked.

    You can still lock the policy package or the whole ADOM with confirmation.

    Other administrators are now unable to make changes to this policy or the policy package, and cannot lock the ADOM without first forcing you to disconnect.

  5. Click Save in the toolbar to save your changes.
tooltip icon

A green padlock icon next to the sequence number of the policy indicates that the current administrator locked the policy. A red padlock icon indicates that another administrator locked the policy.

Sequence lock:

If you add two or more policies, a sequence lock appears at the top. The sequence lock ensures that the order of the policies is managed by one administrator at any given time, other administrators see a red padlock icon at the top.

Once you save your changes, the sequence lock disappears allowing other administrators to change the order of the policies.

If an administrator sets up a sequence lock, other administrators can neither create a new policy nor insert a policy. They can however, edit an existing policy.